BookStack Code Mirror - bookstack/blobdiff - tests/Api/PagesApiTest.php

index f857db96d83af38659e85cbb71fd348516ee98b6..ced8954eb1149490c9a88ac01be2a2d3c664cf45 100644 (file)

--- a/tests/Api/PagesApiTest.php

+++ b/tests/Api/PagesApiTest.php

@@ -2,7 +2,6 @@

namespace Tests\Api;

-use BookStack\Entities\Models\Book;

use BookStack\Entities\Models\Chapter;

use BookStack\Entities\Models\Page;

use Carbon\Carbon;

use BookStack\Entities\Models\Chapter;

use BookStack\Entities\Models\Page;

use Carbon\Carbon;

@@ -28,6 +27,10 @@ class PagesApiTest extends TestCase

'slug' => $firstPage->slug,

'book_id' => $firstPage->book->id,

'priority' => $firstPage->priority,

'slug' => $firstPage->slug,

'book_id' => $firstPage->book->id,

'priority' => $firstPage->priority,

+ 'owned_by' => $firstPage->owned_by,

+ 'created_by' => $firstPage->created_by,

+ 'updated_by' => $firstPage->updated_by,

+ 'revision_count' => $firstPage->revision_count,

]]);

}

]]);

}

@@ -35,7 +38,7 @@ class PagesApiTest extends TestCase

public function test_create_endpoint()

{

$this->actingAsApiEditor();

public function test_create_endpoint()

{

$this->actingAsApiEditor();

- $book = Book::query()->first();

+ $book = $this->entities->book();

$details = [

'name' => 'My API page',

'book_id' => $book->id,

$details = [

'name' => 'My API page',

'book_id' => $book->id,

@@ -46,6 +49,7 @@ class PagesApiTest extends TestCase

'value' => 'tagvalue',

+ 'priority' => 15,

];

$resp = $this->postJson($this->baseEndpoint, $details);

];

$resp = $this->postJson($this->baseEndpoint, $details);

@@ -67,7 +71,7 @@ class PagesApiTest extends TestCase

public function test_page_name_needed_to_create()

{

$this->actingAsApiEditor();

public function test_page_name_needed_to_create()

{

$this->actingAsApiEditor();

- $book = Book::query()->first();

+ $book = $this->entities->book();

$details = [

'book_id' => $book->id,

'html' => '<p>A page created via the API</p>',

$details = [

'book_id' => $book->id,

'html' => '<p>A page created via the API</p>',

@@ -95,11 +99,11 @@ class PagesApiTest extends TestCase

'chapter_id' => ['The chapter id field is required when book id is not present.'],

]));

'chapter_id' => ['The chapter id field is required when book id is not present.'],

]));

- $chapter = Chapter::visible()->first();

+ $chapter = $this->entities->chapter();

$resp = $this->postJson($this->baseEndpoint, array_merge($details, ['chapter_id' => $chapter->id]));

$resp->assertStatus(200);

$resp = $this->postJson($this->baseEndpoint, array_merge($details, ['chapter_id' => $chapter->id]));

$resp->assertStatus(200);

- $book = Book::visible()->first();

+ $book = $this->entities->book();

$resp = $this->postJson($this->baseEndpoint, array_merge($details, ['book_id' => $book->id]));

$resp->assertStatus(200);

}

$resp = $this->postJson($this->baseEndpoint, array_merge($details, ['book_id' => $book->id]));

$resp->assertStatus(200);

}

@@ -107,7 +111,7 @@ class PagesApiTest extends TestCase

public function test_markdown_can_be_provided_for_create()

{

$this->actingAsApiEditor();

public function test_markdown_can_be_provided_for_create()

{

$this->actingAsApiEditor();

- $book = Book::visible()->first();

+ $book = $this->entities->book();

$details = [

'book_id' => $book->id,

'name' => 'My api page',

$details = [

'book_id' => $book->id,

'name' => 'My api page',

@@ -126,7 +130,7 @@ class PagesApiTest extends TestCase

public function test_read_endpoint()

{

$this->actingAsApiEditor();

public function test_read_endpoint()

{

$this->actingAsApiEditor();

- $page = Page::visible()->first();

+ $page = $this->entities->page();

$resp = $this->getJson($this->baseEndpoint . "/{$page->id}");

$resp->assertStatus(200);

$resp = $this->getJson($this->baseEndpoint . "/{$page->id}");

$resp->assertStatus(200);

@@ -149,7 +153,7 @@ class PagesApiTest extends TestCase

public function test_read_endpoint_provides_rendered_html()

{

$this->actingAsApiEditor();

public function test_read_endpoint_provides_rendered_html()

{

$this->actingAsApiEditor();

- $page = Page::visible()->first();

+ $page = $this->entities->page();

$page->html = "<p>testing</p><script>alert('danger')</script><h1>Hello</h1>";

$page->save();

$page->html = "<p>testing</p><script>alert('danger')</script><h1>Hello</h1>";

$page->save();

@@ -160,10 +164,45 @@ class PagesApiTest extends TestCase

$this->assertStringContainsString('testing', $html);

}

$this->assertStringContainsString('testing', $html);

}

+ public function test_read_endpoint_provides_raw_html()

+ {

+ $html = "<p>testing</p><script>alert('danger')</script><h1>Hello</h1>";

+ $this->actingAsApiEditor();

+ $page = $this->entities->page();

+ $page->html = $html;

+ $page->save();

+ $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");

+ $this->assertEquals($html, $resp->json('raw_html'));

+ $this->assertNotEquals($html, $resp->json('html'));

+ }

+ public function test_read_endpoint_returns_not_found()

+ {

+ $this->actingAsApiEditor();

+ // get an id that is not used

+ $id = Page::orderBy('id', 'desc')->first()->id + 1;

+ $this->assertNull(Page::find($id));

+ $resp = $this->getJson($this->baseEndpoint . "/$id");

+ $resp->assertNotFound();

+ $this->assertNull($resp->json('id'));

+ $resp->assertJsonIsObject('error');

+ $resp->assertJsonStructure([

+ 'error' => [

+ 'code',

+ 'message',

+ ],

+ ]);

+ $this->assertSame(404, $resp->json('error')['code']);

+ }

public function test_update_endpoint()

{

$this->actingAsApiEditor();

public function test_update_endpoint()

{

$this->actingAsApiEditor();

- $page = Page::visible()->first();

+ $page = $this->entities->page();

$details = [

'name' => 'My updated API page',

'html' => '<p>A page created via the API</p>',

$details = [

'name' => 'My updated API page',

'html' => '<p>A page created via the API</p>',

@@ -173,6 +212,7 @@ class PagesApiTest extends TestCase

'value' => 'freshtagval',

+ 'priority' => 15,

];

$resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);

];

$resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);

@@ -189,7 +229,7 @@ class PagesApiTest extends TestCase

public function test_providing_new_chapter_id_on_update_will_move_page()

{

$this->actingAsApiEditor();

public function test_providing_new_chapter_id_on_update_will_move_page()

{

$this->actingAsApiEditor();

- $page = Page::visible()->first();

+ $page = $this->entities->page();

$chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();

$details = [

'name' => 'My updated API page',

$chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();

$details = [

'name' => 'My updated API page',

@@ -208,9 +248,9 @@ class PagesApiTest extends TestCase

public function test_providing_move_via_update_requires_page_create_permission_on_new_parent()

{

$this->actingAsApiEditor();

public function test_providing_move_via_update_requires_page_create_permission_on_new_parent()

{

$this->actingAsApiEditor();

- $page = Page::visible()->first();

+ $page = $this->entities->page();

$chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();

- $this->setEntityRestrictions($chapter, ['view'], [$this->getEditor()->roles()->first()]);

+ $this->permissions->setEntityPermissions($chapter, ['view'], [$this->users->editor()->roles()->first()]);

$details = [

'name' => 'My updated API page',

'chapter_id' => $chapter->id,

$details = [

'name' => 'My updated API page',

'chapter_id' => $chapter->id,

@@ -224,7 +264,7 @@ class PagesApiTest extends TestCase

public function test_update_endpoint_does_not_wipe_content_if_no_html_or_md_provided()

{

$this->actingAsApiEditor();

public function test_update_endpoint_does_not_wipe_content_if_no_html_or_md_provided()

{

$this->actingAsApiEditor();

- $page = Page::visible()->first();

+ $page = $this->entities->page();

$originalContent = $page->html;

$details = [

'name' => 'My updated API page',

$originalContent = $page->html;

$details = [

'name' => 'My updated API page',

@@ -245,11 +285,11 @@ class PagesApiTest extends TestCase

public function test_update_increments_updated_date_if_only_tags_are_sent()

{

$this->actingAsApiEditor();

public function test_update_increments_updated_date_if_only_tags_are_sent()

{

$this->actingAsApiEditor();

- $page = Page::visible()->first();

+ $page = $this->entities->page();

DB::table('pages')->where('id', '=', $page->id)->update(['updated_at' => Carbon::now()->subWeek()]);

$details = [

DB::table('pages')->where('id', '=', $page->id)->update(['updated_at' => Carbon::now()->subWeek()]);

$details = [

- 'tags' => [['name' => 'Category', 'value' => 'Testing']]

+ 'tags' => [['name' => 'Category', 'value' => 'Testing']],

];

$resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);

];

$resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);

@@ -262,66 +302,10 @@ class PagesApiTest extends TestCase

public function test_delete_endpoint()

{

$this->actingAsApiEditor();

public function test_delete_endpoint()

{

$this->actingAsApiEditor();

- $page = Page::visible()->first();

+ $page = $this->entities->page();

$resp = $this->deleteJson($this->baseEndpoint . "/{$page->id}");

$resp->assertStatus(204);

$this->assertActivityExists('page_delete', $page);

}

$resp = $this->deleteJson($this->baseEndpoint . "/{$page->id}");

$resp->assertStatus(204);

$this->assertActivityExists('page_delete', $page);

}

- public function test_export_html_endpoint()

- {

- $this->actingAsApiEditor();

- $page = Page::visible()->first();

- $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/html");

- $resp->assertStatus(200);

- $resp->assertSee($page->name);

- $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.html"');

- }

- public function test_export_plain_text_endpoint()

- {

- $this->actingAsApiEditor();

- $page = Page::visible()->first();

- $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/plaintext");

- $resp->assertStatus(200);

- $resp->assertSee($page->name);

- $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.txt"');

- }

- public function test_export_pdf_endpoint()

- {

- $this->actingAsApiEditor();

- $page = Page::visible()->first();

- $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/pdf");

- $resp->assertStatus(200);

- $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.pdf"');

- }

- public function test_export_markdown_endpoint()

- {

- $this->actingAsApiEditor();

- $page = Page::visible()->first();

- $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/markdown");

- $resp->assertStatus(200);

- $resp->assertSee('# ' . $page->name);

- $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.md"');

- }

- public function test_cant_export_when_not_have_permission()

- {

- $types = ['html', 'plaintext', 'pdf', 'markdown'];

- $this->actingAsApiEditor();

- $this->removePermissionFromUser($this->getEditor(), 'content-export');

- $page = Page::visible()->first();

- foreach ($types as $type) {

- $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/{$type}");

- $this->assertPermissionError($resp);

- }

}