BookStack Code Mirror - bookstack/blobdiff - tests/Permissions/RolesTest.php

index 423db1bf0343e4e12901f8e73788cb3ca8e6d151..2ef72fb0aef8999403553d00819ae59ea9a2acf4 100644 (file)

--- a/tests/Permissions/RolesTest.php

+++ b/tests/Permissions/RolesTest.php

@@ -11,7 +11,7 @@ class RolesTest extends BrowserKitTest

{

protected $user;

- public function setUp()

+ public function setUp(): void

{

parent::setUp();

$this->user = $this->getViewer();

@@ -119,6 +119,43 @@ class RolesTest extends BrowserKitTest

$this->actingAs($this->user)->visit('/')->dontSee($usersLink);

}

+ public function test_user_cannot_change_email_unless_they_have_manage_users_permission()

+ {

+ $userProfileUrl = '/settings/users/' . $this->user->id;

+ $originalEmail = $this->user->email;

+ $this->actingAs($this->user);

+ $this->visit($userProfileUrl)

+ ->assertResponseOk()

+ ->seeElement('input[name=email][disabled]');

+ $this->put($userProfileUrl, [

+ 'name' => 'my_new_name',

+ 'email' => '[email protected]',

+ ]);

+ $this->seeInDatabase('users', [

+ 'id' => $this->user->id,

+ 'email' => $originalEmail,

+ 'name' => 'my_new_name',

+ ]);

+ $this->giveUserPermissions($this->user, ['users-manage']);

+ $this->visit($userProfileUrl)

+ ->assertResponseOk()

+ ->dontSeeElement('input[name=email][disabled]')

+ ->seeElement('input[name=email]');

+ $this->put($userProfileUrl, [

+ 'name' => 'my_new_name_2',

+ 'email' => '[email protected]',

+ ]);

+ $this->seeInDatabase('users', [

+ 'id' => $this->user->id,

+ 'email' => '[email protected]',

+ 'name' => 'my_new_name_2',

+ ]);

+ }

public function test_user_roles_manage_permission()

{

$this->actingAs($this->user)->visit('/settings/roles')

@@ -215,7 +252,7 @@ class RolesTest extends BrowserKitTest

$this->checkAccessPermission('bookshelf-create-all', [

'/create-shelf'

], [

- '/shelves' => 'Create New Shelf'

+ '/shelves' => 'New Shelf'

]);

$this->visit('/create-shelf')

@@ -600,14 +637,14 @@ class RolesTest extends BrowserKitTest

$ownPage->getUrl() => 'Delete'

]);

- $bookUrl = $ownPage->book->getUrl();

+ $parent = $ownPage->chapter ?? $ownPage->book;

$this->visit($otherPage->getUrl())

->dontSeeInElement('.action-buttons', 'Delete')

->visit($otherPage->getUrl() . '/delete')

->seePageIs('/');

$this->visit($ownPage->getUrl())->visit($ownPage->getUrl() . '/delete')

->press('Confirm')

- ->seePageIs($bookUrl)

+ ->seePageIs($parent->getUrl())

->dontSeeInElement('.book-content', $ownPage->name);

}

@@ -621,10 +658,10 @@ class RolesTest extends BrowserKitTest

$otherPage->getUrl() => 'Delete'

]);

- $bookUrl = $otherPage->book->getUrl();

+ $parent = $otherPage->chapter ?? $otherPage->book;

$this->visit($otherPage->getUrl())->visit($otherPage->getUrl() . '/delete')

->press('Confirm')

- ->seePageIs($bookUrl)

+ ->seePageIs($parent->getUrl())

->dontSeeInElement('.book-content', $otherPage->name);

}