]> BookStack Code Mirror - bookstack/blobdiff - tests/Permissions/RestrictionsTest.php
Polish translation
[bookstack] / tests / Permissions / RestrictionsTest.php
index 40b5a7647bd881367c7b86682520d1cac6473b04..faceab92c7322dd7c00f662e70673a2ceb8eae9a 100644 (file)
@@ -1,33 +1,52 @@
-<?php
+<?php namespace Tests;
 
-class RestrictionsTest extends TestCase
+class RestrictionsTest extends BrowserKitTest
 {
     protected $user;
+    protected $viewer;
+    protected $restrictionService;
 
     public function setUp()
     {
         parent::setUp();
-        $this->user = $this->getNewUser();
+        $this->user = $this->getEditor();
+        $this->viewer = $this->getViewer();
+        $this->restrictionService = $this->app[\BookStack\Services\PermissionService::class];
+    }
+
+    protected function getViewer()
+    {
+        $role = \BookStack\Role::getRole('viewer');
+        $viewer = $this->getNewBlankUser();
+        $viewer->attachRole($role);;
+        return $viewer;
     }
 
     /**
-     * Manually set some restrictions on an entity.
+     * Manually set some permissions on an entity.
      * @param \BookStack\Entity $entity
      * @param $actions
      */
     protected function setEntityRestrictions(\BookStack\Entity $entity, $actions)
     {
         $entity->restricted = true;
-        $entity->restrictions()->delete();
+        $entity->permissions()->delete();
         $role = $this->user->roles->first();
+        $viewerRole = $this->viewer->roles->first();
         foreach ($actions as $action) {
-            $entity->restrictions()->create([
+            $entity->permissions()->create([
                 'role_id' => $role->id,
                 'action' => strtolower($action)
             ]);
+            $entity->permissions()->create([
+                'role_id' => $viewerRole->id,
+                'action' => strtolower($action)
+            ]);
         }
         $entity->save();
-        $entity->load('restrictions');
+        $entity->load('permissions');
+        $this->restrictionService->buildJointPermissionsForEntity($entity);
+        $entity->load('jointPermissions');
     }
 
     public function test_book_view_restriction()
@@ -46,9 +65,9 @@ class RestrictionsTest extends TestCase
         $this->forceVisit($bookUrl)
             ->see('Book not found');
         $this->forceVisit($bookPage->getUrl())
-            ->see('Book not found');
+            ->see('Page not found');
         $this->forceVisit($bookChapter->getUrl())
-            ->see('Book not found');
+            ->see('Chapter not found');
 
         $this->setEntityRestrictions($book, ['view']);
 
@@ -65,6 +84,10 @@ class RestrictionsTest extends TestCase
         $book = \BookStack\Book::first();
 
         $bookUrl = $book->getUrl();
+        $this->actingAs($this->viewer)
+            ->visit($bookUrl)
+            ->dontSeeInElement('.action-buttons', 'New Page')
+            ->dontSeeInElement('.action-buttons', 'New Chapter');
         $this->actingAs($this->user)
             ->visit($bookUrl)
             ->seeInElement('.action-buttons', 'New Page')
@@ -203,6 +226,7 @@ class RestrictionsTest extends TestCase
             ->type('test content', 'html')
             ->press('Save Page')
             ->seePageIs($chapter->book->getUrl() . '/page/test-page');
+
         $this->visit($chapterUrl)->seeInElement('.action-buttons', 'New Page');
     }
 
@@ -319,13 +343,13 @@ class RestrictionsTest extends TestCase
     public function test_book_restriction_form()
     {
         $book = \BookStack\Book::first();
-        $this->asAdmin()->visit($book->getUrl() . '/restrict')
-            ->see('Book Restrictions')
+        $this->asAdmin()->visit($book->getUrl() . '/permissions')
+            ->see('Book Permissions')
             ->check('restricted')
             ->check('restrictions[2][view]')
-            ->press('Save Restrictions')
+            ->press('Save Permissions')
             ->seeInDatabase('books', ['id' => $book->id, 'restricted' => true])
-            ->seeInDatabase('restrictions', [
+            ->seeInDatabase('entity_permissions', [
                 'restrictable_id' => $book->id,
                 'restrictable_type' => 'BookStack\Book',
                 'role_id' => '2',
@@ -336,13 +360,13 @@ class RestrictionsTest extends TestCase
     public function test_chapter_restriction_form()
     {
         $chapter = \BookStack\Chapter::first();
-        $this->asAdmin()->visit($chapter->getUrl() . '/restrict')
-            ->see('Chapter Restrictions')
+        $this->asAdmin()->visit($chapter->getUrl() . '/permissions')
+            ->see('Chapter Permissions')
             ->check('restricted')
             ->check('restrictions[2][update]')
-            ->press('Save Restrictions')
+            ->press('Save Permissions')
             ->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true])
-            ->seeInDatabase('restrictions', [
+            ->seeInDatabase('entity_permissions', [
                 'restrictable_id' => $chapter->id,
                 'restrictable_type' => 'BookStack\Chapter',
                 'role_id' => '2',
@@ -353,13 +377,13 @@ class RestrictionsTest extends TestCase
     public function test_page_restriction_form()
     {
         $page = \BookStack\Page::first();
-        $this->asAdmin()->visit($page->getUrl() . '/restrict')
-            ->see('Page Restrictions')
+        $this->asAdmin()->visit($page->getUrl() . '/permissions')
+            ->see('Page Permissions')
             ->check('restricted')
             ->check('restrictions[2][delete]')
-            ->press('Save Restrictions')
+            ->press('Save Permissions')
             ->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true])
-            ->seeInDatabase('restrictions', [
+            ->seeInDatabase('entity_permissions', [
                 'restrictable_id' => $page->id,
                 'restrictable_type' => 'BookStack\Page',
                 'role_id' => '2',
@@ -404,4 +428,116 @@ class RestrictionsTest extends TestCase
             ->dontSee($page->name);
     }
 
+    public function test_book_create_restriction_override()
+    {
+        $book = \BookStack\Book::first();
+
+        $bookUrl = $book->getUrl();
+        $this->actingAs($this->viewer)
+            ->visit($bookUrl)
+            ->dontSeeInElement('.action-buttons', 'New Page')
+            ->dontSeeInElement('.action-buttons', 'New Chapter');
+
+        $this->setEntityRestrictions($book, ['view', 'delete', 'update']);
+
+        $this->forceVisit($bookUrl . '/chapter/create')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookUrl . '/page/create')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
+            ->dontSeeInElement('.action-buttons', 'New Chapter');
+
+        $this->setEntityRestrictions($book, ['view', 'create']);
+
+        $this->visit($bookUrl . '/chapter/create')
+            ->type('test chapter', 'name')
+            ->type('test description for chapter', 'description')
+            ->press('Save Chapter')
+            ->seePageIs($bookUrl . '/chapter/test-chapter');
+        $this->visit($bookUrl . '/page/create')
+            ->type('test page', 'name')
+            ->type('test content', 'html')
+            ->press('Save Page')
+            ->seePageIs($bookUrl . '/page/test-page');
+        $this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')
+            ->seeInElement('.action-buttons', 'New Chapter');
+    }
+
+    public function test_book_update_restriction_override()
+    {
+        $book = \BookStack\Book::first();
+        $bookPage = $book->pages->first();
+        $bookChapter = $book->chapters->first();
+
+        $bookUrl = $book->getUrl();
+        $this->actingAs($this->viewer)
+            ->visit($bookUrl . '/edit')
+            ->dontSee('Edit Book');
+
+        $this->setEntityRestrictions($book, ['view', 'delete']);
+
+        $this->forceVisit($bookUrl . '/edit')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookPage->getUrl() . '/edit')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookChapter->getUrl() . '/edit')
+            ->see('You do not have permission')->seePageIs('/');
+
+        $this->setEntityRestrictions($book, ['view', 'update']);
+
+        $this->visit($bookUrl . '/edit')
+            ->seePageIs($bookUrl . '/edit');
+        $this->visit($bookPage->getUrl() . '/edit')
+            ->seePageIs($bookPage->getUrl() . '/edit');
+        $this->visit($bookChapter->getUrl() . '/edit')
+            ->see('Edit Chapter');
+    }
+
+    public function test_book_delete_restriction_override()
+    {
+        $book = \BookStack\Book::first();
+        $bookPage = $book->pages->first();
+        $bookChapter = $book->chapters->first();
+
+        $bookUrl = $book->getUrl();
+        $this->actingAs($this->viewer)
+            ->visit($bookUrl . '/delete')
+            ->dontSee('Delete Book');
+
+        $this->setEntityRestrictions($book, ['view', 'update']);
+
+        $this->forceVisit($bookUrl . '/delete')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookPage->getUrl() . '/delete')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookChapter->getUrl() . '/delete')
+            ->see('You do not have permission')->seePageIs('/');
+
+        $this->setEntityRestrictions($book, ['view', 'delete']);
+
+        $this->visit($bookUrl . '/delete')
+            ->seePageIs($bookUrl . '/delete')->see('Delete Book');
+        $this->visit($bookPage->getUrl() . '/delete')
+            ->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');
+        $this->visit($bookChapter->getUrl() . '/delete')
+            ->see('Delete Chapter');
+    }
+
+    public function test_page_visible_if_has_permissions_when_book_not_visible()
+    {
+        $book = \BookStack\Book::first();
+        $bookChapter = $book->chapters->first();
+        $bookPage = $bookChapter->pages->first();
+
+        $this->setEntityRestrictions($book, []);
+        $this->setEntityRestrictions($bookPage, ['view']);
+
+        $this->actingAs($this->viewer);
+        $this->get($bookPage->getUrl());
+        $this->assertResponseOk();
+        $this->see($bookPage->name);
+        $this->dontSee(substr($book->name, 0, 15));
+        $this->dontSee(substr($bookChapter->name, 0, 15));
+    }
+
 }