<?php namespace Tests;
-use BookStack\Book;
-use BookStack\Entity;
-use BookStack\User;
-use BookStack\Repos\EntityRepo;
+use BookStack\Entities\Book;
+use BookStack\Entities\Bookshelf;
+use BookStack\Entities\Chapter;
+use BookStack\Entities\Entity;
+use BookStack\Auth\User;
+use BookStack\Entities\Repos\EntityRepo;
+use BookStack\Entities\Page;
class RestrictionsTest extends BrowserKitTest
{
/**
- * @var User
+ * @var \BookStack\Auth\User
*/
protected $user;
parent::setEntityRestrictions($entity, $actions, $roles);
}
+ public function test_bookshelf_view_restriction()
+ {
+ $shelf = Bookshelf::first();
+
+ $this->actingAs($this->user)
+ ->visit($shelf->getUrl())
+ ->seePageIs($shelf->getUrl());
+
+ $this->setEntityRestrictions($shelf, []);
+
+ $this->forceVisit($shelf->getUrl())
+ ->see('Bookshelf not found');
+
+ $this->setEntityRestrictions($shelf, ['view']);
+
+ $this->visit($shelf->getUrl())
+ ->see($shelf->name);
+ }
+
+ public function test_bookshelf_update_restriction()
+ {
+ $shelf = BookShelf::first();
+
+ $this->actingAs($this->user)
+ ->visit($shelf->getUrl('/edit'))
+ ->see('Edit Book');
+
+ $this->setEntityRestrictions($shelf, ['view', 'delete']);
+
+ $this->forceVisit($shelf->getUrl('/edit'))
+ ->see('You do not have permission')->seePageIs('/');
+
+ $this->setEntityRestrictions($shelf, ['view', 'update']);
+
+ $this->visit($shelf->getUrl('/edit'))
+ ->seePageIs($shelf->getUrl('/edit'));
+ }
+
+ public function test_bookshelf_delete_restriction()
+ {
+ $shelf = Book::first();
+
+ $this->actingAs($this->user)
+ ->visit($shelf->getUrl('/delete'))
+ ->see('Delete Book');
+
+ $this->setEntityRestrictions($shelf, ['view', 'update']);
+
+ $this->forceVisit($shelf->getUrl('/delete'))
+ ->see('You do not have permission')->seePageIs('/');
+
+ $this->setEntityRestrictions($shelf, ['view', 'delete']);
+
+ $this->visit($shelf->getUrl('/delete'))
+ ->seePageIs($shelf->getUrl('/delete'))->see('Delete Book');
+ }
+
public function test_book_view_restriction()
{
$book = Book::first();
public function test_chapter_view_restriction()
{
- $chapter = \BookStack\Chapter::first();
+ $chapter = Chapter::first();
$chapterPage = $chapter->pages->first();
$chapterUrl = $chapter->getUrl();
public function test_chapter_create_restriction()
{
- $chapter = \BookStack\Chapter::first();
+ $chapter = Chapter::first();
$chapterUrl = $chapter->getUrl();
$this->actingAs($this->user)
public function test_chapter_update_restriction()
{
- $chapter = \BookStack\Chapter::first();
+ $chapter = Chapter::first();
$chapterPage = $chapter->pages->first();
$chapterUrl = $chapter->getUrl();
public function test_chapter_delete_restriction()
{
- $chapter = \BookStack\Chapter::first();
+ $chapter = Chapter::first();
$chapterPage = $chapter->pages->first();
$chapterUrl = $chapter->getUrl();
public function test_page_view_restriction()
{
- $page = \BookStack\Page::first();
+ $page = \BookStack\Entities\Page::first();
$pageUrl = $page->getUrl();
$this->actingAs($this->user)
public function test_page_update_restriction()
{
- $page = \BookStack\Chapter::first();
+ $page = Chapter::first();
$pageUrl = $page->getUrl();
$this->actingAs($this->user)
public function test_page_delete_restriction()
{
- $page = \BookStack\Page::first();
+ $page = \BookStack\Entities\Page::first();
$pageUrl = $page->getUrl();
$this->actingAs($this->user)
->seePageIs($pageUrl . '/delete')->see('Delete Page');
}
+ public function test_bookshelf_restriction_form()
+ {
+ $shelf = Bookshelf::first();
+ $this->asAdmin()->visit($shelf->getUrl('/permissions'))
+ ->see('Bookshelf Permissions')
+ ->check('restricted')
+ ->check('restrictions[2][view]')
+ ->press('Save Permissions')
+ ->seeInDatabase('bookshelves', ['id' => $shelf->id, 'restricted' => true])
+ ->seeInDatabase('entity_permissions', [
+ 'restrictable_id' => $shelf->id,
+ 'restrictable_type' => Bookshelf::newModelInstance()->getMorphClass(),
+ 'role_id' => '2',
+ 'action' => 'view'
+ ]);
+ }
+
public function test_book_restriction_form()
{
$book = Book::first();
->seeInDatabase('books', ['id' => $book->id, 'restricted' => true])
->seeInDatabase('entity_permissions', [
'restrictable_id' => $book->id,
- 'restrictable_type' => 'BookStack\Book',
+ 'restrictable_type' => Book::newModelInstance()->getMorphClass(),
'role_id' => '2',
'action' => 'view'
]);
public function test_chapter_restriction_form()
{
- $chapter = \BookStack\Chapter::first();
+ $chapter = Chapter::first();
$this->asAdmin()->visit($chapter->getUrl() . '/permissions')
->see('Chapter Permissions')
->check('restricted')
->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true])
->seeInDatabase('entity_permissions', [
'restrictable_id' => $chapter->id,
- 'restrictable_type' => 'BookStack\Chapter',
+ 'restrictable_type' => Chapter::newModelInstance()->getMorphClass(),
'role_id' => '2',
'action' => 'update'
]);
public function test_page_restriction_form()
{
- $page = \BookStack\Page::first();
+ $page = \BookStack\Entities\Page::first();
$this->asAdmin()->visit($page->getUrl() . '/permissions')
->see('Page Permissions')
->check('restricted')
->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true])
->seeInDatabase('entity_permissions', [
'restrictable_id' => $page->id,
- 'restrictable_type' => 'BookStack\Page',
+ 'restrictable_type' => Page::newModelInstance()->getMorphClass(),
'role_id' => '2',
'action' => 'delete'
]);
public function test_restricted_pages_not_visible_in_book_navigation_on_pages()
{
- $chapter = \BookStack\Chapter::first();
+ $chapter = Chapter::first();
$page = $chapter->pages->first();
$page2 = $chapter->pages[2];
public function test_restricted_pages_not_visible_in_book_navigation_on_chapters()
{
- $chapter = \BookStack\Chapter::first();
+ $chapter = Chapter::first();
$page = $chapter->pages->first();
$this->setEntityRestrictions($page, []);
public function test_restricted_pages_not_visible_on_chapter_pages()
{
- $chapter = \BookStack\Chapter::first();
+ $chapter = Chapter::first();
$page = $chapter->pages->first();
$this->setEntityRestrictions($page, []);
->dontSee($page->name);
}
+ public function test_bookshelf_update_restriction_override()
+ {
+ $shelf = Bookshelf::first();
+
+ $this->actingAs($this->viewer)
+ ->visit($shelf->getUrl('/edit'))
+ ->dontSee('Edit Book');
+
+ $this->setEntityRestrictions($shelf, ['view', 'delete']);
+
+ $this->forceVisit($shelf->getUrl('/edit'))
+ ->see('You do not have permission')->seePageIs('/');
+
+ $this->setEntityRestrictions($shelf, ['view', 'update']);
+
+ $this->visit($shelf->getUrl('/edit'))
+ ->seePageIs($shelf->getUrl('/edit'));
+ }
+
+ public function test_bookshelf_delete_restriction_override()
+ {
+ $shelf = Bookshelf::first();
+
+ $this->actingAs($this->viewer)
+ ->visit($shelf->getUrl('/delete'))
+ ->dontSee('Delete Book');
+
+ $this->setEntityRestrictions($shelf, ['view', 'update']);
+
+ $this->forceVisit($shelf->getUrl('/delete'))
+ ->see('You do not have permission')->seePageIs('/');
+
+ $this->setEntityRestrictions($shelf, ['view', 'delete']);
+
+ $this->visit($shelf->getUrl('/delete'))
+ ->seePageIs($shelf->getUrl('/delete'))->see('Delete Book');
+ }
+
public function test_book_create_restriction_override()
{
$book = Book::first();