X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a5e49f642b18de09cac0f2fdceacf07b0bafafe7..refs/pull/945/head:/tests/Permissions/RestrictionsTest.php diff --git a/tests/Permissions/RestrictionsTest.php b/tests/Permissions/RestrictionsTest.php index 218b7a0d8..2bbb1a5fa 100644 --- a/tests/Permissions/RestrictionsTest.php +++ b/tests/Permissions/RestrictionsTest.php @@ -1,8 +1,9 @@ user = $this->getEditor(); $this->viewer = $this->getViewer(); - $this->permissionService = $this->app[PermissionService::class]; } - /** - * Manually set some permissions on an entity. - * @param \BookStack\Entity $entity - * @param $actions - */ - protected function setEntityRestrictions(\BookStack\Entity $entity, $actions) + protected function setEntityRestrictions(Entity $entity, $actions = [], $roles = []) { - $entity->restricted = true; - $entity->permissions()->delete(); - - $role = $this->user->roles->first(); - $viewerRole = $this->viewer->roles->first(); - - $permissions = []; - foreach ($actions as $action) { - $permissions[] = [ - 'role_id' => $role->id, - 'action' => strtolower($action) - ]; - $permissions[] = [ - 'role_id' => $viewerRole->id, - 'action' => strtolower($action) - ]; - } - $entity->permissions()->createMany($permissions); - - $entity->save(); - $entity->load('permissions'); - $this->permissionService->buildJointPermissionsForEntity($entity); - $entity->load('jointPermissions'); + $roles = [ + $this->user->roles->first(), + $this->viewer->roles->first(), + ]; + parent::setEntityRestrictions($entity, $actions, $roles); } public function test_book_view_restriction() @@ -108,21 +80,21 @@ class RestrictionsTest extends BrowserKitTest $this->setEntityRestrictions($book, ['view', 'delete', 'update']); - $this->forceVisit($bookUrl . '/chapter/create') + $this->forceVisit($bookUrl . '/create-chapter') ->see('You do not have permission')->seePageIs('/'); - $this->forceVisit($bookUrl . '/page/create') + $this->forceVisit($bookUrl . '/create-page') ->see('You do not have permission')->seePageIs('/'); $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page') ->dontSeeInElement('.action-buttons', 'New Chapter'); $this->setEntityRestrictions($book, ['view', 'create']); - $this->visit($bookUrl . '/chapter/create') + $this->visit($bookUrl . '/create-chapter') ->type('test chapter', 'name') ->type('test description for chapter', 'description') ->press('Save Chapter') ->seePageIs($bookUrl . '/chapter/test-chapter'); - $this->visit($bookUrl . '/page/create') + $this->visit($bookUrl . '/create-page') ->type('test page', 'name') ->type('test content', 'html') ->press('Save Page') @@ -453,21 +425,21 @@ class RestrictionsTest extends BrowserKitTest $this->setEntityRestrictions($book, ['view', 'delete', 'update']); - $this->forceVisit($bookUrl . '/chapter/create') + $this->forceVisit($bookUrl . '/create-chapter') ->see('You do not have permission')->seePageIs('/'); - $this->forceVisit($bookUrl . '/page/create') + $this->forceVisit($bookUrl . '/create-page') ->see('You do not have permission')->seePageIs('/'); $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page') ->dontSeeInElement('.action-buttons', 'New Chapter'); $this->setEntityRestrictions($book, ['view', 'create']); - $this->visit($bookUrl . '/chapter/create') + $this->visit($bookUrl . '/create-chapter') ->type('test chapter', 'name') ->type('test description for chapter', 'description') ->press('Save Chapter') ->seePageIs($bookUrl . '/chapter/test-chapter'); - $this->visit($bookUrl . '/page/create') + $this->visit($bookUrl . '/create-page') ->type('test page', 'name') ->type('test content', 'html') ->press('Save Page') @@ -554,4 +526,92 @@ class RestrictionsTest extends BrowserKitTest $this->dontSee(substr($bookChapter->name, 0, 15)); } + public function test_book_sort_view_permission() + { + $firstBook = Book::first(); + $secondBook = Book::find(2); + $thirdBook = Book::find(3); + + $this->setEntityRestrictions($firstBook, ['view', 'update']); + $this->setEntityRestrictions($secondBook, ['view']); + $this->setEntityRestrictions($thirdBook, ['view', 'update']); + + // Test sort page visibility + $this->actingAs($this->user)->visit($secondBook->getUrl() . '/sort') + ->see('You do not have permission') + ->seePageIs('/'); + + // Check sort page on first book + $this->actingAs($this->user)->visit($firstBook->getUrl() . '/sort') + ->see($thirdBook->name) + ->dontSee($secondBook->name); + } + + public function test_book_sort_permission() { + $firstBook = Book::first(); + $secondBook = Book::find(2); + + $this->setEntityRestrictions($firstBook, ['view', 'update']); + $this->setEntityRestrictions($secondBook, ['view']); + + $firstBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter', + ['name' => 'first book chapter'], $firstBook); + $secondBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter', + ['name' => 'second book chapter'], $secondBook); + + // Create request data + $reqData = [ + [ + 'id' => $firstBookChapter->id, + 'sort' => 0, + 'parentChapter' => false, + 'type' => 'chapter', + 'book' => $secondBook->id + ] + ]; + + // Move chapter from first book to a second book + $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)]) + ->followRedirects() + ->see('You do not have permission') + ->seePageIs('/'); + + $reqData = [ + [ + 'id' => $secondBookChapter->id, + 'sort' => 0, + 'parentChapter' => false, + 'type' => 'chapter', + 'book' => $firstBook->id + ] + ]; + + // Move chapter from second book to first book + $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)]) + ->followRedirects() + ->see('You do not have permission') + ->seePageIs('/'); + } + + public function test_can_create_page_if_chapter_has_permissions_when_book_not_visible() + { + $book = Book::first(); + $this->setEntityRestrictions($book, []); + $bookChapter = $book->chapters->first(); + $this->setEntityRestrictions($bookChapter, ['view']); + + $this->actingAs($this->user)->visit($bookChapter->getUrl()) + ->dontSee('New Page'); + + $this->setEntityRestrictions($bookChapter, ['view', 'create']); + + $this->actingAs($this->user)->visit($bookChapter->getUrl()) + ->click('New Page') + ->seeStatusCode(200) + ->type('test page', 'name') + ->type('test content', 'html') + ->press('Save Page') + ->seePageIs($book->getUrl('/page/test-page')) + ->seeStatusCode(200); + } }