X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a04a800258b726876ff2badffe903b247aa0f676..refs/pull/2902/head:/tests/Permissions/RolesTest.php

diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php
index 3397ef429..b9b1805b6 100644
--- a/tests/Permissions/RolesTest.php
+++ b/tests/Permissions/RolesTest.php
@@ -1,12 +1,14 @@
-<?php namespace Tests\Permissions;
+<?php
+
+namespace Tests\Permissions;
 
 use BookStack\Actions\Comment;
+use BookStack\Auth\Role;
 use BookStack\Auth\User;
 use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Bookshelf;
 use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Page;
-use BookStack\Auth\Role;
 use BookStack\Uploads\Image;
 use Laravel\BrowserKitTesting\HttpException;
 use Tests\BrowserKitTest;
@@ -62,15 +64,16 @@ class RolesTest extends BrowserKitTest
             ->type('Test Role', 'display_name')
             ->type('A little test description', 'description')
             ->press('Save Role')
-            ->seeInDatabase('roles', ['display_name' => $testRoleName, 'description' => $testRoleDesc])
+            ->seeInDatabase('roles', ['display_name' => $testRoleName, 'description' => $testRoleDesc, 'mfa_enforced' => false])
             ->seePageIs('/settings/roles');
         // Updating
         $this->asAdmin()->visit('/settings/roles')
             ->see($testRoleDesc)
             ->click($testRoleName)
             ->type($testRoleUpdateName, '#display_name')
+            ->check('#mfa_enforced')
             ->press('Save Role')
-            ->seeInDatabase('roles', ['display_name' => $testRoleUpdateName, 'description' => $testRoleDesc])
+            ->seeInDatabase('roles', ['display_name' => $testRoleUpdateName, 'description' => $testRoleDesc, 'mfa_enforced' => true])
             ->seePageIs('/settings/roles');
         // Deleting
         $this->asAdmin()->visit('/settings/roles')
@@ -93,11 +96,11 @@ class RolesTest extends BrowserKitTest
 
         $editUrl = '/settings/users/' . $adminUser->id;
         $this->actingAs($adminUser)->put($editUrl, [
-            'name' => $adminUser->name,
+            'name'  => $adminUser->name,
             'email' => $adminUser->email,
             'roles' => [
                 'viewer' => strval($viewerRole->id),
-            ]
+            ],
         ])->followRedirects();
 
         $this->seePageIs($editUrl);
@@ -134,7 +137,7 @@ class RolesTest extends BrowserKitTest
 
     public function test_manage_users_permission_shows_link_in_header_if_does_not_have_settings_manage_permision()
     {
-        $usersLink = 'href="'.url('/settings/users') . '"';
+        $usersLink = 'href="' . url('/http/source.bookstackapp.com/settings/users') . '"';
         $this->actingAs($this->user)->visit('/')->dontSee($usersLink);
         $this->giveUserPermissions($this->user, ['users-manage']);
         $this->actingAs($this->user)->visit('/')->see($usersLink);
@@ -152,13 +155,13 @@ class RolesTest extends BrowserKitTest
             ->assertResponseOk()
             ->seeElement('input[name=email][disabled]');
         $this->put($userProfileUrl, [
-            'name' => 'my_new_name',
+            'name'  => 'my_new_name',
             'email' => 'new_email@example.com',
         ]);
         $this->seeInDatabase('users', [
-            'id' => $this->user->id,
+            'id'    => $this->user->id,
             'email' => $originalEmail,
-            'name' => 'my_new_name',
+            'name'  => 'my_new_name',
         ]);
 
         $this->giveUserPermissions($this->user, ['users-manage']);
@@ -168,14 +171,14 @@ class RolesTest extends BrowserKitTest
             ->dontSeeElement('input[name=email][disabled]')
             ->seeElement('input[name=email]');
         $this->put($userProfileUrl, [
-            'name' => 'my_new_name_2',
+            'name'  => 'my_new_name_2',
             'email' => 'new_email@example.com',
         ]);
 
         $this->seeInDatabase('users', [
-            'id' => $this->user->id,
+            'id'    => $this->user->id,
             'email' => 'new_email@example.com',
-            'name' => 'my_new_name_2',
+            'name'  => 'my_new_name_2',
         ]);
     }
 
@@ -216,15 +219,23 @@ class RolesTest extends BrowserKitTest
     {
         $otherUsersPage = Page::first();
         $content = $this->createEntityChainBelongingToUser($this->user);
+
+        // Set a different creator on the page we're checking to ensure
+        // that the owner fields are checked
+        $page = $content['page']; /** @var Page $page */
+        $page->created_by = $otherUsersPage->id;
+        $page->owned_by = $this->user->id;
+        $page->save();
+
         // Check can't restrict other's content
         $this->actingAs($this->user)->visit($otherUsersPage->getUrl())
             ->dontSee('Permissions')
             ->visit($otherUsersPage->getUrl() . '/permissions')
             ->seePageIs('/');
         // Check can't restrict own content
-        $this->actingAs($this->user)->visit($content['page']->getUrl())
+        $this->actingAs($this->user)->visit($page->getUrl())
             ->dontSee('Permissions')
-            ->visit($content['page']->getUrl() . '/permissions')
+            ->visit($page->getUrl() . '/permissions')
             ->seePageIs('/');
 
         $this->giveUserPermissions($this->user, ['restrictions-manage-own']);
@@ -235,17 +246,18 @@ class RolesTest extends BrowserKitTest
             ->visit($otherUsersPage->getUrl() . '/permissions')
             ->seePageIs('/');
         // Check can restrict own content
-        $this->actingAs($this->user)->visit($content['page']->getUrl())
+        $this->actingAs($this->user)->visit($page->getUrl())
             ->see('Permissions')
             ->click('Permissions')
-            ->seePageIs($content['page']->getUrl() . '/permissions');
+            ->seePageIs($page->getUrl() . '/permissions');
     }
 
     /**
-     * Check a standard entity access permission
+     * Check a standard entity access permission.
+     *
      * @param string $permission
-     * @param array $accessUrls Urls that are only accessible after having the permission
-     * @param array $visibles Check this text, In the buttons toolbar, is only visible with the permission
+     * @param array  $accessUrls Urls that are only accessible after having the permission
+     * @param array  $visibles   Check this text, In the buttons toolbar, is only visible with the permission
      */
     private function checkAccessPermission($permission, $accessUrls = [], $visibles = [])
     {
@@ -255,7 +267,7 @@ class RolesTest extends BrowserKitTest
         }
         foreach ($visibles as $url => $text) {
             $this->actingAs($this->user)->visit($url)
-                ->dontSeeInElement('.action-buttons',$text);
+                ->dontSeeInElement('.action-buttons', $text);
         }
 
         $this->giveUserPermissions($this->user, [$permission]);
@@ -273,9 +285,9 @@ class RolesTest extends BrowserKitTest
     public function test_bookshelves_create_all_permissions()
     {
         $this->checkAccessPermission('bookshelf-create-all', [
-            '/create-shelf'
+            '/create-shelf',
         ], [
-            '/shelves' => 'New Shelf'
+            '/shelves' => 'New Shelf',
         ]);
 
         $this->visit('/create-shelf')
@@ -293,9 +305,9 @@ class RolesTest extends BrowserKitTest
         $this->regenEntityPermissions($ownShelf);
 
         $this->checkAccessPermission('bookshelf-update-own', [
-            $ownShelf->getUrl('/edit')
+            $ownShelf->getUrl('/edit'),
         ], [
-            $ownShelf->getUrl() => 'Edit'
+            $ownShelf->getUrl() => 'Edit',
         ]);
 
         $this->visit($otherShelf->getUrl())
@@ -308,9 +320,9 @@ class RolesTest extends BrowserKitTest
     {
         $otherShelf = Bookshelf::first();
         $this->checkAccessPermission('bookshelf-update-all', [
-            $otherShelf->getUrl('/edit')
+            $otherShelf->getUrl('/edit'),
         ], [
-            $otherShelf->getUrl() => 'Edit'
+            $otherShelf->getUrl() => 'Edit',
         ]);
     }
 
@@ -323,9 +335,9 @@ class RolesTest extends BrowserKitTest
         $this->regenEntityPermissions($ownShelf);
 
         $this->checkAccessPermission('bookshelf-delete-own', [
-            $ownShelf->getUrl('/delete')
+            $ownShelf->getUrl('/delete'),
         ], [
-            $ownShelf->getUrl() => 'Delete'
+            $ownShelf->getUrl() => 'Delete',
         ]);
 
         $this->visit($otherShelf->getUrl())
@@ -343,9 +355,9 @@ class RolesTest extends BrowserKitTest
         $this->giveUserPermissions($this->user, ['bookshelf-update-all']);
         $otherShelf = Bookshelf::first();
         $this->checkAccessPermission('bookshelf-delete-all', [
-            $otherShelf->getUrl('/delete')
+            $otherShelf->getUrl('/delete'),
         ], [
-            $otherShelf->getUrl() => 'Delete'
+            $otherShelf->getUrl() => 'Delete',
         ]);
 
         $this->visit($otherShelf->getUrl())->visit($otherShelf->getUrl('/delete'))
@@ -357,9 +369,9 @@ class RolesTest extends BrowserKitTest
     public function test_books_create_all_permissions()
     {
         $this->checkAccessPermission('book-create-all', [
-            '/create-book'
+            '/create-book',
         ], [
-            '/books' => 'Create New Book'
+            '/books' => 'Create New Book',
         ]);
 
         $this->visit('/create-book')
@@ -374,9 +386,9 @@ class RolesTest extends BrowserKitTest
         $otherBook = Book::take(1)->get()->first();
         $ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];
         $this->checkAccessPermission('book-update-own', [
-            $ownBook->getUrl() . '/edit'
+            $ownBook->getUrl() . '/edit',
         ], [
-            $ownBook->getUrl() => 'Edit'
+            $ownBook->getUrl() => 'Edit',
         ]);
 
         $this->visit($otherBook->getUrl())
@@ -389,9 +401,9 @@ class RolesTest extends BrowserKitTest
     {
         $otherBook = Book::take(1)->get()->first();
         $this->checkAccessPermission('book-update-all', [
-            $otherBook->getUrl() . '/edit'
+            $otherBook->getUrl() . '/edit',
         ], [
-            $otherBook->getUrl() => 'Edit'
+            $otherBook->getUrl() => 'Edit',
         ]);
     }
 
@@ -401,9 +413,9 @@ class RolesTest extends BrowserKitTest
         $otherBook = Book::take(1)->get()->first();
         $ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];
         $this->checkAccessPermission('book-delete-own', [
-            $ownBook->getUrl() . '/delete'
+            $ownBook->getUrl() . '/delete',
         ], [
-            $ownBook->getUrl() => 'Delete'
+            $ownBook->getUrl() => 'Delete',
         ]);
 
         $this->visit($otherBook->getUrl())
@@ -421,9 +433,9 @@ class RolesTest extends BrowserKitTest
         $this->giveUserPermissions($this->user, ['book-update-all']);
         $otherBook = Book::take(1)->get()->first();
         $this->checkAccessPermission('book-delete-all', [
-            $otherBook->getUrl() . '/delete'
+            $otherBook->getUrl() . '/delete',
         ], [
-            $otherBook->getUrl() => 'Delete'
+            $otherBook->getUrl() => 'Delete',
         ]);
 
         $this->visit($otherBook->getUrl())->visit($otherBook->getUrl() . '/delete')
@@ -437,9 +449,9 @@ class RolesTest extends BrowserKitTest
         $book = Book::take(1)->get()->first();
         $ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];
         $this->checkAccessPermission('chapter-create-own', [
-            $ownBook->getUrl('/create-chapter')
+            $ownBook->getUrl('/create-chapter'),
         ], [
-            $ownBook->getUrl() => 'New Chapter'
+            $ownBook->getUrl() => 'New Chapter',
         ]);
 
         $this->visit($ownBook->getUrl('/create-chapter'))
@@ -458,9 +470,9 @@ class RolesTest extends BrowserKitTest
     {
         $book = Book::take(1)->get()->first();
         $this->checkAccessPermission('chapter-create-all', [
-            $book->getUrl('/create-chapter')
+            $book->getUrl('/create-chapter'),
         ], [
-            $book->getUrl() => 'New Chapter'
+            $book->getUrl() => 'New Chapter',
         ]);
 
         $this->visit($book->getUrl('/create-chapter'))
@@ -475,9 +487,9 @@ class RolesTest extends BrowserKitTest
         $otherChapter = Chapter::take(1)->get()->first();
         $ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter'];
         $this->checkAccessPermission('chapter-update-own', [
-            $ownChapter->getUrl() . '/edit'
+            $ownChapter->getUrl() . '/edit',
         ], [
-            $ownChapter->getUrl() => 'Edit'
+            $ownChapter->getUrl() => 'Edit',
         ]);
 
         $this->visit($otherChapter->getUrl())
@@ -490,9 +502,9 @@ class RolesTest extends BrowserKitTest
     {
         $otherChapter = Chapter::take(1)->get()->first();
         $this->checkAccessPermission('chapter-update-all', [
-            $otherChapter->getUrl() . '/edit'
+            $otherChapter->getUrl() . '/edit',
         ], [
-            $otherChapter->getUrl() => 'Edit'
+            $otherChapter->getUrl() => 'Edit',
         ]);
     }
 
@@ -502,9 +514,9 @@ class RolesTest extends BrowserKitTest
         $otherChapter = Chapter::take(1)->get()->first();
         $ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter'];
         $this->checkAccessPermission('chapter-delete-own', [
-            $ownChapter->getUrl() . '/delete'
+            $ownChapter->getUrl() . '/delete',
         ], [
-            $ownChapter->getUrl() => 'Delete'
+            $ownChapter->getUrl() => 'Delete',
         ]);
 
         $bookUrl = $ownChapter->book->getUrl();
@@ -523,9 +535,9 @@ class RolesTest extends BrowserKitTest
         $this->giveUserPermissions($this->user, ['chapter-update-all']);
         $otherChapter = Chapter::take(1)->get()->first();
         $this->checkAccessPermission('chapter-delete-all', [
-            $otherChapter->getUrl() . '/delete'
+            $otherChapter->getUrl() . '/delete',
         ], [
-            $otherChapter->getUrl() => 'Delete'
+            $otherChapter->getUrl() => 'Delete',
         ]);
 
         $bookUrl = $otherChapter->book->getUrl();
@@ -554,8 +566,8 @@ class RolesTest extends BrowserKitTest
         }
 
         $this->checkAccessPermission('page-create-own', [], [
-            $ownBook->getUrl() => 'New Page',
-            $ownChapter->getUrl() => 'New Page'
+            $ownBook->getUrl()    => 'New Page',
+            $ownChapter->getUrl() => 'New Page',
         ]);
 
         $this->giveUserPermissions($this->user, ['page-create-own']);
@@ -598,8 +610,8 @@ class RolesTest extends BrowserKitTest
         }
 
         $this->checkAccessPermission('page-create-all', [], [
-            $book->getUrl() => 'New Page',
-            $chapter->getUrl() => 'New Page'
+            $book->getUrl()    => 'New Page',
+            $chapter->getUrl() => 'New Page',
         ]);
 
         $this->giveUserPermissions($this->user, ['page-create-all']);
@@ -628,9 +640,9 @@ class RolesTest extends BrowserKitTest
         $otherPage = Page::take(1)->get()->first();
         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
         $this->checkAccessPermission('page-update-own', [
-            $ownPage->getUrl() . '/edit'
+            $ownPage->getUrl() . '/edit',
         ], [
-            $ownPage->getUrl() => 'Edit'
+            $ownPage->getUrl() => 'Edit',
         ]);
 
         $this->visit($otherPage->getUrl())
@@ -643,9 +655,9 @@ class RolesTest extends BrowserKitTest
     {
         $otherPage = Page::take(1)->get()->first();
         $this->checkAccessPermission('page-update-all', [
-            $otherPage->getUrl() . '/edit'
+            $otherPage->getUrl() . '/edit',
         ], [
-            $otherPage->getUrl() => 'Edit'
+            $otherPage->getUrl() => 'Edit',
         ]);
     }
 
@@ -655,9 +667,9 @@ class RolesTest extends BrowserKitTest
         $otherPage = Page::take(1)->get()->first();
         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
         $this->checkAccessPermission('page-delete-own', [
-            $ownPage->getUrl() . '/delete'
+            $ownPage->getUrl() . '/delete',
         ], [
-            $ownPage->getUrl() => 'Delete'
+            $ownPage->getUrl() => 'Delete',
         ]);
 
         $parent = $ownPage->chapter ?? $ownPage->book;
@@ -676,9 +688,9 @@ class RolesTest extends BrowserKitTest
         $this->giveUserPermissions($this->user, ['page-update-all']);
         $otherPage = Page::take(1)->get()->first();
         $this->checkAccessPermission('page-delete-all', [
-            $otherPage->getUrl() . '/delete'
+            $otherPage->getUrl() . '/delete',
         ], [
-            $otherPage->getUrl() => 'Delete'
+            $otherPage->getUrl() => 'Delete',
         ]);
 
         $parent = $otherPage->chapter ?? $otherPage->book;
@@ -694,8 +706,8 @@ class RolesTest extends BrowserKitTest
         $adminRole = Role::getSystemRole('admin');
         $publicRole = Role::getSystemRole('public');
         $this->asAdmin()->visit('/settings/users/' . $user->id)
-            ->seeElement('[name="roles['.$adminRole->id.']"]')
-            ->seeElement('[name="roles['.$publicRole->id.']"]');
+            ->seeElement('[name="roles[' . $adminRole->id . ']"]')
+            ->seeElement('[name="roles[' . $publicRole->id . ']"]');
     }
 
     public function test_public_role_visible_in_role_listing()
@@ -771,8 +783,8 @@ class RolesTest extends BrowserKitTest
 
         $this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [
             'display_name' => $viewerRole->display_name,
-            'description' => $viewerRole->description,
-            'permission' => []
+            'description'  => $viewerRole->description,
+            'permission'   => [],
         ])->assertResponseStatus(302);
 
         $this->expectException(HttpException::class);
@@ -797,7 +809,8 @@ class RolesTest extends BrowserKitTest
             ->dontSee('Sort the current book');
     }
 
-    public function test_comment_create_permission () {
+    public function test_comment_create_permission()
+    {
         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
 
         $this->actingAs($this->user)->addComment($ownPage);
@@ -810,8 +823,8 @@ class RolesTest extends BrowserKitTest
         $this->assertResponseStatus(200);
     }
 
-
-    public function test_comment_update_own_permission () {
+    public function test_comment_update_own_permission()
+    {
         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
         $this->giveUserPermissions($this->user, ['comment-create-all']);
         $commentId = $this->actingAs($this->user)->addComment($ownPage);
@@ -827,7 +840,8 @@ class RolesTest extends BrowserKitTest
         $this->assertResponseStatus(200);
     }
 
-    public function test_comment_update_all_permission () {
+    public function test_comment_update_all_permission()
+    {
         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
         $commentId = $this->asAdmin()->addComment($ownPage);
 
@@ -842,7 +856,8 @@ class RolesTest extends BrowserKitTest
         $this->assertResponseStatus(200);
     }
 
-    public function test_comment_delete_own_permission () {
+    public function test_comment_delete_own_permission()
+    {
         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
         $this->giveUserPermissions($this->user, ['comment-create-all']);
         $commentId = $this->actingAs($this->user)->addComment($ownPage);
@@ -858,7 +873,8 @@ class RolesTest extends BrowserKitTest
         $this->assertResponseStatus(200);
     }
 
-    public function test_comment_delete_all_permission () {
+    public function test_comment_delete_all_permission()
+    {
         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
         $commentId = $this->asAdmin()->addComment($ownPage);
 
@@ -873,33 +889,37 @@ class RolesTest extends BrowserKitTest
         $this->assertResponseStatus(200);
     }
 
-    private function addComment($page) {
+    private function addComment($page)
+    {
         $comment = factory(Comment::class)->make();
         $url = "/comment/$page->id";
         $request = [
             'text' => $comment->text,
-            'html' => $comment->html
+            'html' => $comment->html,
         ];
 
         $this->postJson($url, $request);
         $comment = $page->comments()->first();
+
         return $comment === null ? null : $comment->id;
     }
 
-    private function updateComment($commentId) {
+    private function updateComment($commentId)
+    {
         $comment = factory(Comment::class)->make();
         $url = "/comment/$commentId";
         $request = [
             'text' => $comment->text,
-            'html' => $comment->html
+            'html' => $comment->html,
         ];
 
         return $this->putJson($url, $request);
     }
 
-    private function deleteComment($commentId) {
-         $url = '/comment/' . $commentId;
-         return $this->json('DELETE', $url);
-    }
+    private function deleteComment($commentId)
+    {
+        $url = '/comment/' . $commentId;
 
+        return $this->json('DELETE', $url);
+    }
 }