$this->asAdmin()->visit('/settings')
->click('Roles')
->seePageIs('/settings/roles')
- ->click('Add new role')
+ ->click('Create New Role')
->type('Test Role', 'display_name')
->type('A little test description', 'description')
->press('Save Role')
$this->checkAccessPermission('book-create-all', [
'/books/create'
], [
- '/books' => 'Add new book'
+ '/books' => 'Create New Book'
]);
$this->visit('/books/create')
->dontSeeInElement('.book-content', $otherPage->name);
}
- public function test_public_role_not_visible_in_user_edit_screen()
+ public function test_public_role_visible_in_user_edit_screen()
{
$user = \BookStack\User::first();
$this->asAdmin()->visit('/settings/users/' . $user->id)
->seeElement('#roles-admin')
- ->dontSeeElement('#roles-public');
+ ->seeElement('#roles-public');
}
- public function test_public_role_not_visible_in_role_listing()
+ public function test_public_role_visible_in_role_listing()
{
$this->asAdmin()->visit('/settings/roles')
->see('Admin')
- ->dontSee('Public');
+ ->see('Public');
}
- public function test_public_role_not_visible_in_default_role_setting()
+ public function test_public_role_visible_in_default_role_setting()
{
$this->asAdmin()->visit('/settings')
->seeElement('[data-role-name="admin"]')
- ->dontSeeElement('[data-role-name="public"]');
+ ->seeElement('[data-role-name="public"]');
}
+ public function test_public_role_not_deleteable()
+ {
+ $this->asAdmin()->visit('/settings/roles')
+ ->click('Public')
+ ->see('Edit Role')
+ ->click('Delete Role')
+ ->press('Confirm')
+ ->see('Delete Role')
+ ->see('Cannot be deleted');
+ }
+
+
+
+ public function test_image_delete_own_permission()
+ {
+ $this->giveUserPermissions($this->user, ['image-update-all']);
+ $page = \BookStack\Page::first();
+ $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]);
+
+ $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+ ->seeStatusCode(403);
+
+ $this->giveUserPermissions($this->user, ['image-delete-own']);
+
+ $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+ ->seeStatusCode(200)
+ ->dontSeeInDatabase('images', ['id' => $image->id]);
+ }
+
+ public function test_image_delete_all_permission()
+ {
+ $this->giveUserPermissions($this->user, ['image-update-all']);
+ $admin = $this->getAdmin();
+ $page = \BookStack\Page::first();
+ $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]);
+
+ $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+ ->seeStatusCode(403);
+
+ $this->giveUserPermissions($this->user, ['image-delete-own']);
+
+ $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+ ->seeStatusCode(403);
+
+ $this->giveUserPermissions($this->user, ['image-delete-all']);
+
+ $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+ ->seeStatusCode(200)
+ ->dontSeeInDatabase('images', ['id' => $image->id]);
+ }
+
}