namespace Tests\Permissions;
-use BookStack\Activity\ActivityType;
use BookStack\Activity\Models\Comment;
use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Bookshelf;
use BookStack\Entities\Models\Entity;
use BookStack\Entities\Models\Page;
use BookStack\Uploads\Image;
-use BookStack\Users\Models\Role;
use BookStack\Users\Models\User;
use Illuminate\Testing\TestResponse;
use Tests\TestCase;
public function test_user_cannot_change_email_unless_they_have_manage_users_permission()
{
- $userProfileUrl = '/settings/users/' . $this->user->id;
$originalEmail = $this->user->email;
$this->actingAs($this->user);
- $resp = $this->get($userProfileUrl)
- ->assertOk();
+ $resp = $this->get('/my-account/profile')->assertOk();
$this->withHtml($resp)->assertElementExists('input[name=email][disabled]');
- $this->put($userProfileUrl, [
+ $resp->assertSee('Unfortunately you don\'t have permission to change your email address.');
+ $this->put('/my-account/profile', [
'name' => 'my_new_name',
]);
$this->permissions->grantUserRolePermissions($this->user, ['users-manage']);
- $resp = $this->get($userProfileUrl)
- ->assertOk();
- $this->withHtml($resp)->assertElementNotExists('input[name=email][disabled]')
+ $resp = $this->get('/my-account/profile')->assertOk();
+ $this->withHtml($resp)
+ ->assertElementNotExists('input[name=email][disabled]')
->assertElementExists('input[name=email]');
- $this->put($userProfileUrl, [
+
+ $this->put('/my-account/profile', [
'name' => 'my_new_name_2',
]);
/**
* Check a standard entity access permission.
*/
- private function checkAccessPermission(string $permission, array $accessUrls = [], array $visibles = [])
- {
+ private function checkAccessPermission(
+ string $permission,
+ array $accessUrls = [],
+ array $visibles = [],
+ string $expectedRedirectUri = '/',
+ ) {
foreach ($accessUrls as $url) {
- $this->actingAs($this->user)->get($url)->assertRedirect('/');
+ $this->actingAs($this->user)->get($url)->assertRedirect($expectedRedirectUri);
}
foreach ($visibles as $url => $text) {
$ownPage->getUrl() . '/edit',
], [
$ownPage->getUrl() => 'Edit',
- ]);
+ ], $ownPage->getUrl());
$resp = $this->get($otherPage->getUrl());
$this->withHtml($resp)->assertElementNotContains('.action-buttons', 'Edit');
- $this->get($otherPage->getUrl() . '/edit')->assertRedirect('/');
+ $this->get($otherPage->getUrl() . '/edit')->assertRedirect($otherPage->getUrl());
}
public function test_page_edit_all_permission()
$otherPage->getUrl('/edit'),
], [
$otherPage->getUrl() => 'Edit',
- ]);
+ ], $otherPage->getUrl());
}
public function test_page_delete_own_permission()
private function addComment(Page $page): TestResponse
{
- $comment = Comment::factory()->make();
-
- return $this->postJson("/comment/$page->id", $comment->only('text', 'html'));
+ return $this->postJson("/comment/$page->id", ['html' => '<p>New comment content</p>']);
}
private function updateComment(Comment $comment): TestResponse
{
- $commentData = Comment::factory()->make();
-
- return $this->putJson("/comment/{$comment->id}", $commentData->only('text', 'html'));
+ return $this->putJson("/comment/{$comment->id}", ['html' => '<p>Updated comment content</p>']);
}
private function deleteComment(Comment $comment): TestResponse
projects / bookstack / blobdiff