BookStack Code Mirror - bookstack/blobdiff - tests/Permissions/RolesTest.php

index 3397ef42905bdb029108da634558a281d4482800..b9b1805b6df213deac96139e63f7e6fdb58d3d08 100644 (file)

--- a/tests/Permissions/RolesTest.php

+++ b/tests/Permissions/RolesTest.php

@@ -1,12 +1,14 @@

-<?php namespace Tests\Permissions;

+<?php

+namespace Tests\Permissions;

use BookStack\Actions\Comment;

+use BookStack\Auth\Role;

use BookStack\Auth\User;

use BookStack\Entities\Models\Book;

use BookStack\Entities\Models\Bookshelf;

use BookStack\Entities\Models\Chapter;

use BookStack\Entities\Models\Page;

-use BookStack\Auth\Role;

use BookStack\Uploads\Image;

use Laravel\BrowserKitTesting\HttpException;

use Tests\BrowserKitTest;

@@ -62,15 +64,16 @@ class RolesTest extends BrowserKitTest

->type('Test Role', 'display_name')

->type('A little test description', 'description')

->press('Save Role')

- ->seeInDatabase('roles', ['display_name' => $testRoleName, 'description' => $testRoleDesc])

+ ->seeInDatabase('roles', ['display_name' => $testRoleName, 'description' => $testRoleDesc, 'mfa_enforced' => false])

->seePageIs('/settings/roles');

// Updating

$this->asAdmin()->visit('/settings/roles')

->see($testRoleDesc)

->click($testRoleName)

->type($testRoleUpdateName, '#display_name')

+ ->check('#mfa_enforced')

->press('Save Role')

- ->seeInDatabase('roles', ['display_name' => $testRoleUpdateName, 'description' => $testRoleDesc])

+ ->seeInDatabase('roles', ['display_name' => $testRoleUpdateName, 'description' => $testRoleDesc, 'mfa_enforced' => true])

->seePageIs('/settings/roles');

// Deleting

$this->asAdmin()->visit('/settings/roles')

@@ -93,11 +96,11 @@ class RolesTest extends BrowserKitTest

$editUrl = '/settings/users/' . $adminUser->id;

$this->actingAs($adminUser)->put($editUrl, [

- 'name' => $adminUser->name,

+ 'name' => $adminUser->name,

'email' => $adminUser->email,

'roles' => [

'viewer' => strval($viewerRole->id),

- ]

+ ],

])->followRedirects();

$this->seePageIs($editUrl);

@@ -134,7 +137,7 @@ class RolesTest extends BrowserKitTest

public function test_manage_users_permission_shows_link_in_header_if_does_not_have_settings_manage_permision()

{

- $usersLink = 'href="'.url('/settings/users') . '"';

+ $usersLink = 'href="' . url('/settings/users') . '"';

$this->actingAs($this->user)->visit('/')->dontSee($usersLink);

$this->giveUserPermissions($this->user, ['users-manage']);

$this->actingAs($this->user)->visit('/')->see($usersLink);

@@ -152,13 +155,13 @@ class RolesTest extends BrowserKitTest

->assertResponseOk()

->seeElement('input[name=email][disabled]');

$this->put($userProfileUrl, [

- 'name' => 'my_new_name',

+ 'name' => 'my_new_name',

'email' => '[email protected]',

]);

$this->seeInDatabase('users', [

- 'id' => $this->user->id,

+ 'id' => $this->user->id,

'email' => $originalEmail,

- 'name' => 'my_new_name',

+ 'name' => 'my_new_name',

]);

$this->giveUserPermissions($this->user, ['users-manage']);

@@ -168,14 +171,14 @@ class RolesTest extends BrowserKitTest

->dontSeeElement('input[name=email][disabled]')

->seeElement('input[name=email]');

$this->put($userProfileUrl, [

- 'name' => 'my_new_name_2',

+ 'name' => 'my_new_name_2',

'email' => '[email protected]',

]);

$this->seeInDatabase('users', [

- 'id' => $this->user->id,

+ 'id' => $this->user->id,

'email' => '[email protected]',

- 'name' => 'my_new_name_2',

+ 'name' => 'my_new_name_2',

]);

}

@@ -216,15 +219,23 @@ class RolesTest extends BrowserKitTest

{

$otherUsersPage = Page::first();

$content = $this->createEntityChainBelongingToUser($this->user);

+ // Set a different creator on the page we're checking to ensure

+ // that the owner fields are checked

+ $page = $content['page']; /** @var Page $page */

+ $page->created_by = $otherUsersPage->id;

+ $page->owned_by = $this->user->id;

+ $page->save();

// Check can't restrict other's content

$this->actingAs($this->user)->visit($otherUsersPage->getUrl())

->dontSee('Permissions')

->visit($otherUsersPage->getUrl() . '/permissions')

->seePageIs('/');

// Check can't restrict own content

- $this->actingAs($this->user)->visit($content['page']->getUrl())

+ $this->actingAs($this->user)->visit($page->getUrl())

->dontSee('Permissions')

- ->visit($content['page']->getUrl() . '/permissions')

+ ->visit($page->getUrl() . '/permissions')

->seePageIs('/');

$this->giveUserPermissions($this->user, ['restrictions-manage-own']);

@@ -235,17 +246,18 @@ class RolesTest extends BrowserKitTest

->visit($otherUsersPage->getUrl() . '/permissions')

->seePageIs('/');

// Check can restrict own content

- $this->actingAs($this->user)->visit($content['page']->getUrl())

+ $this->actingAs($this->user)->visit($page->getUrl())

->see('Permissions')

->click('Permissions')

- ->seePageIs($content['page']->getUrl() . '/permissions');

+ ->seePageIs($page->getUrl() . '/permissions');

}

/**

- * Check a standard entity access permission

+ * Check a standard entity access permission.

+ *

* @param string $permission

- * @param array $accessUrls Urls that are only accessible after having the permission

- * @param array $visibles Check this text, In the buttons toolbar, is only visible with the permission

+ * @param array $accessUrls Urls that are only accessible after having the permission

+ * @param array $visibles Check this text, In the buttons toolbar, is only visible with the permission

private function checkAccessPermission($permission, $accessUrls = [], $visibles = [])

{

@@ -255,7 +267,7 @@ class RolesTest extends BrowserKitTest

}

foreach ($visibles as $url => $text) {

$this->actingAs($this->user)->visit($url)

- ->dontSeeInElement('.action-buttons',$text);

+ ->dontSeeInElement('.action-buttons', $text);

}

$this->giveUserPermissions($this->user, [$permission]);

@@ -273,9 +285,9 @@ class RolesTest extends BrowserKitTest

public function test_bookshelves_create_all_permissions()

{

$this->checkAccessPermission('bookshelf-create-all', [

- '/create-shelf'

+ '/create-shelf',

], [

- '/shelves' => 'New Shelf'

+ '/shelves' => 'New Shelf',

]);

$this->visit('/create-shelf')

@@ -293,9 +305,9 @@ class RolesTest extends BrowserKitTest

$this->regenEntityPermissions($ownShelf);

$this->checkAccessPermission('bookshelf-update-own', [

- $ownShelf->getUrl('/edit')

+ $ownShelf->getUrl('/edit'),

], [

- $ownShelf->getUrl() => 'Edit'

+ $ownShelf->getUrl() => 'Edit',

]);

$this->visit($otherShelf->getUrl())

@@ -308,9 +320,9 @@ class RolesTest extends BrowserKitTest

{

$otherShelf = Bookshelf::first();

$this->checkAccessPermission('bookshelf-update-all', [

- $otherShelf->getUrl('/edit')

+ $otherShelf->getUrl('/edit'),

], [

- $otherShelf->getUrl() => 'Edit'

+ $otherShelf->getUrl() => 'Edit',

]);

}

@@ -323,9 +335,9 @@ class RolesTest extends BrowserKitTest

$this->regenEntityPermissions($ownShelf);

$this->checkAccessPermission('bookshelf-delete-own', [

- $ownShelf->getUrl('/delete')

+ $ownShelf->getUrl('/delete'),

], [

- $ownShelf->getUrl() => 'Delete'

+ $ownShelf->getUrl() => 'Delete',

]);

$this->visit($otherShelf->getUrl())

@@ -343,9 +355,9 @@ class RolesTest extends BrowserKitTest

$this->giveUserPermissions($this->user, ['bookshelf-update-all']);

$otherShelf = Bookshelf::first();

$this->checkAccessPermission('bookshelf-delete-all', [

- $otherShelf->getUrl('/delete')

+ $otherShelf->getUrl('/delete'),

], [

- $otherShelf->getUrl() => 'Delete'

+ $otherShelf->getUrl() => 'Delete',

]);

$this->visit($otherShelf->getUrl())->visit($otherShelf->getUrl('/delete'))

@@ -357,9 +369,9 @@ class RolesTest extends BrowserKitTest

public function test_books_create_all_permissions()

{

$this->checkAccessPermission('book-create-all', [

- '/create-book'

+ '/create-book',

], [

- '/books' => 'Create New Book'

+ '/books' => 'Create New Book',

]);

$this->visit('/create-book')

@@ -374,9 +386,9 @@ class RolesTest extends BrowserKitTest

$otherBook = Book::take(1)->get()->first();

$ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];

$this->checkAccessPermission('book-update-own', [

- $ownBook->getUrl() . '/edit'

+ $ownBook->getUrl() . '/edit',

], [

- $ownBook->getUrl() => 'Edit'

+ $ownBook->getUrl() => 'Edit',

]);

$this->visit($otherBook->getUrl())

@@ -389,9 +401,9 @@ class RolesTest extends BrowserKitTest

{

$otherBook = Book::take(1)->get()->first();

$this->checkAccessPermission('book-update-all', [

- $otherBook->getUrl() . '/edit'

+ $otherBook->getUrl() . '/edit',

], [

- $otherBook->getUrl() => 'Edit'

+ $otherBook->getUrl() => 'Edit',

]);

}

@@ -401,9 +413,9 @@ class RolesTest extends BrowserKitTest

$otherBook = Book::take(1)->get()->first();

$ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];

$this->checkAccessPermission('book-delete-own', [

- $ownBook->getUrl() . '/delete'

+ $ownBook->getUrl() . '/delete',

], [

- $ownBook->getUrl() => 'Delete'

+ $ownBook->getUrl() => 'Delete',

]);

$this->visit($otherBook->getUrl())

@@ -421,9 +433,9 @@ class RolesTest extends BrowserKitTest

$this->giveUserPermissions($this->user, ['book-update-all']);

$otherBook = Book::take(1)->get()->first();

$this->checkAccessPermission('book-delete-all', [

- $otherBook->getUrl() . '/delete'

+ $otherBook->getUrl() . '/delete',

], [

- $otherBook->getUrl() => 'Delete'

+ $otherBook->getUrl() => 'Delete',

]);

$this->visit($otherBook->getUrl())->visit($otherBook->getUrl() . '/delete')

@@ -437,9 +449,9 @@ class RolesTest extends BrowserKitTest

$book = Book::take(1)->get()->first();

$ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];

$this->checkAccessPermission('chapter-create-own', [

- $ownBook->getUrl('/create-chapter')

+ $ownBook->getUrl('/create-chapter'),

], [

- $ownBook->getUrl() => 'New Chapter'

+ $ownBook->getUrl() => 'New Chapter',

]);

$this->visit($ownBook->getUrl('/create-chapter'))

@@ -458,9 +470,9 @@ class RolesTest extends BrowserKitTest

{

$book = Book::take(1)->get()->first();

$this->checkAccessPermission('chapter-create-all', [

- $book->getUrl('/create-chapter')

+ $book->getUrl('/create-chapter'),

], [

- $book->getUrl() => 'New Chapter'

+ $book->getUrl() => 'New Chapter',

]);

$this->visit($book->getUrl('/create-chapter'))

@@ -475,9 +487,9 @@ class RolesTest extends BrowserKitTest

$otherChapter = Chapter::take(1)->get()->first();

$ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter'];

$this->checkAccessPermission('chapter-update-own', [

- $ownChapter->getUrl() . '/edit'

+ $ownChapter->getUrl() . '/edit',

], [

- $ownChapter->getUrl() => 'Edit'

+ $ownChapter->getUrl() => 'Edit',

]);

$this->visit($otherChapter->getUrl())

@@ -490,9 +502,9 @@ class RolesTest extends BrowserKitTest

{

$otherChapter = Chapter::take(1)->get()->first();

$this->checkAccessPermission('chapter-update-all', [

- $otherChapter->getUrl() . '/edit'

+ $otherChapter->getUrl() . '/edit',

], [

- $otherChapter->getUrl() => 'Edit'

+ $otherChapter->getUrl() => 'Edit',

]);

}

@@ -502,9 +514,9 @@ class RolesTest extends BrowserKitTest

$otherChapter = Chapter::take(1)->get()->first();

$ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter'];

$this->checkAccessPermission('chapter-delete-own', [

- $ownChapter->getUrl() . '/delete'

+ $ownChapter->getUrl() . '/delete',

], [

- $ownChapter->getUrl() => 'Delete'

+ $ownChapter->getUrl() => 'Delete',

]);

$bookUrl = $ownChapter->book->getUrl();

@@ -523,9 +535,9 @@ class RolesTest extends BrowserKitTest

$this->giveUserPermissions($this->user, ['chapter-update-all']);

$otherChapter = Chapter::take(1)->get()->first();

$this->checkAccessPermission('chapter-delete-all', [

- $otherChapter->getUrl() . '/delete'

+ $otherChapter->getUrl() . '/delete',

], [

- $otherChapter->getUrl() => 'Delete'

+ $otherChapter->getUrl() => 'Delete',

]);

$bookUrl = $otherChapter->book->getUrl();

@@ -554,8 +566,8 @@ class RolesTest extends BrowserKitTest

}

$this->checkAccessPermission('page-create-own', [], [

- $ownBook->getUrl() => 'New Page',

- $ownChapter->getUrl() => 'New Page'

+ $ownBook->getUrl() => 'New Page',

+ $ownChapter->getUrl() => 'New Page',

]);

$this->giveUserPermissions($this->user, ['page-create-own']);

@@ -598,8 +610,8 @@ class RolesTest extends BrowserKitTest

}

$this->checkAccessPermission('page-create-all', [], [

- $book->getUrl() => 'New Page',

- $chapter->getUrl() => 'New Page'

+ $book->getUrl() => 'New Page',

+ $chapter->getUrl() => 'New Page',

]);

$this->giveUserPermissions($this->user, ['page-create-all']);

@@ -628,9 +640,9 @@ class RolesTest extends BrowserKitTest

$otherPage = Page::take(1)->get()->first();

$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

$this->checkAccessPermission('page-update-own', [

- $ownPage->getUrl() . '/edit'

+ $ownPage->getUrl() . '/edit',

], [

- $ownPage->getUrl() => 'Edit'

+ $ownPage->getUrl() => 'Edit',

]);

$this->visit($otherPage->getUrl())

@@ -643,9 +655,9 @@ class RolesTest extends BrowserKitTest

{

$otherPage = Page::take(1)->get()->first();

$this->checkAccessPermission('page-update-all', [

- $otherPage->getUrl() . '/edit'

+ $otherPage->getUrl() . '/edit',

], [

- $otherPage->getUrl() => 'Edit'

+ $otherPage->getUrl() => 'Edit',

]);

}

@@ -655,9 +667,9 @@ class RolesTest extends BrowserKitTest

$otherPage = Page::take(1)->get()->first();

$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

$this->checkAccessPermission('page-delete-own', [

- $ownPage->getUrl() . '/delete'

+ $ownPage->getUrl() . '/delete',

], [

- $ownPage->getUrl() => 'Delete'

+ $ownPage->getUrl() => 'Delete',

]);

$parent = $ownPage->chapter ?? $ownPage->book;

@@ -676,9 +688,9 @@ class RolesTest extends BrowserKitTest

$this->giveUserPermissions($this->user, ['page-update-all']);

$otherPage = Page::take(1)->get()->first();

$this->checkAccessPermission('page-delete-all', [

- $otherPage->getUrl() . '/delete'

+ $otherPage->getUrl() . '/delete',

], [

- $otherPage->getUrl() => 'Delete'

+ $otherPage->getUrl() => 'Delete',

]);

$parent = $otherPage->chapter ?? $otherPage->book;

@@ -694,8 +706,8 @@ class RolesTest extends BrowserKitTest

$adminRole = Role::getSystemRole('admin');

$publicRole = Role::getSystemRole('public');

$this->asAdmin()->visit('/settings/users/' . $user->id)

- ->seeElement('[name="roles['.$adminRole->id.']"]')

- ->seeElement('[name="roles['.$publicRole->id.']"]');

+ ->seeElement('[name="roles[' . $adminRole->id . ']"]')

+ ->seeElement('[name="roles[' . $publicRole->id . ']"]');

}

public function test_public_role_visible_in_role_listing()

@@ -771,8 +783,8 @@ class RolesTest extends BrowserKitTest

$this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [

'display_name' => $viewerRole->display_name,

- 'description' => $viewerRole->description,

- 'permission' => []

+ 'description' => $viewerRole->description,

+ 'permission' => [],

])->assertResponseStatus(302);

$this->expectException(HttpException::class);

@@ -797,7 +809,8 @@ class RolesTest extends BrowserKitTest

->dontSee('Sort the current book');

}

- public function test_comment_create_permission () {

+ public function test_comment_create_permission()

+ {

$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

$this->actingAs($this->user)->addComment($ownPage);

@@ -810,8 +823,8 @@ class RolesTest extends BrowserKitTest

$this->assertResponseStatus(200);

}

- public function test_comment_update_own_permission () {

+ public function test_comment_update_own_permission()

+ {

$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

$this->giveUserPermissions($this->user, ['comment-create-all']);

$commentId = $this->actingAs($this->user)->addComment($ownPage);

@@ -827,7 +840,8 @@ class RolesTest extends BrowserKitTest

$this->assertResponseStatus(200);

}

- public function test_comment_update_all_permission () {

+ public function test_comment_update_all_permission()

+ {

$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

$commentId = $this->asAdmin()->addComment($ownPage);

@@ -842,7 +856,8 @@ class RolesTest extends BrowserKitTest

$this->assertResponseStatus(200);

}

- public function test_comment_delete_own_permission () {

+ public function test_comment_delete_own_permission()

+ {

$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

$this->giveUserPermissions($this->user, ['comment-create-all']);

$commentId = $this->actingAs($this->user)->addComment($ownPage);

@@ -858,7 +873,8 @@ class RolesTest extends BrowserKitTest

$this->assertResponseStatus(200);

}

- public function test_comment_delete_all_permission () {

+ public function test_comment_delete_all_permission()

+ {

$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

$commentId = $this->asAdmin()->addComment($ownPage);

@@ -873,33 +889,37 @@ class RolesTest extends BrowserKitTest

$this->assertResponseStatus(200);

}

- private function addComment($page) {

+ private function addComment($page)

+ {

$comment = factory(Comment::class)->make();

$url = "/comment/$page->id";

$request = [

'text' => $comment->text,

- 'html' => $comment->html

+ 'html' => $comment->html,

];

$this->postJson($url, $request);

$comment = $page->comments()->first();

return $comment === null ? null : $comment->id;

}

- private function updateComment($commentId) {

+ private function updateComment($commentId)

+ {

$comment = factory(Comment::class)->make();

$url = "/comment/$commentId";

$request = [

'text' => $comment->text,

- 'html' => $comment->html

+ 'html' => $comment->html,

];

return $this->putJson($url, $request);

}

- private function deleteComment($commentId) {

- $url = '/comment/' . $commentId;

- return $this->json('DELETE', $url);

- }

+ private function deleteComment($commentId)

+ {

+ $url = '/comment/' . $commentId;

+ return $this->json('DELETE', $url);

+ }

}