X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/9fe158b78aad887657e9f02f217582bb03f6e406..refs/pull/358/head:/tests/Permissions/RolesTest.php diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php index 500dd3b67..24b8ae0f5 100644 --- a/tests/Permissions/RolesTest.php +++ b/tests/Permissions/RolesTest.php @@ -1,6 +1,6 @@ -see('Cannot be deleted'); } + + + public function test_image_delete_own_permission() + { + $this->giveUserPermissions($this->user, ['image-update-all']); + $page = \BookStack\Page::first(); + $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(403); + + $this->giveUserPermissions($this->user, ['image-delete-own']); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(200) + ->dontSeeInDatabase('images', ['id' => $image->id]); + } + + public function test_image_delete_all_permission() + { + $this->giveUserPermissions($this->user, ['image-update-all']); + $admin = $this->getAdmin(); + $page = \BookStack\Page::first(); + $image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(403); + + $this->giveUserPermissions($this->user, ['image-delete-own']); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(403); + + $this->giveUserPermissions($this->user, ['image-delete-all']); + + $this->actingAs($this->user)->json('delete', '/images/' . $image->id) + ->seeStatusCode(200) + ->dontSeeInDatabase('images', ['id' => $image->id]); + } + }