X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/7cda9b026e11b67c861faa76dd1ce402467fe30b..refs/pull/1730/head:/tests/Permissions/RolesTest.php diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php index 423db1bf0..a1f193643 100644 --- a/tests/Permissions/RolesTest.php +++ b/tests/Permissions/RolesTest.php @@ -119,6 +119,43 @@ class RolesTest extends BrowserKitTest $this->actingAs($this->user)->visit('/')->dontSee($usersLink); } + public function test_user_cannot_change_email_unless_they_have_manage_users_permission() + { + $userProfileUrl = '/settings/users/' . $this->user->id; + $originalEmail = $this->user->email; + $this->actingAs($this->user); + + $this->visit($userProfileUrl) + ->assertResponseOk() + ->seeElement('input[name=email][disabled]'); + $this->put($userProfileUrl, [ + 'name' => 'my_new_name', + 'email' => 'new_email@example.com', + ]); + $this->seeInDatabase('users', [ + 'id' => $this->user->id, + 'email' => $originalEmail, + 'name' => 'my_new_name', + ]); + + $this->giveUserPermissions($this->user, ['users-manage']); + + $this->visit($userProfileUrl) + ->assertResponseOk() + ->dontSeeElement('input[name=email][disabled]') + ->seeElement('input[name=email]'); + $this->put($userProfileUrl, [ + 'name' => 'my_new_name_2', + 'email' => 'new_email@example.com', + ]); + + $this->seeInDatabase('users', [ + 'id' => $this->user->id, + 'email' => 'new_email@example.com', + 'name' => 'my_new_name_2', + ]); + } + public function test_user_roles_manage_permission() { $this->actingAs($this->user)->visit('/settings/roles') @@ -215,7 +252,7 @@ class RolesTest extends BrowserKitTest $this->checkAccessPermission('bookshelf-create-all', [ '/create-shelf' ], [ - '/shelves' => 'Create New Shelf' + '/shelves' => 'New Shelf' ]); $this->visit('/create-shelf')