BookStack Code Mirror - bookstack/blobdiff - tests/Permissions/RolesTest.php

index da2abb0bdf23c335fe5aa29a1053ce71deac8007..99080d354c4c239fae8261e8de53d06681b7e7fe 100644 (file)

--- a/tests/Permissions/RolesTest.php

+++ b/tests/Permissions/RolesTest.php

@@ -1,4 +1,4 @@

-<?php namespace Tests;

+<?php namespace Tests\Permissions;

use BookStack\Entities\Bookshelf;

use BookStack\Entities\Page;

@@ -6,12 +6,13 @@ use BookStack\Auth\Permissions\PermissionsRepo;

use BookStack\Auth\Role;

use Laravel\BrowserKitTesting\HttpException;

use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

+use Tests\BrowserKitTest;

class RolesTest extends BrowserKitTest

{

protected $user;

- public function setUp()

+ public function setUp(): void

{

parent::setUp();

$this->user = $this->getViewer();

@@ -119,6 +120,43 @@ class RolesTest extends BrowserKitTest

$this->actingAs($this->user)->visit('/')->dontSee($usersLink);

}

+ public function test_user_cannot_change_email_unless_they_have_manage_users_permission()

+ {

+ $userProfileUrl = '/settings/users/' . $this->user->id;

+ $originalEmail = $this->user->email;

+ $this->actingAs($this->user);

+ $this->visit($userProfileUrl)

+ ->assertResponseOk()

+ ->seeElement('input[name=email][disabled]');

+ $this->put($userProfileUrl, [

+ 'name' => 'my_new_name',

+ 'email' => '[email protected]',

+ ]);

+ $this->seeInDatabase('users', [

+ 'id' => $this->user->id,

+ 'email' => $originalEmail,

+ 'name' => 'my_new_name',

+ ]);

+ $this->giveUserPermissions($this->user, ['users-manage']);

+ $this->visit($userProfileUrl)

+ ->assertResponseOk()

+ ->dontSeeElement('input[name=email][disabled]')

+ ->seeElement('input[name=email]');

+ $this->put($userProfileUrl, [

+ 'name' => 'my_new_name_2',

+ 'email' => '[email protected]',

+ ]);

+ $this->seeInDatabase('users', [

+ 'id' => $this->user->id,

+ 'email' => '[email protected]',

+ 'name' => 'my_new_name_2',

+ ]);

+ }

public function test_user_roles_manage_permission()

{

$this->actingAs($this->user)->visit('/settings/roles')

@@ -215,7 +253,7 @@ class RolesTest extends BrowserKitTest

$this->checkAccessPermission('bookshelf-create-all', [

'/create-shelf'

], [

- '/shelves' => 'Create New Shelf'

+ '/shelves' => 'New Shelf'

]);

$this->visit('/create-shelf')

@@ -600,14 +638,14 @@ class RolesTest extends BrowserKitTest

$ownPage->getUrl() => 'Delete'

]);

- $bookUrl = $ownPage->book->getUrl();

+ $parent = $ownPage->chapter ?? $ownPage->book;

$this->visit($otherPage->getUrl())

->dontSeeInElement('.action-buttons', 'Delete')

->visit($otherPage->getUrl() . '/delete')

->seePageIs('/');

$this->visit($ownPage->getUrl())->visit($ownPage->getUrl() . '/delete')

->press('Confirm')

- ->seePageIs($bookUrl)

+ ->seePageIs($parent->getUrl())

->dontSeeInElement('.book-content', $ownPage->name);

}

@@ -621,10 +659,10 @@ class RolesTest extends BrowserKitTest

$otherPage->getUrl() => 'Delete'

]);

- $bookUrl = $otherPage->book->getUrl();

+ $parent = $otherPage->chapter ?? $otherPage->book;

$this->visit($otherPage->getUrl())->visit($otherPage->getUrl() . '/delete')

->press('Confirm')

- ->seePageIs($bookUrl)

+ ->seePageIs($parent->getUrl())

->dontSeeInElement('.book-content', $otherPage->name);

}

@@ -632,8 +670,8 @@ class RolesTest extends BrowserKitTest

{

$user = \BookStack\Auth\User::first();

$this->asAdmin()->visit('/settings/users/' . $user->id)

- ->seeElement('#roles-admin')

- ->seeElement('#roles-public');

+ ->seeElement('[name="roles[admin]"]')

+ ->seeElement('[name="roles[public]"]');

}

public function test_public_role_visible_in_role_listing()