Fixed local_secure_restricted preventing attachment uploads

[bookstack] / tests / Entity / ConvertTest.php

diff --git a/tests/Entity/ConvertTest.php b/tests/Entity/ConvertTest.php
index 4a949e76fe5dd2c38d78f150b21c5bb07d821e95..58f694f604adc9cbbd51dadc7a7982554bc536ad 100644 (file)
--- a/tests/Entity/ConvertTest.php
+++ b/tests/Entity/ConvertTest.php
@@ -12,7 +12,6 @@ use Tests\TestCase;
 
 class ConvertTest extends TestCase
 {
-
     public function test_chapter_edit_view_shows_convert_option()
     {
         /** @var Chapter $chapter */
@@ -21,7 +20,7 @@ class ConvertTest extends TestCase
         $resp = $this->asEditor()->get($chapter->getUrl('/edit'));
         $resp->assertSee('Convert to Book');
         $resp->assertSee('Convert Chapter');
-        $resp->assertElementExists('form[action$="/convert-to-book"] button');
+        $this->withHtml($resp)->assertElementExists('form[action$="/convert-to-book"] button');
     }
 
     public function test_convert_chapter_to_book()
@@ -49,6 +48,27 @@ class ConvertTest extends TestCase
         $this->assertActivityExists(ActivityType::BOOK_CREATE_FROM_CHAPTER, $newBook);
     }
 
+    public function test_convert_chapter_to_book_requires_permissions()
+    {
+        /** @var Chapter $chapter */
+        $chapter = Chapter::query()->first();
+        $user = $this->getViewer();
+
+        $permissions = ['chapter-delete-all', 'book-create-all', 'chapter-update-all'];
+        $this->giveUserPermissions($user, $permissions);
+
+        foreach ($permissions as $permission) {
+            $this->removePermissionFromUser($user, $permission);
+            $resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
+            $this->assertPermissionError($resp);
+            $this->giveUserPermissions($user, [$permission]);
+        }
+
+        $resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
+        $this->assertNotPermissionError($resp);
+        $resp->assertRedirect();
+    }
+
     public function test_book_edit_view_shows_convert_option()
     {
         $book = Book::query()->first();
@@ -57,7 +77,7 @@ class ConvertTest extends TestCase
         $resp->assertSee('Convert to Shelf');
         $resp->assertSee('Convert Book');
         $resp->assertSee('Note that permissions on shelves do not auto-cascade to content');
-        $resp->assertElementExists('form[action$="/convert-to-shelf"] button');
+        $this->withHtml($resp)->assertElementExists('form[action$="/convert-to-shelf"] button');
     }
 
     public function test_book_convert_to_shelf()
@@ -102,4 +122,24 @@ class ConvertTest extends TestCase
         $this->assertEquals($childChapter->name, $chapterChildPage->book->name);
     }
 
-}
\ No newline at end of file
+    public function test_book_convert_to_shelf_requires_permissions()
+    {
+        /** @var Book $book */
+        $book = Book::query()->first();
+        $user = $this->getViewer();
+
+        $permissions = ['book-delete-all', 'bookshelf-create-all', 'book-update-all', 'book-create-all'];
+        $this->giveUserPermissions($user, $permissions);
+
+        foreach ($permissions as $permission) {
+            $this->removePermissionFromUser($user, $permission);
+            $resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));
+            $this->assertPermissionError($resp);
+            $this->giveUserPermissions($user, [$permission]);
+        }
+
+        $resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));
+        $this->assertNotPermissionError($resp);
+        $resp->assertRedirect();
+    }
+}