X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/7d02f77e6764175d2375a2b55e366b9beaba31a3..refs/pull/635/head:/tests/Permissions/RolesTest.php diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php index 9d054fe0b..bd9e01d45 100644 --- a/tests/Permissions/RolesTest.php +++ b/tests/Permissions/RolesTest.php @@ -1,7 +1,10 @@ see('Cannot be deleted'); } - - public function test_image_delete_own_permission() { $this->giveUserPermissions($this->user, ['image-update-all']); @@ -620,6 +621,42 @@ class RolesTest extends BrowserKitTest ->dontSeeInDatabase('images', ['id' => $image->id]); } + public function test_role_permission_removal() + { + // To cover issue fixed in f99c8ff99aee9beb8c692f36d4b84dc6e651e50a. + $page = Page::first(); + $viewerRole = \BookStack\Role::getRole('viewer'); + $viewer = $this->getViewer(); + $this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(200); + + $this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [ + 'display_name' => $viewerRole->display_name, + 'description' => $viewerRole->description, + 'permission' => [] + ])->assertResponseStatus(302); + + $this->expectException(HttpException::class); + $this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(404); + } + + public function test_empty_state_actions_not_visible_without_permission() + { + $admin = $this->getAdmin(); + // Book links + $book = factory(\BookStack\Book::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id]); + $this->updateEntityPermissions($book); + $this->actingAs($this->getViewer())->visit($book->getUrl()) + ->dontSee('Create a new page') + ->dontSee('Add a chapter'); + + // Chapter links + $chapter = factory(\BookStack\Chapter::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id, 'book_id' => $book->id]); + $this->updateEntityPermissions($chapter); + $this->actingAs($this->getViewer())->visit($chapter->getUrl()) + ->dontSee('Create a new page') + ->dontSee('Sort the current book'); + } + public function test_comment_create_permission () { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; @@ -630,95 +667,94 @@ class RolesTest extends BrowserKitTest $this->giveUserPermissions($this->user, ['comment-create-all']); $this->actingAs($this->user)->addComment($ownPage); - $this->assertResponseOk(200)->seeJsonContains(['status' => 'success']); + $this->assertResponseStatus(200); } public function test_comment_update_own_permission () { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; $this->giveUserPermissions($this->user, ['comment-create-all']); - $comment = $this->actingAs($this->user)->addComment($ownPage); + $commentId = $this->actingAs($this->user)->addComment($ownPage); // no comment-update-own - $this->actingAs($this->user)->updateComment($ownPage, $comment['id']); + $this->actingAs($this->user)->updateComment($commentId); $this->assertResponseStatus(403); $this->giveUserPermissions($this->user, ['comment-update-own']); // now has comment-update-own - $this->actingAs($this->user)->updateComment($ownPage, $comment['id']); - $this->assertResponseOk()->seeJsonContains(['status' => 'success']); + $this->actingAs($this->user)->updateComment($commentId); + $this->assertResponseStatus(200); } public function test_comment_update_all_permission () { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; - $comment = $this->asAdmin()->addComment($ownPage); + $commentId = $this->asAdmin()->addComment($ownPage); // no comment-update-all - $this->actingAs($this->user)->updateComment($ownPage, $comment['id']); + $this->actingAs($this->user)->updateComment($commentId); $this->assertResponseStatus(403); $this->giveUserPermissions($this->user, ['comment-update-all']); // now has comment-update-all - $this->actingAs($this->user)->updateComment($ownPage, $comment['id']); - $this->assertResponseOk()->seeJsonContains(['status' => 'success']); + $this->actingAs($this->user)->updateComment($commentId); + $this->assertResponseStatus(200); } public function test_comment_delete_own_permission () { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; $this->giveUserPermissions($this->user, ['comment-create-all']); - $comment = $this->actingAs($this->user)->addComment($ownPage); + $commentId = $this->actingAs($this->user)->addComment($ownPage); // no comment-delete-own - $this->actingAs($this->user)->deleteComment($comment['id']); + $this->actingAs($this->user)->deleteComment($commentId); $this->assertResponseStatus(403); $this->giveUserPermissions($this->user, ['comment-delete-own']); // now has comment-update-own - $this->actingAs($this->user)->deleteComment($comment['id']); - $this->assertResponseOk()->seeJsonContains(['status' => 'success']); + $this->actingAs($this->user)->deleteComment($commentId); + $this->assertResponseStatus(200); } public function test_comment_delete_all_permission () { $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; - $comment = $this->asAdmin()->addComment($ownPage); + $commentId = $this->asAdmin()->addComment($ownPage); // no comment-delete-all - $this->actingAs($this->user)->deleteComment($comment['id']); + $this->actingAs($this->user)->deleteComment($commentId); $this->assertResponseStatus(403); $this->giveUserPermissions($this->user, ['comment-delete-all']); // now has comment-delete-all - $this->actingAs($this->user)->deleteComment($comment['id']); - $this->assertResponseOk()->seeJsonContains(['status' => 'success']); + $this->actingAs($this->user)->deleteComment($commentId); + $this->assertResponseStatus(200); } private function addComment($page) { $comment = factory(\BookStack\Comment::class)->make(); - $url = "/ajax/page/$page->id/comment/"; + $url = "/ajax/page/$page->id/comment"; $request = [ 'text' => $comment->text, 'html' => $comment->html ]; - $this->json('POST', $url, $request); - $resp = $this->decodeResponseJson(); - return $resp['comment']; - + $this->postJson($url, $request); + $comment = $page->comments()->first(); + return $comment === null ? null : $comment->id; } - private function updateComment($page, $commentId) { + private function updateComment($commentId) { $comment = factory(\BookStack\Comment::class)->make(); - $url = "/ajax/page/$page->id/comment/$commentId"; + $url = "/ajax/comment/$commentId"; $request = [ 'text' => $comment->text, 'html' => $comment->html ]; - return $this->json('PUT', $url, $request); + return $this->putJson($url, $request); } private function deleteComment($commentId) {