X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/57dc53ceff99e65c726f59c8b14a599878adba59..refs/pull/358/head:/tests/Permissions/RolesTest.php

diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php
index 1d44e9691..24b8ae0f5 100644
--- a/tests/Permissions/RolesTest.php
+++ b/tests/Permissions/RolesTest.php
@@ -1,6 +1,6 @@
-<?php
+<?php namespace Tests;
 
-class RolesTest extends TestCase
+class RolesTest extends BrowserKitTest
 {
     protected $user;
 
@@ -81,7 +81,7 @@ class RolesTest extends TestCase
         $this->asAdmin()->visit('/settings')
             ->click('Roles')
             ->seePageIs('/settings/roles')
-            ->click('Add new role')
+            ->click('Create New Role')
             ->type('Test Role', 'display_name')
             ->type('A little test description', 'description')
             ->press('Save Role')
@@ -578,4 +578,44 @@ class RolesTest extends TestCase
             ->see('Cannot be deleted');
     }
 
+
+
+    public function test_image_delete_own_permission()
+    {
+        $this->giveUserPermissions($this->user, ['image-update-all']);
+        $page = \BookStack\Page::first();
+        $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(403);
+
+        $this->giveUserPermissions($this->user, ['image-delete-own']);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(200)
+            ->dontSeeInDatabase('images', ['id' => $image->id]);
+    }
+
+    public function test_image_delete_all_permission()
+    {
+        $this->giveUserPermissions($this->user, ['image-update-all']);
+        $admin = $this->getAdmin();
+        $page = \BookStack\Page::first();
+        $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(403);
+
+        $this->giveUserPermissions($this->user, ['image-delete-own']);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(403);
+
+        $this->giveUserPermissions($this->user, ['image-delete-all']);
+
+        $this->actingAs($this->user)->json('delete', '/images/' . $image->id)
+            ->seeStatusCode(200)
+            ->dontSeeInDatabase('images', ['id' => $image->id]);
+    }
+
 }