X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/0b364fd72f994e6dff572a1606f3aa26e7690aa1..refs/pull/691/head:/tests/Permissions/RestrictionsTest.php diff --git a/tests/Permissions/RestrictionsTest.php b/tests/Permissions/RestrictionsTest.php index d3830cff7..8f37b2517 100644 --- a/tests/Permissions/RestrictionsTest.php +++ b/tests/Permissions/RestrictionsTest.php @@ -1,25 +1,34 @@ -user = $this->getEditor(); $this->viewer = $this->getViewer(); - $this->restrictionService = $this->app[\BookStack\Services\PermissionService::class]; - } - - protected function getViewer() - { - $role = \BookStack\Role::getRole('viewer'); - $viewer = $this->getNewBlankUser(); - $viewer->attachRole($role);; - return $viewer; + $this->permissionService = $this->app[PermissionService::class]; } /** @@ -31,27 +40,32 @@ class RestrictionsTest extends TestCase { $entity->restricted = true; $entity->permissions()->delete(); + $role = $this->user->roles->first(); $viewerRole = $this->viewer->roles->first(); + + $permissions = []; foreach ($actions as $action) { - $entity->permissions()->create([ + $permissions[] = [ 'role_id' => $role->id, 'action' => strtolower($action) - ]); - $entity->permissions()->create([ + ]; + $permissions[] = [ 'role_id' => $viewerRole->id, 'action' => strtolower($action) - ]); + ]; } + $entity->permissions()->createMany($permissions); + $entity->save(); $entity->load('permissions'); - $this->restrictionService->buildJointPermissionsForEntity($entity); + $this->permissionService->buildJointPermissionsForEntity($entity); $entity->load('jointPermissions'); } public function test_book_view_restriction() { - $book = \BookStack\Book::first(); + $book = Book::first(); $bookPage = $book->pages->first(); $bookChapter = $book->chapters->first(); @@ -65,9 +79,9 @@ class RestrictionsTest extends TestCase $this->forceVisit($bookUrl) ->see('Book not found'); $this->forceVisit($bookPage->getUrl()) - ->see('Book not found'); + ->see('Page not found'); $this->forceVisit($bookChapter->getUrl()) - ->see('Book not found'); + ->see('Chapter not found'); $this->setEntityRestrictions($book, ['view']); @@ -81,7 +95,7 @@ class RestrictionsTest extends TestCase public function test_book_create_restriction() { - $book = \BookStack\Book::first(); + $book = Book::first(); $bookUrl = $book->getUrl(); $this->actingAs($this->viewer) @@ -120,7 +134,7 @@ class RestrictionsTest extends TestCase public function test_book_update_restriction() { - $book = \BookStack\Book::first(); + $book = Book::first(); $bookPage = $book->pages->first(); $bookChapter = $book->chapters->first(); @@ -150,7 +164,7 @@ class RestrictionsTest extends TestCase public function test_book_delete_restriction() { - $book = \BookStack\Book::first(); + $book = Book::first(); $bookPage = $book->pages->first(); $bookChapter = $book->chapters->first(); @@ -226,6 +240,7 @@ class RestrictionsTest extends TestCase ->type('test content', 'html') ->press('Save Page') ->seePageIs($chapter->book->getUrl() . '/page/test-page'); + $this->visit($chapterUrl)->seeInElement('.action-buttons', 'New Page'); } @@ -341,7 +356,7 @@ class RestrictionsTest extends TestCase public function test_book_restriction_form() { - $book = \BookStack\Book::first(); + $book = Book::first(); $this->asAdmin()->visit($book->getUrl() . '/permissions') ->see('Book Permissions') ->check('restricted') @@ -429,7 +444,7 @@ class RestrictionsTest extends TestCase public function test_book_create_restriction_override() { - $book = \BookStack\Book::first(); + $book = Book::first(); $bookUrl = $book->getUrl(); $this->actingAs($this->viewer) @@ -464,7 +479,7 @@ class RestrictionsTest extends TestCase public function test_book_update_restriction_override() { - $book = \BookStack\Book::first(); + $book = Book::first(); $bookPage = $book->pages->first(); $bookChapter = $book->chapters->first(); @@ -494,7 +509,7 @@ class RestrictionsTest extends TestCase public function test_book_delete_restriction_override() { - $book = \BookStack\Book::first(); + $book = Book::first(); $bookPage = $book->pages->first(); $bookChapter = $book->chapters->first(); @@ -522,4 +537,88 @@ class RestrictionsTest extends TestCase ->see('Delete Chapter'); } + public function test_page_visible_if_has_permissions_when_book_not_visible() + { + $book = Book::first(); + + $this->setEntityRestrictions($book, []); + + $bookChapter = $book->chapters->first(); + $bookPage = $bookChapter->pages->first(); + $this->setEntityRestrictions($bookPage, ['view']); + + $this->actingAs($this->viewer); + $this->get($bookPage->getUrl()); + $this->assertResponseOk(); + $this->see($bookPage->name); + $this->dontSee(substr($book->name, 0, 15)); + $this->dontSee(substr($bookChapter->name, 0, 15)); + } + + public function test_book_sort_view_permission() + { + $firstBook = Book::first(); + $secondBook = Book::find(2); + $thirdBook = Book::find(3); + + $this->setEntityRestrictions($firstBook, ['view', 'update']); + $this->setEntityRestrictions($secondBook, ['view']); + $this->setEntityRestrictions($thirdBook, ['view', 'update']); + + // Test sort page visibility + $this->actingAs($this->user)->visit($secondBook->getUrl() . '/sort') + ->see('You do not have permission') + ->seePageIs('/'); + + // Check sort page on first book + $this->actingAs($this->user)->visit($firstBook->getUrl() . '/sort') + ->see($thirdBook->name) + ->dontSee($secondBook->name); + } + + public function test_book_sort_permission() { + $firstBook = Book::first(); + $secondBook = Book::find(2); + + $this->setEntityRestrictions($firstBook, ['view', 'update']); + $this->setEntityRestrictions($secondBook, ['view']); + + $firstBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter', + ['name' => 'first book chapter'], $firstBook); + $secondBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter', + ['name' => 'second book chapter'], $secondBook); + + // Create request data + $reqData = [ + [ + 'id' => $firstBookChapter->id, + 'sort' => 0, + 'parentChapter' => false, + 'type' => 'chapter', + 'book' => $secondBook->id + ] + ]; + + // Move chapter from first book to a second book + $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)]) + ->followRedirects() + ->see('You do not have permission') + ->seePageIs('/'); + + $reqData = [ + [ + 'id' => $secondBookChapter->id, + 'sort' => 0, + 'parentChapter' => false, + 'type' => 'chapter', + 'book' => $firstBook->id + ] + ]; + + // Move chapter from second book to first book + $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)]) + ->followRedirects() + ->see('You do not have permission') + ->seePageIs('/'); + } }