]> BookStack Code Mirror - bookstack/blobdiff - tests/Permissions/RolesTest.php
#47 - Fixes the issues with the test case.
[bookstack] / tests / Permissions / RolesTest.php
index 500dd3b6772f5d4d2b62ff93bacea80eb34722fa..0e9f691e0d86aa6d737ab211da977a5abf4cb2f1 100644 (file)
@@ -1,6 +1,9 @@
-<?php
+<?php namespace Tests;
 
-class RolesTest extends TestCase
+use BookStack\Repos\PermissionsRepo;
+use BookStack\Role;
+
+class RolesTest extends BrowserKitTest
 {
     protected $user;
 
@@ -34,11 +37,11 @@ class RolesTest extends TestCase
     /**
      * Create a new basic role for testing purposes.
      * @param array $permissions
-     * @return static
+     * @return Role
      */
     protected function createNewRole($permissions = [])
     {
-        $permissionRepo = app('BookStack\Repos\PermissionsRepo');
+        $permissionRepo = app(PermissionsRepo::class);
         $roleData = factory(\BookStack\Role::class)->make()->toArray();
         $roleData['permissions'] = array_flip($permissions);
         return $permissionRepo->saveNewRole($roleData);
@@ -107,16 +110,16 @@ class RolesTest extends TestCase
 
     public function test_manage_user_permission()
     {
-        $this->actingAs($this->user)->visit('/')->visit('/settings/users')
+        $this->actingAs($this->user)->visit('/settings/users')
             ->seePageIs('/');
         $this->giveUserPermissions($this->user, ['users-manage']);
-        $this->actingAs($this->user)->visit('/')->visit('/settings/users')
+        $this->actingAs($this->user)->visit('/settings/users')
             ->seePageIs('/settings/users');
     }
 
     public function test_user_roles_manage_permission()
     {
-        $this->actingAs($this->user)->visit('/')->visit('/settings/roles')
+        $this->actingAs($this->user)->visit('/settings/roles')
             ->seePageIs('/')->visit('/settings/roles/1')->seePageIs('/');
         $this->giveUserPermissions($this->user, ['user-roles-manage']);
         $this->actingAs($this->user)->visit('/settings/roles')
@@ -126,10 +129,10 @@ class RolesTest extends TestCase
 
     public function test_settings_manage_permission()
     {
-        $this->actingAs($this->user)->visit('/')->visit('/settings')
+        $this->actingAs($this->user)->visit('/settings')
             ->seePageIs('/');
         $this->giveUserPermissions($this->user, ['settings-manage']);
-        $this->actingAs($this->user)->visit('/')->visit('/settings')
+        $this->actingAs($this->user)->visit('/settings')
             ->seePageIs('/settings')->press('Save Settings')->see('Settings Saved');
     }
 
@@ -181,27 +184,26 @@ class RolesTest extends TestCase
      * @param string $permission
      * @param array $accessUrls Urls that are only accessible after having the permission
      * @param array $visibles Check this text, In the buttons toolbar, is only visible with the permission
-     * @param null $callback
      */
     private function checkAccessPermission($permission, $accessUrls = [], $visibles = [])
     {
         foreach ($accessUrls as $url) {
-            $this->actingAs($this->user)->visit('/')->visit($url)
+            $this->actingAs($this->user)->visit($url)
                 ->seePageIs('/');
         }
         foreach ($visibles as $url => $text) {
-            $this->actingAs($this->user)->visit('/')->visit($url)
+            $this->actingAs($this->user)->visit($url)
                 ->dontSeeInElement('.action-buttons',$text);
         }
 
         $this->giveUserPermissions($this->user, [$permission]);
 
         foreach ($accessUrls as $url) {
-            $this->actingAs($this->user)->visit('/')->visit($url)
+            $this->actingAs($this->user)->visit($url)
                 ->seePageIs($url);
         }
         foreach ($visibles as $url => $text) {
-            $this->actingAs($this->user)->visit('/')->visit($url)
+            $this->actingAs($this->user)->visit($url)
                 ->see($text);
         }
     }
@@ -391,8 +393,8 @@ class RolesTest extends TestCase
 
     public function test_page_create_own_permissions()
     {
-        $book = \BookStack\Book::take(1)->get()->first();
-        $chapter = \BookStack\Chapter::take(1)->get()->first();
+        $book = \BookStack\Book::first();
+        $chapter = \BookStack\Chapter::first();
 
         $entities = $this->createEntityChainBelongingToUser($this->user);
         $ownBook = $entities['book'];
@@ -405,7 +407,7 @@ class RolesTest extends TestCase
         $accessUrls = [$createUrl, $createUrlChapter];
 
         foreach ($accessUrls as $url) {
-            $this->actingAs($this->user)->visit('/')->visit($url)
+            $this->actingAs($this->user)->visit($url)
                 ->seePageIs('/');
         }
 
@@ -417,7 +419,7 @@ class RolesTest extends TestCase
         $this->giveUserPermissions($this->user, ['page-create-own']);
 
         foreach ($accessUrls as $index => $url) {
-            $this->actingAs($this->user)->visit('/')->visit($url);
+            $this->actingAs($this->user)->visit($url);
             $expectedUrl = \BookStack\Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl();
             $this->seePageIs($expectedUrl);
         }
@@ -449,7 +451,7 @@ class RolesTest extends TestCase
         $accessUrls = [$createUrl, $createUrlChapter];
 
         foreach ($accessUrls as $url) {
-            $this->actingAs($this->user)->visit('/')->visit($url)
+            $this->actingAs($this->user)->visit($url)
                 ->seePageIs('/');
         }
 
@@ -461,7 +463,7 @@ class RolesTest extends TestCase
         $this->giveUserPermissions($this->user, ['page-create-all']);
 
         foreach ($accessUrls as $index => $url) {
-            $this->actingAs($this->user)->visit('/')->visit($url);
+            $this->actingAs($this->user)->visit($url);
             $expectedUrl = \BookStack\Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl();
             $this->seePageIs($expectedUrl);
         }
@@ -578,4 +580,152 @@ class RolesTest extends TestCase
             ->see('Cannot be deleted');
     }
 
+
+
+    public function test_image_delete_own_permission()
+    {
+        $this->giveUserPermissions($this->user, ['image-update-all']);
+        $page = \BookStack\Page::first();
+        $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(403);
+
+        $this->giveUserPermissions($this->user, ['image-delete-own']);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(200)
+            ->dontSeeInDatabase('images', ['id' => $image->id]);
+    }
+
+    public function test_image_delete_all_permission()
+    {
+        $this->giveUserPermissions($this->user, ['image-update-all']);
+        $admin = $this->getAdmin();
+        $page = \BookStack\Page::first();
+        $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(403);
+
+        $this->giveUserPermissions($this->user, ['image-delete-own']);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(403);
+
+        $this->giveUserPermissions($this->user, ['image-delete-all']);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(200)
+            ->dontSeeInDatabase('images', ['id' => $image->id]);
+    }
+
+    public function test_comment_create_permission () {
+        $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+
+        $this->actingAs($this->user)->addComment($ownPage);
+
+        $this->assertResponseStatus(403);
+
+        $this->giveUserPermissions($this->user, ['comment-create-all']);
+
+        $this->actingAs($this->user)->addComment($ownPage);
+        $this->assertResponseOk(200)->seeJsonContains(['status' => 'success']);
+    }
+
+
+    public function test_comment_update_own_permission () {
+        $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+        $this->giveUserPermissions($this->user, ['comment-create-all']);
+        $comment = $this->actingAs($this->user)->addComment($ownPage);
+
+        // no comment-update-own
+        $this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
+        $this->assertResponseStatus(403);
+
+        $this->giveUserPermissions($this->user, ['comment-update-own']);
+
+        // now has comment-update-own
+        $this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
+        $this->assertResponseOk()->seeJsonContains(['status' => 'success']);
+    }
+
+    public function test_comment_update_all_permission () {
+        $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+        $comment = $this->asAdmin()->addComment($ownPage);
+
+        // no comment-update-all
+        $this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
+        $this->assertResponseStatus(403);
+
+        $this->giveUserPermissions($this->user, ['comment-update-all']);
+
+        // now has comment-update-all
+        $this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
+        $this->assertResponseOk()->seeJsonContains(['status' => 'success']);
+    }
+
+    public function test_comment_delete_own_permission () {
+        $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+        $this->giveUserPermissions($this->user, ['comment-create-all']);
+        $comment = $this->actingAs($this->user)->addComment($ownPage);
+
+        // no comment-delete-own
+        $this->actingAs($this->user)->deleteComment($comment['id']);
+        $this->assertResponseStatus(403);
+
+        $this->giveUserPermissions($this->user, ['comment-delete-own']);
+
+        // now has comment-update-own
+        $this->actingAs($this->user)->deleteComment($comment['id']);
+        $this->assertResponseOk()->seeJsonContains(['status' => 'success']);
+    }
+
+    public function test_comment_delete_all_permission () {
+        $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+        $comment = $this->asAdmin()->addComment($ownPage);
+
+        // no comment-delete-all
+        $this->actingAs($this->user)->deleteComment($comment['id']);
+        $this->assertResponseStatus(403);
+
+        $this->giveUserPermissions($this->user, ['comment-delete-all']);
+
+        // now has comment-delete-all
+        $this->actingAs($this->user)->deleteComment($comment['id']);
+        $this->assertResponseOk()->seeJsonContains(['status' => 'success']);
+    }
+
+    private function addComment($page) {
+        $comment = factory(\BookStack\Comment::class)->make();
+        $url = "/ajax/page/$page->id/comment/";
+        $request = [
+            'text' => $comment->text,
+            'html' => $comment->html
+        ];
+
+        $this->json('POST', $url, $request);
+        $resp = $this->decodeResponseJson();
+        if (isset($resp['comment'])) {
+            return $resp['comment'];
+        }
+        return null;
+    }
+
+    private function updateComment($page, $commentId) {
+        $comment = factory(\BookStack\Comment::class)->make();
+        $url = "/ajax/page/$page->id/comment/$commentId";
+        $request = [
+            'text' => $comment->text,
+            'html' => $comment->html
+        ];
+
+        return $this->json('PUT', $url, $request);
+    }
+
+    private function deleteComment($commentId) {
+         $url = '/ajax/comment/' . $commentId;
+         return $this->json('DELETE', $url);
+    }
+
 }