BookStack Code Mirror - bookstack/blobdiff - tests/Api/AttachmentsApiTest.php

index ceab5d49afa4dd32e32d36c411c0b2bb97bd6418..d7625c93823b9cc00f35b314ce69a788c022d046 100644 (file)

--- a/tests/Api/AttachmentsApiTest.php

+++ b/tests/Api/AttachmentsApiTest.php

@@ -102,6 +102,30 @@ class AttachmentsApiTest extends TestCase

unlink(storage_path($newItem->path));

}

+ public function test_upload_limit_restricts_attachment_uploads()

+ {

+ $this->actingAsApiAdmin();

+ /** @var Page $page */

+ $page = Page::query()->first();

+ config()->set('app.upload_limit', 1);

+ $file = tmpfile();

+ $filePath = stream_get_meta_data($file)['uri'];

+ fwrite($file, str_repeat('a', 1200000));

+ $file = new UploadedFile($filePath, 'test.txt', 'text/plain', null, true);

+ $details = [

+ 'name' => 'My attachment',

+ 'uploaded_to' => $page->id,

+ ];

+ $resp = $this->call('POST', $this->baseEndpoint, $details, [], ['file' => $file]);

+ $resp->assertStatus(422);

+ $resp->assertJson($this->validationResponse([

+ 'file' => ['The file may not be greater than 1000 kilobytes.'],

+ ]));

+ }

public function test_name_needed_to_create()

{

$this->actingAsApiAdmin();

@@ -115,15 +139,7 @@ class AttachmentsApiTest extends TestCase

$resp = $this->postJson($this->baseEndpoint, $details);

$resp->assertStatus(422);

- $resp->assertJson([

- 'error' => [

- 'message' => 'The given data was invalid.',

- 'validation' => [

- 'name' => ['The name field is required.'],

- ],

- 'code' => 422,

- ],

- ]);

+ $resp->assertJson($this->validationResponse(['name' => ['The name field is required.']]));

}

public function test_link_or_file_needed_to_create()

@@ -139,16 +155,27 @@ class AttachmentsApiTest extends TestCase

$resp = $this->postJson($this->baseEndpoint, $details);

$resp->assertStatus(422);

- $resp->assertJson([

- 'error' => [

- 'message' => 'The given data was invalid.',

- 'validation' => [

- 'file' => ['The file field is required when link is not present.'],

- 'link' => ['The link field is required when file is not present.'],

- ],

- 'code' => 422,

- ],

- ]);

+ $resp->assertJson($this->validationResponse([

+ 'file' => ['The file field is required when link is not present.'],

+ 'link' => ['The link field is required when file is not present.'],

+ ]));

+ }

+ public function test_message_shown_if_file_is_not_a_valid_file()

+ {

+ $this->actingAsApiAdmin();

+ /** @var Page $page */

+ $page = Page::query()->first();

+ $details = [

+ 'name' => 'my attachment',

+ 'uploaded_to' => $page->id,

+ 'file' => 'cat',

+ ];

+ $resp = $this->postJson($this->baseEndpoint, $details);

+ $resp->assertStatus(422);

+ $resp->assertJson($this->validationResponse(['file' => ['The file must be provided as a valid file.']]));

}

public function test_read_endpoint_for_link_attachment()

@@ -224,6 +251,29 @@ class AttachmentsApiTest extends TestCase

unlink(storage_path($attachment->path));

}

+ public function test_attachment_not_visible_on_other_users_draft()

+ {

+ $this->actingAsApiAdmin();

+ $editor = $this->getEditor();

+ /** @var Page $page */

+ $page = Page::query()->first();

+ $page->draft = true;

+ $page->owned_by = $editor;

+ $page->save();

+ $this->regenEntityPermissions($page);

+ $attachment = $this->createAttachmentForPage($page, [

+ 'name' => 'my attachment',

+ 'path' => 'https://example.com',

+ 'order' => 1,

+ ]);

+ $resp = $this->getJson("{$this->baseEndpoint}/{$attachment->id}");

+ $resp->assertStatus(404);

+ }

public function test_update_endpoint()

{

$this->actingAsApiAdmin();