<?php namespace Tests;
use BookStack\Book;
-use BookStack\Services\PermissionService;
+use BookStack\Entity;
use BookStack\User;
+use BookStack\Repos\EntityRepo;
class RestrictionsTest extends BrowserKitTest
{
*/
protected $viewer;
- /**
- * @var PermissionService
- */
- protected $permissionService;
-
public function setUp()
{
parent::setUp();
$this->user = $this->getEditor();
$this->viewer = $this->getViewer();
- $this->permissionService = $this->app[PermissionService::class];
}
- /**
- * Manually set some permissions on an entity.
- * @param \BookStack\Entity $entity
- * @param $actions
- */
- protected function setEntityRestrictions(\BookStack\Entity $entity, $actions)
+ protected function setEntityRestrictions(Entity $entity, $actions = [], $roles = [])
{
- $entity->restricted = true;
- $entity->permissions()->delete();
-
- $role = $this->user->roles->first();
- $viewerRole = $this->viewer->roles->first();
-
- $permissions = [];
- foreach ($actions as $action) {
- $permissions[] = [
- 'role_id' => $role->id,
- 'action' => strtolower($action)
- ];
- $permissions[] = [
- 'role_id' => $viewerRole->id,
- 'action' => strtolower($action)
- ];
- }
- $entity->permissions()->createMany($permissions);
-
- $entity->save();
- $entity->load('permissions');
- $this->permissionService->buildJointPermissionsForEntity($entity);
- $entity->load('jointPermissions');
+ $roles = [
+ $this->user->roles->first(),
+ $this->viewer->roles->first(),
+ ];
+ parent::setEntityRestrictions($entity, $actions, $roles);
}
public function test_book_view_restriction()
$this->setEntityRestrictions($book, ['view', 'delete', 'update']);
- $this->forceVisit($bookUrl . '/chapter/create')
+ $this->forceVisit($bookUrl . '/create-chapter')
->see('You do not have permission')->seePageIs('/');
- $this->forceVisit($bookUrl . '/page/create')
+ $this->forceVisit($bookUrl . '/create-page')
->see('You do not have permission')->seePageIs('/');
$this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
->dontSeeInElement('.action-buttons', 'New Chapter');
$this->setEntityRestrictions($book, ['view', 'create']);
- $this->visit($bookUrl . '/chapter/create')
+ $this->visit($bookUrl . '/create-chapter')
->type('test chapter', 'name')
->type('test description for chapter', 'description')
->press('Save Chapter')
->seePageIs($bookUrl . '/chapter/test-chapter');
- $this->visit($bookUrl . '/page/create')
+ $this->visit($bookUrl . '/create-page')
->type('test page', 'name')
->type('test content', 'html')
->press('Save Page')
$this->setEntityRestrictions($book, ['view', 'delete', 'update']);
- $this->forceVisit($bookUrl . '/chapter/create')
+ $this->forceVisit($bookUrl . '/create-chapter')
->see('You do not have permission')->seePageIs('/');
- $this->forceVisit($bookUrl . '/page/create')
+ $this->forceVisit($bookUrl . '/create-page')
->see('You do not have permission')->seePageIs('/');
$this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
->dontSeeInElement('.action-buttons', 'New Chapter');
$this->setEntityRestrictions($book, ['view', 'create']);
- $this->visit($bookUrl . '/chapter/create')
+ $this->visit($bookUrl . '/create-chapter')
->type('test chapter', 'name')
->type('test description for chapter', 'description')
->press('Save Chapter')
->seePageIs($bookUrl . '/chapter/test-chapter');
- $this->visit($bookUrl . '/page/create')
+ $this->visit($bookUrl . '/create-page')
->type('test page', 'name')
->type('test content', 'html')
->press('Save Page')
$this->dontSee(substr($bookChapter->name, 0, 15));
}
+ public function test_book_sort_view_permission()
+ {
+ $firstBook = Book::first();
+ $secondBook = Book::find(2);
+ $thirdBook = Book::find(3);
+
+ $this->setEntityRestrictions($firstBook, ['view', 'update']);
+ $this->setEntityRestrictions($secondBook, ['view']);
+ $this->setEntityRestrictions($thirdBook, ['view', 'update']);
+
+ // Test sort page visibility
+ $this->actingAs($this->user)->visit($secondBook->getUrl() . '/sort')
+ ->see('You do not have permission')
+ ->seePageIs('/');
+
+ // Check sort page on first book
+ $this->actingAs($this->user)->visit($firstBook->getUrl() . '/sort')
+ ->see($thirdBook->name)
+ ->dontSee($secondBook->name);
+ }
+
+ public function test_book_sort_permission() {
+ $firstBook = Book::first();
+ $secondBook = Book::find(2);
+
+ $this->setEntityRestrictions($firstBook, ['view', 'update']);
+ $this->setEntityRestrictions($secondBook, ['view']);
+
+ $firstBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter',
+ ['name' => 'first book chapter'], $firstBook);
+ $secondBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter',
+ ['name' => 'second book chapter'], $secondBook);
+
+ // Create request data
+ $reqData = [
+ [
+ 'id' => $firstBookChapter->id,
+ 'sort' => 0,
+ 'parentChapter' => false,
+ 'type' => 'chapter',
+ 'book' => $secondBook->id
+ ]
+ ];
+
+ // Move chapter from first book to a second book
+ $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)])
+ ->followRedirects()
+ ->see('You do not have permission')
+ ->seePageIs('/');
+
+ $reqData = [
+ [
+ 'id' => $secondBookChapter->id,
+ 'sort' => 0,
+ 'parentChapter' => false,
+ 'type' => 'chapter',
+ 'book' => $firstBook->id
+ ]
+ ];
+
+ // Move chapter from second book to first book
+ $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)])
+ ->followRedirects()
+ ->see('You do not have permission')
+ ->seePageIs('/');
+ }
+
+ public function test_can_create_page_if_chapter_has_permissions_when_book_not_visible()
+ {
+ $book = Book::first();
+ $this->setEntityRestrictions($book, []);
+ $bookChapter = $book->chapters->first();
+ $this->setEntityRestrictions($bookChapter, ['view']);
+
+ $this->actingAs($this->user)->visit($bookChapter->getUrl())
+ ->dontSee('New Page');
+
+ $this->setEntityRestrictions($bookChapter, ['view', 'create']);
+
+ $this->actingAs($this->user)->visit($bookChapter->getUrl())
+ ->click('New Page')
+ ->seeStatusCode(200)
+ ->type('test page', 'name')
+ ->type('test content', 'html')
+ ->press('Save Page')
+ ->seePageIs($book->getUrl('/page/test-page'))
+ ->seeStatusCode(200);
+ }
}
projects / bookstack / blobdiff