BookStack Code Mirror - bookstack/blobdiff - tests/Permissions/RolesTest.php

index eda5d092ab0c6a180454d047a3b7b92851852488..f076e6734c98bc07fec49edf342aa9cbe5a131f9 100644 (file)

--- a/tests/Permissions/RolesTest.php

+++ b/tests/Permissions/RolesTest.php

@@ -16,14 +16,6 @@ class RolesTest extends BrowserKitTest

$this->user = $this->getViewer();

}

- protected function getViewer()

- {

- $role = \BookStack\Role::getRole('viewer');

- $viewer = $this->getNewBlankUser();

- $viewer->attachRole($role);;

- return $viewer;

- }

/**

* Give the given user some permissions.

* @param \BookStack\User $user

@@ -214,12 +206,12 @@ class RolesTest extends BrowserKitTest

public function test_books_create_all_permissions()

{

$this->checkAccessPermission('book-create-all', [

- '/books/create'

+ '/create-book'

], [

'/books' => 'Create New Book'

]);

- $this->visit('/books/create')

+ $this->visit('/create-book')

->type('test book', 'name')

->type('book desc', 'description')

->press('Save Book')

@@ -293,40 +285,38 @@ class RolesTest extends BrowserKitTest

{

$book = \BookStack\Book::take(1)->get()->first();

$ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];

- $baseUrl = $ownBook->getUrl() . '/chapter';

$this->checkAccessPermission('chapter-create-own', [

- $baseUrl . '/create'

+ $ownBook->getUrl('/create-chapter')

], [

$ownBook->getUrl() => 'New Chapter'

]);

- $this->visit($baseUrl . '/create')

+ $this->visit($ownBook->getUrl('/create-chapter'))

->type('test chapter', 'name')

->type('chapter desc', 'description')

->press('Save Chapter')

- ->seePageIs($baseUrl . '/test-chapter');

+ ->seePageIs($ownBook->getUrl('/chapter/test-chapter'));

$this->visit($book->getUrl())

->dontSeeInElement('.action-buttons', 'New Chapter')

- ->visit($book->getUrl() . '/chapter/create')

+ ->visit($book->getUrl('/create-chapter'))

->seePageIs('/');

}

public function test_chapter_create_all_permissions()

{

$book = \BookStack\Book::take(1)->get()->first();

- $baseUrl = $book->getUrl() . '/chapter';

$this->checkAccessPermission('chapter-create-all', [

- $baseUrl . '/create'

+ $book->getUrl('/create-chapter')

], [

$book->getUrl() => 'New Chapter'

]);

- $this->visit($baseUrl . '/create')

+ $this->visit($book->getUrl('/create-chapter'))

->type('test chapter', 'name')

->type('chapter desc', 'description')

->press('Save Chapter')

- ->seePageIs($baseUrl . '/test-chapter');

+ ->seePageIs($book->getUrl('/chapter/test-chapter'));

}

public function test_chapter_edit_own_permission()

@@ -403,10 +393,8 @@ class RolesTest extends BrowserKitTest

$ownBook = $entities['book'];

$ownChapter = $entities['chapter'];

- $baseUrl = $ownBook->getUrl() . '/page';

- $createUrl = $baseUrl . '/create';

- $createUrlChapter = $ownChapter->getUrl() . '/create-page';

+ $createUrl = $ownBook->getUrl('/create-page');

+ $createUrlChapter = $ownChapter->getUrl('/create-page');

$accessUrls = [$createUrl, $createUrlChapter];

foreach ($accessUrls as $url) {

@@ -427,15 +415,15 @@ class RolesTest extends BrowserKitTest

$this->seePageIs($expectedUrl);

}

- $this->visit($baseUrl . '/create')

+ $this->visit($createUrl)

->type('test page', 'name')

->type('page desc', 'html')

->press('Save Page')

- ->seePageIs($baseUrl . '/test-page');

+ ->seePageIs($ownBook->getUrl('/page/test-page'));

$this->visit($book->getUrl())

->dontSeeInElement('.action-buttons', 'New Page')

- ->visit($book->getUrl() . '/page/create')

+ ->visit($book->getUrl() . '/create-page')

->seePageIs('/');

$this->visit($chapter->getUrl())

->dontSeeInElement('.action-buttons', 'New Page')

@@ -448,9 +436,9 @@ class RolesTest extends BrowserKitTest

$book = \BookStack\Book::take(1)->get()->first();

$chapter = \BookStack\Chapter::take(1)->get()->first();

$baseUrl = $book->getUrl() . '/page';

- $createUrl = $baseUrl . '/create';

+ $createUrl = $book->getUrl('/create-page');

- $createUrlChapter = $chapter->getUrl() . '/create-page';

+ $createUrlChapter = $chapter->getUrl('/create-page');

$accessUrls = [$createUrl, $createUrlChapter];

foreach ($accessUrls as $url) {

@@ -471,17 +459,17 @@ class RolesTest extends BrowserKitTest

$this->seePageIs($expectedUrl);

}

- $this->visit($baseUrl . '/create')

+ $this->visit($createUrl)

->type('test page', 'name')

->type('page desc', 'html')

->press('Save Page')

- ->seePageIs($baseUrl . '/test-page');

+ ->seePageIs($book->getUrl('/page/test-page'));

- $this->visit($chapter->getUrl() . '/create-page')

+ $this->visit($chapter->getUrl('/create-page'))

->type('new test page', 'name')

->type('page desc', 'html')

->press('Save Page')

- ->seePageIs($baseUrl . '/new-test-page');

+ ->seePageIs($book->getUrl('/page/new-test-page'));

}

public function test_page_edit_own_permission()

@@ -627,7 +615,7 @@ class RolesTest extends BrowserKitTest

$page = Page::first();

$viewerRole = \BookStack\Role::getRole('viewer');

$viewer = $this->getViewer();

- $this->actingAs($viewer)->visit($page->getUrl())->assertResponseOk();

+ $this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(200);

$this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [

'display_name' => $viewerRole->display_name,

@@ -657,4 +645,109 @@ class RolesTest extends BrowserKitTest

->dontSee('Sort the current book');

}

+ public function test_comment_create_permission () {

+ $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

+ $this->actingAs($this->user)->addComment($ownPage);

+ $this->assertResponseStatus(403);

+ $this->giveUserPermissions($this->user, ['comment-create-all']);

+ $this->actingAs($this->user)->addComment($ownPage);

+ $this->assertResponseStatus(200);

+ }

+ public function test_comment_update_own_permission () {

+ $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

+ $this->giveUserPermissions($this->user, ['comment-create-all']);

+ $commentId = $this->actingAs($this->user)->addComment($ownPage);

+ // no comment-update-own

+ $this->actingAs($this->user)->updateComment($commentId);

+ $this->assertResponseStatus(403);

+ $this->giveUserPermissions($this->user, ['comment-update-own']);

+ // now has comment-update-own

+ $this->actingAs($this->user)->updateComment($commentId);

+ $this->assertResponseStatus(200);

+ }

+ public function test_comment_update_all_permission () {

+ $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

+ $commentId = $this->asAdmin()->addComment($ownPage);

+ // no comment-update-all

+ $this->actingAs($this->user)->updateComment($commentId);

+ $this->assertResponseStatus(403);

+ $this->giveUserPermissions($this->user, ['comment-update-all']);

+ // now has comment-update-all

+ $this->actingAs($this->user)->updateComment($commentId);

+ $this->assertResponseStatus(200);

+ }

+ public function test_comment_delete_own_permission () {

+ $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

+ $this->giveUserPermissions($this->user, ['comment-create-all']);

+ $commentId = $this->actingAs($this->user)->addComment($ownPage);

+ // no comment-delete-own

+ $this->actingAs($this->user)->deleteComment($commentId);

+ $this->assertResponseStatus(403);

+ $this->giveUserPermissions($this->user, ['comment-delete-own']);

+ // now has comment-update-own

+ $this->actingAs($this->user)->deleteComment($commentId);

+ $this->assertResponseStatus(200);

+ }

+ public function test_comment_delete_all_permission () {

+ $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];

+ $commentId = $this->asAdmin()->addComment($ownPage);

+ // no comment-delete-all

+ $this->actingAs($this->user)->deleteComment($commentId);

+ $this->assertResponseStatus(403);

+ $this->giveUserPermissions($this->user, ['comment-delete-all']);

+ // now has comment-delete-all

+ $this->actingAs($this->user)->deleteComment($commentId);

+ $this->assertResponseStatus(200);

+ }

+ private function addComment($page) {

+ $comment = factory(\BookStack\Comment::class)->make();

+ $url = "/ajax/page/$page->id/comment";

+ $request = [

+ 'text' => $comment->text,

+ 'html' => $comment->html

+ ];

+ $this->postJson($url, $request);

+ $comment = $page->comments()->first();

+ return $comment === null ? null : $comment->id;

+ }

+ private function updateComment($commentId) {

+ $comment = factory(\BookStack\Comment::class)->make();

+ $url = "/ajax/comment/$commentId";

+ $request = [

+ 'text' => $comment->text,

+ 'html' => $comment->html

+ ];

+ return $this->putJson($url, $request);

+ }

+ private function deleteComment($commentId) {

+ $url = '/ajax/comment/' . $commentId;

+ return $this->json('DELETE', $url);

+ }

}