X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/05666efda9a51f245d23fc33e65cd598180e97da..refs/pull/358/head:/tests/Permissions/RolesTest.php diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php index b64f40dc6..24b8ae0f5 100644 --- a/tests/Permissions/RolesTest.php +++ b/tests/Permissions/RolesTest.php @@ -1,6 +1,6 @@ -asAdmin()->visit('/settings') ->click('Roles') ->seePageIs('/settings/roles') - ->click('Add new role') + ->click('Create New Role') ->type('Test Role', 'display_name') ->type('A little test description', 'description') ->press('Save Role') @@ -211,7 +211,7 @@ class RolesTest extends TestCase $this->checkAccessPermission('book-create-all', [ '/books/create' ], [ - '/books' => 'Add new book' + '/books' => 'Create New Book' ]); $this->visit('/books/create') @@ -544,27 +544,78 @@ class RolesTest extends TestCase ->dontSeeInElement('.book-content', $otherPage->name); } - public function test_public_role_not_visible_in_user_edit_screen() + public function test_public_role_visible_in_user_edit_screen() { $user = \BookStack\User::first(); $this->asAdmin()->visit('/settings/users/' . $user->id) ->seeElement('#roles-admin') - ->dontSeeElement('#roles-public'); + ->seeElement('#roles-public'); } - public function test_public_role_not_visible_in_role_listing() + public function test_public_role_visible_in_role_listing() { $this->asAdmin()->visit('/settings/roles') ->see('Admin') - ->dontSee('Public'); + ->see('Public'); } - public function test_public_role_not_visible_in_default_role_setting() + public function test_public_role_visible_in_default_role_setting() { $this->asAdmin()->visit('/settings') ->seeElement('[data-role-name="admin"]') - ->dontSeeElement('[data-role-name="public"]'); + ->seeElement('[data-role-name="public"]'); } + public function test_public_role_not_deleteable() + { + $this->asAdmin()->visit('/settings/roles') + ->click('Public') + ->see('Edit Role') + ->click('Delete Role') + ->press('Confirm') + ->see('Delete Role') + ->see('Cannot be deleted'); + } + + + + public function test_image_delete_own_permission() + { + $this->giveUserPermissions($this->user, ['image-update-all']); + $page = \BookStack\Page::first(); + $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(403); + + $this->giveUserPermissions($this->user, ['image-delete-own']); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(200) + ->dontSeeInDatabase('images', ['id' => $image->id]); + } + + public function test_image_delete_all_permission() + { + $this->giveUserPermissions($this->user, ['image-update-all']); + $admin = $this->getAdmin(); + $page = \BookStack\Page::first(); + $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(403); + + $this->giveUserPermissions($this->user, ['image-delete-own']); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(403); + + $this->giveUserPermissions($this->user, ['image-delete-all']); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(200) + ->dontSeeInDatabase('images', ['id' => $image->id]); + } + }