-<?php
+<?php namespace Tests;
-class RestrictionsTest extends TestCase
+use BookStack\Book;
+use BookStack\Services\PermissionService;
+use BookStack\User;
+
+class RestrictionsTest extends BrowserKitTest
{
+
+ /**
+ * @var User
+ */
protected $user;
+ /**
+ * @var User
+ */
+ protected $viewer;
+
+ /**
+ * @var PermissionService
+ */
+ protected $permissionService;
+
public function setUp()
{
parent::setUp();
- $this->user = $this->getNewUser();
+ $this->user = $this->getEditor();
+ $this->viewer = $this->getViewer();
+ $this->permissionService = $this->app[PermissionService::class];
}
/**
- * Manually set some restrictions on an entity.
+ * Manually set some permissions on an entity.
* @param \BookStack\Entity $entity
* @param $actions
*/
protected function setEntityRestrictions(\BookStack\Entity $entity, $actions)
{
$entity->restricted = true;
- $entity->restrictions()->delete();
+ $entity->permissions()->delete();
+
$role = $this->user->roles->first();
+ $viewerRole = $this->viewer->roles->first();
+
+ $permissions = [];
foreach ($actions as $action) {
- $entity->restrictions()->create([
+ $permissions[] = [
'role_id' => $role->id,
'action' => strtolower($action)
- ]);
+ ];
+ $permissions[] = [
+ 'role_id' => $viewerRole->id,
+ 'action' => strtolower($action)
+ ];
}
+ $entity->permissions()->createMany($permissions);
+
$entity->save();
- $entity->load('restrictions');
+ $entity->load('permissions');
+ $this->permissionService->buildJointPermissionsForEntity($entity);
+ $entity->load('jointPermissions');
}
public function test_book_view_restriction()
{
- $book = \BookStack\Book::first();
+ $book = Book::first();
$bookPage = $book->pages->first();
$bookChapter = $book->chapters->first();
$this->forceVisit($bookUrl)
->see('Book not found');
$this->forceVisit($bookPage->getUrl())
- ->see('Book not found');
+ ->see('Page not found');
$this->forceVisit($bookChapter->getUrl())
- ->see('Book not found');
+ ->see('Chapter not found');
$this->setEntityRestrictions($book, ['view']);
public function test_book_create_restriction()
{
- $book = \BookStack\Book::first();
+ $book = Book::first();
$bookUrl = $book->getUrl();
+ $this->actingAs($this->viewer)
+ ->visit($bookUrl)
+ ->dontSeeInElement('.action-buttons', 'New Page')
+ ->dontSeeInElement('.action-buttons', 'New Chapter');
$this->actingAs($this->user)
->visit($bookUrl)
->seeInElement('.action-buttons', 'New Page')
public function test_book_update_restriction()
{
- $book = \BookStack\Book::first();
+ $book = Book::first();
$bookPage = $book->pages->first();
$bookChapter = $book->chapters->first();
public function test_book_delete_restriction()
{
- $book = \BookStack\Book::first();
+ $book = Book::first();
$bookPage = $book->pages->first();
$bookChapter = $book->chapters->first();
->type('test content', 'html')
->press('Save Page')
->seePageIs($chapter->book->getUrl() . '/page/test-page');
+
$this->visit($chapterUrl)->seeInElement('.action-buttons', 'New Page');
}
public function test_book_restriction_form()
{
- $book = \BookStack\Book::first();
- $this->asAdmin()->visit($book->getUrl() . '/restrict')
- ->see('Book Restrictions')
+ $book = Book::first();
+ $this->asAdmin()->visit($book->getUrl() . '/permissions')
+ ->see('Book Permissions')
->check('restricted')
->check('restrictions[2][view]')
- ->press('Save Restrictions')
+ ->press('Save Permissions')
->seeInDatabase('books', ['id' => $book->id, 'restricted' => true])
- ->seeInDatabase('restrictions', [
+ ->seeInDatabase('entity_permissions', [
'restrictable_id' => $book->id,
'restrictable_type' => 'BookStack\Book',
'role_id' => '2',
public function test_chapter_restriction_form()
{
$chapter = \BookStack\Chapter::first();
- $this->asAdmin()->visit($chapter->getUrl() . '/restrict')
- ->see('Chapter Restrictions')
+ $this->asAdmin()->visit($chapter->getUrl() . '/permissions')
+ ->see('Chapter Permissions')
->check('restricted')
->check('restrictions[2][update]')
- ->press('Save Restrictions')
+ ->press('Save Permissions')
->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true])
- ->seeInDatabase('restrictions', [
+ ->seeInDatabase('entity_permissions', [
'restrictable_id' => $chapter->id,
'restrictable_type' => 'BookStack\Chapter',
'role_id' => '2',
public function test_page_restriction_form()
{
$page = \BookStack\Page::first();
- $this->asAdmin()->visit($page->getUrl() . '/restrict')
- ->see('Page Restrictions')
+ $this->asAdmin()->visit($page->getUrl() . '/permissions')
+ ->see('Page Permissions')
->check('restricted')
->check('restrictions[2][delete]')
- ->press('Save Restrictions')
+ ->press('Save Permissions')
->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true])
- ->seeInDatabase('restrictions', [
+ ->seeInDatabase('entity_permissions', [
'restrictable_id' => $page->id,
'restrictable_type' => 'BookStack\Page',
'role_id' => '2',
->dontSee($page->name);
}
+ public function test_book_create_restriction_override()
+ {
+ $book = Book::first();
+
+ $bookUrl = $book->getUrl();
+ $this->actingAs($this->viewer)
+ ->visit($bookUrl)
+ ->dontSeeInElement('.action-buttons', 'New Page')
+ ->dontSeeInElement('.action-buttons', 'New Chapter');
+
+ $this->setEntityRestrictions($book, ['view', 'delete', 'update']);
+
+ $this->forceVisit($bookUrl . '/chapter/create')
+ ->see('You do not have permission')->seePageIs('/');
+ $this->forceVisit($bookUrl . '/page/create')
+ ->see('You do not have permission')->seePageIs('/');
+ $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
+ ->dontSeeInElement('.action-buttons', 'New Chapter');
+
+ $this->setEntityRestrictions($book, ['view', 'create']);
+
+ $this->visit($bookUrl . '/chapter/create')
+ ->type('test chapter', 'name')
+ ->type('test description for chapter', 'description')
+ ->press('Save Chapter')
+ ->seePageIs($bookUrl . '/chapter/test-chapter');
+ $this->visit($bookUrl . '/page/create')
+ ->type('test page', 'name')
+ ->type('test content', 'html')
+ ->press('Save Page')
+ ->seePageIs($bookUrl . '/page/test-page');
+ $this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')
+ ->seeInElement('.action-buttons', 'New Chapter');
+ }
+
+ public function test_book_update_restriction_override()
+ {
+ $book = Book::first();
+ $bookPage = $book->pages->first();
+ $bookChapter = $book->chapters->first();
+
+ $bookUrl = $book->getUrl();
+ $this->actingAs($this->viewer)
+ ->visit($bookUrl . '/edit')
+ ->dontSee('Edit Book');
+
+ $this->setEntityRestrictions($book, ['view', 'delete']);
+
+ $this->forceVisit($bookUrl . '/edit')
+ ->see('You do not have permission')->seePageIs('/');
+ $this->forceVisit($bookPage->getUrl() . '/edit')
+ ->see('You do not have permission')->seePageIs('/');
+ $this->forceVisit($bookChapter->getUrl() . '/edit')
+ ->see('You do not have permission')->seePageIs('/');
+
+ $this->setEntityRestrictions($book, ['view', 'update']);
+
+ $this->visit($bookUrl . '/edit')
+ ->seePageIs($bookUrl . '/edit');
+ $this->visit($bookPage->getUrl() . '/edit')
+ ->seePageIs($bookPage->getUrl() . '/edit');
+ $this->visit($bookChapter->getUrl() . '/edit')
+ ->see('Edit Chapter');
+ }
+
+ public function test_book_delete_restriction_override()
+ {
+ $book = Book::first();
+ $bookPage = $book->pages->first();
+ $bookChapter = $book->chapters->first();
+
+ $bookUrl = $book->getUrl();
+ $this->actingAs($this->viewer)
+ ->visit($bookUrl . '/delete')
+ ->dontSee('Delete Book');
+
+ $this->setEntityRestrictions($book, ['view', 'update']);
+
+ $this->forceVisit($bookUrl . '/delete')
+ ->see('You do not have permission')->seePageIs('/');
+ $this->forceVisit($bookPage->getUrl() . '/delete')
+ ->see('You do not have permission')->seePageIs('/');
+ $this->forceVisit($bookChapter->getUrl() . '/delete')
+ ->see('You do not have permission')->seePageIs('/');
+
+ $this->setEntityRestrictions($book, ['view', 'delete']);
+
+ $this->visit($bookUrl . '/delete')
+ ->seePageIs($bookUrl . '/delete')->see('Delete Book');
+ $this->visit($bookPage->getUrl() . '/delete')
+ ->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');
+ $this->visit($bookChapter->getUrl() . '/delete')
+ ->see('Delete Chapter');
+ }
+
+ public function test_page_visible_if_has_permissions_when_book_not_visible()
+ {
+ $book = Book::first();
+
+ $this->setEntityRestrictions($book, []);
+
+ $bookChapter = $book->chapters->first();
+ $bookPage = $bookChapter->pages->first();
+ $this->setEntityRestrictions($bookPage, ['view']);
+
+ $this->actingAs($this->viewer);
+ $this->get($bookPage->getUrl());
+ $this->assertResponseOk();
+ $this->see($bookPage->name);
+ $this->dontSee(substr($book->name, 0, 15));
+ $this->dontSee(substr($bookChapter->name, 0, 15));
+ }
+
}
projects / bookstack / blobdiff