X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/2f6ff0734773c4ac009de699a2661971fd585b22..refs/pull/2902/head:/tests/Permissions/RolesTest.php diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php index 99080d354..b9b1805b6 100644 --- a/tests/Permissions/RolesTest.php +++ b/tests/Permissions/RolesTest.php @@ -1,11 +1,16 @@ -id; $this->asAdmin()->visit($deletePageUrl) ->press('Confirm') @@ -59,15 +64,16 @@ class RolesTest extends BrowserKitTest ->type('Test Role', 'display_name') ->type('A little test description', 'description') ->press('Save Role') - ->seeInDatabase('roles', ['display_name' => $testRoleName, 'name' => 'test-role', 'description' => $testRoleDesc]) + ->seeInDatabase('roles', ['display_name' => $testRoleName, 'description' => $testRoleDesc, 'mfa_enforced' => false]) ->seePageIs('/settings/roles'); // Updating $this->asAdmin()->visit('/settings/roles') ->see($testRoleDesc) ->click($testRoleName) ->type($testRoleUpdateName, '#display_name') + ->check('#mfa_enforced') ->press('Save Role') - ->seeInDatabase('roles', ['display_name' => $testRoleUpdateName, 'name' => 'test-role', 'description' => $testRoleDesc]) + ->seeInDatabase('roles', ['display_name' => $testRoleUpdateName, 'description' => $testRoleDesc, 'mfa_enforced' => true]) ->seePageIs('/settings/roles'); // Deleting $this->asAdmin()->visit('/settings/roles') @@ -90,17 +96,36 @@ class RolesTest extends BrowserKitTest $editUrl = '/settings/users/' . $adminUser->id; $this->actingAs($adminUser)->put($editUrl, [ - 'name' => $adminUser->name, + 'name' => $adminUser->name, 'email' => $adminUser->email, 'roles' => [ 'viewer' => strval($viewerRole->id), - ] + ], ])->followRedirects(); $this->seePageIs($editUrl); $this->see('This user is the only user assigned to the administrator role'); } + public function test_migrate_users_on_delete_works() + { + $roleA = Role::query()->create(['display_name' => 'Delete Test A']); + $roleB = Role::query()->create(['display_name' => 'Delete Test B']); + $this->user->attachRole($roleB); + + $this->assertCount(0, $roleA->users()->get()); + $this->assertCount(1, $roleB->users()->get()); + + $deletePage = $this->asAdmin()->get("/settings/roles/delete/{$roleB->id}"); + $deletePage->seeElement('select[name=migrate_role_id]'); + $this->asAdmin()->delete("/settings/roles/delete/{$roleB->id}", [ + 'migrate_role_id' => $roleA->id, + ]); + + $this->assertCount(1, $roleA->users()->get()); + $this->assertEquals($this->user->id, $roleA->users()->first()->id); + } + public function test_manage_user_permission() { $this->actingAs($this->user)->visit('/settings/users') @@ -112,7 +137,7 @@ class RolesTest extends BrowserKitTest public function test_manage_users_permission_shows_link_in_header_if_does_not_have_settings_manage_permision() { - $usersLink = 'href="'.url('/settings/users') . '"'; + $usersLink = 'href="' . url('/http/source.bookstackapp.com/settings/users') . '"'; $this->actingAs($this->user)->visit('/')->dontSee($usersLink); $this->giveUserPermissions($this->user, ['users-manage']); $this->actingAs($this->user)->visit('/')->see($usersLink); @@ -130,13 +155,13 @@ class RolesTest extends BrowserKitTest ->assertResponseOk() ->seeElement('input[name=email][disabled]'); $this->put($userProfileUrl, [ - 'name' => 'my_new_name', + 'name' => 'my_new_name', 'email' => 'new_email@example.com', ]); $this->seeInDatabase('users', [ - 'id' => $this->user->id, + 'id' => $this->user->id, 'email' => $originalEmail, - 'name' => 'my_new_name', + 'name' => 'my_new_name', ]); $this->giveUserPermissions($this->user, ['users-manage']); @@ -146,14 +171,14 @@ class RolesTest extends BrowserKitTest ->dontSeeElement('input[name=email][disabled]') ->seeElement('input[name=email]'); $this->put($userProfileUrl, [ - 'name' => 'my_new_name_2', + 'name' => 'my_new_name_2', 'email' => 'new_email@example.com', ]); $this->seeInDatabase('users', [ - 'id' => $this->user->id, + 'id' => $this->user->id, 'email' => 'new_email@example.com', - 'name' => 'my_new_name_2', + 'name' => 'my_new_name_2', ]); } @@ -178,7 +203,7 @@ class RolesTest extends BrowserKitTest public function test_restrictions_manage_all_permission() { - $page = \BookStack\Entities\Page::take(1)->get()->first(); + $page = Page::take(1)->get()->first(); $this->actingAs($this->user)->visit($page->getUrl()) ->dontSee('Permissions') ->visit($page->getUrl() . '/permissions') @@ -192,17 +217,25 @@ class RolesTest extends BrowserKitTest public function test_restrictions_manage_own_permission() { - $otherUsersPage = \BookStack\Entities\Page::first(); + $otherUsersPage = Page::first(); $content = $this->createEntityChainBelongingToUser($this->user); + + // Set a different creator on the page we're checking to ensure + // that the owner fields are checked + $page = $content['page']; /** @var Page $page */ + $page->created_by = $otherUsersPage->id; + $page->owned_by = $this->user->id; + $page->save(); + // Check can't restrict other's content $this->actingAs($this->user)->visit($otherUsersPage->getUrl()) ->dontSee('Permissions') ->visit($otherUsersPage->getUrl() . '/permissions') ->seePageIs('/'); // Check can't restrict own content - $this->actingAs($this->user)->visit($content['page']->getUrl()) + $this->actingAs($this->user)->visit($page->getUrl()) ->dontSee('Permissions') - ->visit($content['page']->getUrl() . '/permissions') + ->visit($page->getUrl() . '/permissions') ->seePageIs('/'); $this->giveUserPermissions($this->user, ['restrictions-manage-own']); @@ -213,17 +246,18 @@ class RolesTest extends BrowserKitTest ->visit($otherUsersPage->getUrl() . '/permissions') ->seePageIs('/'); // Check can restrict own content - $this->actingAs($this->user)->visit($content['page']->getUrl()) + $this->actingAs($this->user)->visit($page->getUrl()) ->see('Permissions') ->click('Permissions') - ->seePageIs($content['page']->getUrl() . '/permissions'); + ->seePageIs($page->getUrl() . '/permissions'); } /** - * Check a standard entity access permission + * Check a standard entity access permission. + * * @param string $permission - * @param array $accessUrls Urls that are only accessible after having the permission - * @param array $visibles Check this text, In the buttons toolbar, is only visible with the permission + * @param array $accessUrls Urls that are only accessible after having the permission + * @param array $visibles Check this text, In the buttons toolbar, is only visible with the permission */ private function checkAccessPermission($permission, $accessUrls = [], $visibles = []) { @@ -233,7 +267,7 @@ class RolesTest extends BrowserKitTest } foreach ($visibles as $url => $text) { $this->actingAs($this->user)->visit($url) - ->dontSeeInElement('.action-buttons',$text); + ->dontSeeInElement('.action-buttons', $text); } $this->giveUserPermissions($this->user, [$permission]); @@ -251,9 +285,9 @@ class RolesTest extends BrowserKitTest public function test_bookshelves_create_all_permissions() { $this->checkAccessPermission('bookshelf-create-all', [ - '/create-shelf' + '/create-shelf', ], [ - '/shelves' => 'New Shelf' + '/shelves' => 'New Shelf', ]); $this->visit('/create-shelf') @@ -267,13 +301,13 @@ class RolesTest extends BrowserKitTest { $otherShelf = Bookshelf::first(); $ownShelf = $this->newShelf(['name' => 'test-shelf', 'slug' => 'test-shelf']); - $ownShelf->forceFill(['created_by' => $this->user->id, 'updated_by' => $this->user->id])->save(); + $ownShelf->forceFill(['owned_by' => $this->user->id, 'updated_by' => $this->user->id])->save(); $this->regenEntityPermissions($ownShelf); $this->checkAccessPermission('bookshelf-update-own', [ - $ownShelf->getUrl('/edit') + $ownShelf->getUrl('/edit'), ], [ - $ownShelf->getUrl() => 'Edit' + $ownShelf->getUrl() => 'Edit', ]); $this->visit($otherShelf->getUrl()) @@ -284,26 +318,26 @@ class RolesTest extends BrowserKitTest public function test_bookshelves_edit_all_permission() { - $otherShelf = \BookStack\Entities\Bookshelf::first(); + $otherShelf = Bookshelf::first(); $this->checkAccessPermission('bookshelf-update-all', [ - $otherShelf->getUrl('/edit') + $otherShelf->getUrl('/edit'), ], [ - $otherShelf->getUrl() => 'Edit' + $otherShelf->getUrl() => 'Edit', ]); } public function test_bookshelves_delete_own_permission() { $this->giveUserPermissions($this->user, ['bookshelf-update-all']); - $otherShelf = \BookStack\Entities\Bookshelf::first(); + $otherShelf = Bookshelf::first(); $ownShelf = $this->newShelf(['name' => 'test-shelf', 'slug' => 'test-shelf']); - $ownShelf->forceFill(['created_by' => $this->user->id, 'updated_by' => $this->user->id])->save(); + $ownShelf->forceFill(['owned_by' => $this->user->id, 'updated_by' => $this->user->id])->save(); $this->regenEntityPermissions($ownShelf); $this->checkAccessPermission('bookshelf-delete-own', [ - $ownShelf->getUrl('/delete') + $ownShelf->getUrl('/delete'), ], [ - $ownShelf->getUrl() => 'Delete' + $ownShelf->getUrl() => 'Delete', ]); $this->visit($otherShelf->getUrl()) @@ -319,11 +353,11 @@ class RolesTest extends BrowserKitTest public function test_bookshelves_delete_all_permission() { $this->giveUserPermissions($this->user, ['bookshelf-update-all']); - $otherShelf = \BookStack\Entities\Bookshelf::first(); + $otherShelf = Bookshelf::first(); $this->checkAccessPermission('bookshelf-delete-all', [ - $otherShelf->getUrl('/delete') + $otherShelf->getUrl('/delete'), ], [ - $otherShelf->getUrl() => 'Delete' + $otherShelf->getUrl() => 'Delete', ]); $this->visit($otherShelf->getUrl())->visit($otherShelf->getUrl('/delete')) @@ -335,9 +369,9 @@ class RolesTest extends BrowserKitTest public function test_books_create_all_permissions() { $this->checkAccessPermission('book-create-all', [ - '/create-book' + '/create-book', ], [ - '/books' => 'Create New Book' + '/books' => 'Create New Book', ]); $this->visit('/create-book') @@ -349,12 +383,12 @@ class RolesTest extends BrowserKitTest public function test_books_edit_own_permission() { - $otherBook = \BookStack\Entities\Book::take(1)->get()->first(); + $otherBook = Book::take(1)->get()->first(); $ownBook = $this->createEntityChainBelongingToUser($this->user)['book']; $this->checkAccessPermission('book-update-own', [ - $ownBook->getUrl() . '/edit' + $ownBook->getUrl() . '/edit', ], [ - $ownBook->getUrl() => 'Edit' + $ownBook->getUrl() => 'Edit', ]); $this->visit($otherBook->getUrl()) @@ -365,23 +399,23 @@ class RolesTest extends BrowserKitTest public function test_books_edit_all_permission() { - $otherBook = \BookStack\Entities\Book::take(1)->get()->first(); + $otherBook = Book::take(1)->get()->first(); $this->checkAccessPermission('book-update-all', [ - $otherBook->getUrl() . '/edit' + $otherBook->getUrl() . '/edit', ], [ - $otherBook->getUrl() => 'Edit' + $otherBook->getUrl() => 'Edit', ]); } public function test_books_delete_own_permission() { $this->giveUserPermissions($this->user, ['book-update-all']); - $otherBook = \BookStack\Entities\Book::take(1)->get()->first(); + $otherBook = Book::take(1)->get()->first(); $ownBook = $this->createEntityChainBelongingToUser($this->user)['book']; $this->checkAccessPermission('book-delete-own', [ - $ownBook->getUrl() . '/delete' + $ownBook->getUrl() . '/delete', ], [ - $ownBook->getUrl() => 'Delete' + $ownBook->getUrl() => 'Delete', ]); $this->visit($otherBook->getUrl()) @@ -397,11 +431,11 @@ class RolesTest extends BrowserKitTest public function test_books_delete_all_permission() { $this->giveUserPermissions($this->user, ['book-update-all']); - $otherBook = \BookStack\Entities\Book::take(1)->get()->first(); + $otherBook = Book::take(1)->get()->first(); $this->checkAccessPermission('book-delete-all', [ - $otherBook->getUrl() . '/delete' + $otherBook->getUrl() . '/delete', ], [ - $otherBook->getUrl() => 'Delete' + $otherBook->getUrl() => 'Delete', ]); $this->visit($otherBook->getUrl())->visit($otherBook->getUrl() . '/delete') @@ -412,12 +446,12 @@ class RolesTest extends BrowserKitTest public function test_chapter_create_own_permissions() { - $book = \BookStack\Entities\Book::take(1)->get()->first(); + $book = Book::take(1)->get()->first(); $ownBook = $this->createEntityChainBelongingToUser($this->user)['book']; $this->checkAccessPermission('chapter-create-own', [ - $ownBook->getUrl('/create-chapter') + $ownBook->getUrl('/create-chapter'), ], [ - $ownBook->getUrl() => 'New Chapter' + $ownBook->getUrl() => 'New Chapter', ]); $this->visit($ownBook->getUrl('/create-chapter')) @@ -434,11 +468,11 @@ class RolesTest extends BrowserKitTest public function test_chapter_create_all_permissions() { - $book = \BookStack\Entities\Book::take(1)->get()->first(); + $book = Book::take(1)->get()->first(); $this->checkAccessPermission('chapter-create-all', [ - $book->getUrl('/create-chapter') + $book->getUrl('/create-chapter'), ], [ - $book->getUrl() => 'New Chapter' + $book->getUrl() => 'New Chapter', ]); $this->visit($book->getUrl('/create-chapter')) @@ -450,12 +484,12 @@ class RolesTest extends BrowserKitTest public function test_chapter_edit_own_permission() { - $otherChapter = \BookStack\Entities\Chapter::take(1)->get()->first(); + $otherChapter = Chapter::take(1)->get()->first(); $ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter']; $this->checkAccessPermission('chapter-update-own', [ - $ownChapter->getUrl() . '/edit' + $ownChapter->getUrl() . '/edit', ], [ - $ownChapter->getUrl() => 'Edit' + $ownChapter->getUrl() => 'Edit', ]); $this->visit($otherChapter->getUrl()) @@ -466,23 +500,23 @@ class RolesTest extends BrowserKitTest public function test_chapter_edit_all_permission() { - $otherChapter = \BookStack\Entities\Chapter::take(1)->get()->first(); + $otherChapter = Chapter::take(1)->get()->first(); $this->checkAccessPermission('chapter-update-all', [ - $otherChapter->getUrl() . '/edit' + $otherChapter->getUrl() . '/edit', ], [ - $otherChapter->getUrl() => 'Edit' + $otherChapter->getUrl() => 'Edit', ]); } public function test_chapter_delete_own_permission() { $this->giveUserPermissions($this->user, ['chapter-update-all']); - $otherChapter = \BookStack\Entities\Chapter::take(1)->get()->first(); + $otherChapter = Chapter::take(1)->get()->first(); $ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter']; $this->checkAccessPermission('chapter-delete-own', [ - $ownChapter->getUrl() . '/delete' + $ownChapter->getUrl() . '/delete', ], [ - $ownChapter->getUrl() => 'Delete' + $ownChapter->getUrl() => 'Delete', ]); $bookUrl = $ownChapter->book->getUrl(); @@ -499,11 +533,11 @@ class RolesTest extends BrowserKitTest public function test_chapter_delete_all_permission() { $this->giveUserPermissions($this->user, ['chapter-update-all']); - $otherChapter = \BookStack\Entities\Chapter::take(1)->get()->first(); + $otherChapter = Chapter::take(1)->get()->first(); $this->checkAccessPermission('chapter-delete-all', [ - $otherChapter->getUrl() . '/delete' + $otherChapter->getUrl() . '/delete', ], [ - $otherChapter->getUrl() => 'Delete' + $otherChapter->getUrl() => 'Delete', ]); $bookUrl = $otherChapter->book->getUrl(); @@ -515,8 +549,8 @@ class RolesTest extends BrowserKitTest public function test_page_create_own_permissions() { - $book = \BookStack\Entities\Book::first(); - $chapter = \BookStack\Entities\Chapter::first(); + $book = Book::first(); + $chapter = Chapter::first(); $entities = $this->createEntityChainBelongingToUser($this->user); $ownBook = $entities['book']; @@ -532,15 +566,15 @@ class RolesTest extends BrowserKitTest } $this->checkAccessPermission('page-create-own', [], [ - $ownBook->getUrl() => 'New Page', - $ownChapter->getUrl() => 'New Page' + $ownBook->getUrl() => 'New Page', + $ownChapter->getUrl() => 'New Page', ]); $this->giveUserPermissions($this->user, ['page-create-own']); foreach ($accessUrls as $index => $url) { $this->actingAs($this->user)->visit($url); - $expectedUrl = \BookStack\Entities\Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl(); + $expectedUrl = Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl(); $this->seePageIs($expectedUrl); } @@ -562,8 +596,8 @@ class RolesTest extends BrowserKitTest public function test_page_create_all_permissions() { - $book = \BookStack\Entities\Book::take(1)->get()->first(); - $chapter = \BookStack\Entities\Chapter::take(1)->get()->first(); + $book = Book::take(1)->get()->first(); + $chapter = Chapter::take(1)->get()->first(); $baseUrl = $book->getUrl() . '/page'; $createUrl = $book->getUrl('/create-page'); @@ -576,15 +610,15 @@ class RolesTest extends BrowserKitTest } $this->checkAccessPermission('page-create-all', [], [ - $book->getUrl() => 'New Page', - $chapter->getUrl() => 'New Page' + $book->getUrl() => 'New Page', + $chapter->getUrl() => 'New Page', ]); $this->giveUserPermissions($this->user, ['page-create-all']); foreach ($accessUrls as $index => $url) { $this->actingAs($this->user)->visit($url); - $expectedUrl = \BookStack\Entities\Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl(); + $expectedUrl = Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl(); $this->seePageIs($expectedUrl); } @@ -603,12 +637,12 @@ class RolesTest extends BrowserKitTest public function test_page_edit_own_permission() { - $otherPage = \BookStack\Entities\Page::take(1)->get()->first(); + $otherPage = Page::take(1)->get()->first(); $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; $this->checkAccessPermission('page-update-own', [ - $ownPage->getUrl() . '/edit' + $ownPage->getUrl() . '/edit', ], [ - $ownPage->getUrl() => 'Edit' + $ownPage->getUrl() => 'Edit', ]); $this->visit($otherPage->getUrl()) @@ -619,23 +653,23 @@ class RolesTest extends BrowserKitTest public function test_page_edit_all_permission() { - $otherPage = \BookStack\Entities\Page::take(1)->get()->first(); + $otherPage = Page::take(1)->get()->first(); $this->checkAccessPermission('page-update-all', [ - $otherPage->getUrl() . '/edit' + $otherPage->getUrl() . '/edit', ], [ - $otherPage->getUrl() => 'Edit' + $otherPage->getUrl() => 'Edit', ]); } public function test_page_delete_own_permission() { $this->giveUserPermissions($this->user, ['page-update-all']); - $otherPage = \BookStack\Entities\Page::take(1)->get()->first(); + $otherPage = Page::take(1)->get()->first(); $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; $this->checkAccessPermission('page-delete-own', [ - $ownPage->getUrl() . '/delete' + $ownPage->getUrl() . '/delete', ], [ - $ownPage->getUrl() => 'Delete' + $ownPage->getUrl() => 'Delete', ]); $parent = $ownPage->chapter ?? $ownPage->book; @@ -652,11 +686,11 @@ class RolesTest extends BrowserKitTest public function test_page_delete_all_permission() { $this->giveUserPermissions($this->user, ['page-update-all']); - $otherPage = \BookStack\Entities\Page::take(1)->get()->first(); + $otherPage = Page::take(1)->get()->first(); $this->checkAccessPermission('page-delete-all', [ - $otherPage->getUrl() . '/delete' + $otherPage->getUrl() . '/delete', ], [ - $otherPage->getUrl() => 'Delete' + $otherPage->getUrl() => 'Delete', ]); $parent = $otherPage->chapter ?? $otherPage->book; @@ -668,10 +702,12 @@ class RolesTest extends BrowserKitTest public function test_public_role_visible_in_user_edit_screen() { - $user = \BookStack\Auth\User::first(); + $user = User::first(); + $adminRole = Role::getSystemRole('admin'); + $publicRole = Role::getSystemRole('public'); $this->asAdmin()->visit('/settings/users/' . $user->id) - ->seeElement('[name="roles[admin]"]') - ->seeElement('[name="roles[public]"]'); + ->seeElement('[name="roles[' . $adminRole->id . ']"]') + ->seeElement('[name="roles[' . $publicRole->id . ']"]'); } public function test_public_role_visible_in_role_listing() @@ -684,9 +720,8 @@ class RolesTest extends BrowserKitTest public function test_public_role_visible_in_default_role_setting() { $this->asAdmin()->visit('/settings') - ->seeElement('[data-role-name="admin"]') - ->seeElement('[data-role-name="public"]'); - + ->seeElement('[data-system-role-name="admin"]') + ->seeElement('[data-system-role-name="public"]'); } public function test_public_role_not_deleteable() @@ -703,8 +738,8 @@ class RolesTest extends BrowserKitTest public function test_image_delete_own_permission() { $this->giveUserPermissions($this->user, ['image-update-all']); - $page = \BookStack\Entities\Page::first(); - $image = factory(\BookStack\Uploads\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]); + $page = Page::first(); + $image = factory(Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]); $this->actingAs($this->user)->json('delete', '/images/' . $image->id) ->seeStatusCode(403); @@ -720,8 +755,8 @@ class RolesTest extends BrowserKitTest { $this->giveUserPermissions($this->user, ['image-update-all']); $admin = $this->getAdmin(); - $page = \BookStack\Entities\Page::first(); - $image = factory(\BookStack\Uploads\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]); + $page = Page::first(); + $image = factory(Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]); $this->actingAs($this->user)->json('delete', '/images/' . $image->id) ->seeStatusCode(403); @@ -742,14 +777,14 @@ class RolesTest extends BrowserKitTest { // To cover issue fixed in f99c8ff99aee9beb8c692f36d4b84dc6e651e50a. $page = Page::first(); - $viewerRole = \BookStack\Auth\Role::getRole('viewer'); + $viewerRole = Role::getRole('viewer'); $viewer = $this->getViewer(); $this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(200); $this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [ 'display_name' => $viewerRole->display_name, - 'description' => $viewerRole->description, - 'permission' => [] + 'description' => $viewerRole->description, + 'permission' => [], ])->assertResponseStatus(302); $this->expectException(HttpException::class); @@ -760,21 +795,22 @@ class RolesTest extends BrowserKitTest { $admin = $this->getAdmin(); // Book links - $book = factory(\BookStack\Entities\Book::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id]); + $book = factory(Book::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id]); $this->updateEntityPermissions($book); $this->actingAs($this->getViewer())->visit($book->getUrl()) ->dontSee('Create a new page') ->dontSee('Add a chapter'); // Chapter links - $chapter = factory(\BookStack\Entities\Chapter::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id, 'book_id' => $book->id]); + $chapter = factory(Chapter::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id, 'book_id' => $book->id]); $this->updateEntityPermissions($chapter); $this->actingAs($this->getViewer())->visit($chapter->getUrl()) ->dontSee('Create a new page') ->dontSee('Sort the current book'); } - public function test_comment_create_permission () { + public function test_comment_create_permission() + { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; $this->actingAs($this->user)->addComment($ownPage); @@ -787,8 +823,8 @@ class RolesTest extends BrowserKitTest $this->assertResponseStatus(200); } - - public function test_comment_update_own_permission () { + public function test_comment_update_own_permission() + { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; $this->giveUserPermissions($this->user, ['comment-create-all']); $commentId = $this->actingAs($this->user)->addComment($ownPage); @@ -804,7 +840,8 @@ class RolesTest extends BrowserKitTest $this->assertResponseStatus(200); } - public function test_comment_update_all_permission () { + public function test_comment_update_all_permission() + { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; $commentId = $this->asAdmin()->addComment($ownPage); @@ -819,7 +856,8 @@ class RolesTest extends BrowserKitTest $this->assertResponseStatus(200); } - public function test_comment_delete_own_permission () { + public function test_comment_delete_own_permission() + { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; $this->giveUserPermissions($this->user, ['comment-create-all']); $commentId = $this->actingAs($this->user)->addComment($ownPage); @@ -835,7 +873,8 @@ class RolesTest extends BrowserKitTest $this->assertResponseStatus(200); } - public function test_comment_delete_all_permission () { + public function test_comment_delete_all_permission() + { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; $commentId = $this->asAdmin()->addComment($ownPage); @@ -850,33 +889,37 @@ class RolesTest extends BrowserKitTest $this->assertResponseStatus(200); } - private function addComment($page) { - $comment = factory(\BookStack\Actions\Comment::class)->make(); - $url = "/ajax/page/$page->id/comment"; + private function addComment($page) + { + $comment = factory(Comment::class)->make(); + $url = "/comment/$page->id"; $request = [ 'text' => $comment->text, - 'html' => $comment->html + 'html' => $comment->html, ]; $this->postJson($url, $request); $comment = $page->comments()->first(); + return $comment === null ? null : $comment->id; } - private function updateComment($commentId) { - $comment = factory(\BookStack\Actions\Comment::class)->make(); - $url = "/ajax/comment/$commentId"; + private function updateComment($commentId) + { + $comment = factory(Comment::class)->make(); + $url = "/comment/$commentId"; $request = [ 'text' => $comment->text, - 'html' => $comment->html + 'html' => $comment->html, ]; return $this->putJson($url, $request); } - private function deleteComment($commentId) { - $url = '/ajax/comment/' . $commentId; - return $this->json('DELETE', $url); - } + private function deleteComment($commentId) + { + $url = '/comment/' . $commentId; + return $this->json('DELETE', $url); + } }