X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/529f7bd1bc21dffa8ba29295f86e050e0c30645b..refs/pull/5313/head:/tests/Api/BooksApiTest.php diff --git a/tests/Api/BooksApiTest.php b/tests/Api/BooksApiTest.php index b31bd7d37..0de98dc32 100644 --- a/tests/Api/BooksApiTest.php +++ b/tests/Api/BooksApiTest.php @@ -24,6 +24,9 @@ class BooksApiTest extends TestCase 'id' => $firstBook->id, 'name' => $firstBook->name, 'slug' => $firstBook->slug, + 'owned_by' => $firstBook->owned_by, + 'created_by' => $firstBook->created_by, + 'updated_by' => $firstBook->updated_by, ], ]]); } @@ -146,6 +149,23 @@ class BooksApiTest extends TestCase ]); } + public function test_read_endpoint_contents_nested_pages_has_permissions_applied() + { + $this->actingAsApiEditor(); + + $book = $this->entities->bookHasChaptersAndPages(); + $chapter = $book->chapters()->first(); + $chapterPage = $chapter->pages()->first(); + $customName = 'MyNonVisiblePageWithinAChapter'; + $chapterPage->name = $customName; + $chapterPage->save(); + + $this->permissions->disableEntityInheritedPermissions($chapterPage); + + $resp = $this->getJson($this->baseEndpoint . "/{$book->id}"); + $resp->assertJsonMissing(['name' => $customName]); + } + public function test_update_endpoint() { $this->actingAsApiEditor();