X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/0155525945bb030ae2265279dca8014c8cdcb2af..refs/pull/3365/head:/tests/Api/BooksApiTest.php

diff --git a/tests/Api/BooksApiTest.php b/tests/Api/BooksApiTest.php
index 279c7ad9a..91e2db9e5 100644
--- a/tests/Api/BooksApiTest.php
+++ b/tests/Api/BooksApiTest.php
@@ -155,4 +155,17 @@ class BooksApiTest extends TestCase
         $resp->assertSee('# ' . $book->pages()->first()->name);
         $resp->assertSee('# ' . $book->chapters()->first()->name);
     }
+
+    public function test_cant_export_when_not_have_permission()
+    {
+        $types = ['html', 'plaintext', 'pdf', 'markdown'];
+        $this->actingAsApiEditor();
+        $this->removePermissionFromUser($this->getEditor(), 'content-export');
+
+        $book = Book::visible()->first();
+        foreach ($types as $type) {
+            $resp = $this->get($this->baseEndpoint . "/{$book->id}/export/{$type}");
+            $this->assertPermissionError($resp);
+        }
+    }
 }