X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/b5a2d3c1c423d81b80fd7034a33ada85863a29ad..refs/pull/2296/head:/tests/Permissions/RestrictionsTest.php diff --git a/tests/Permissions/RestrictionsTest.php b/tests/Permissions/RestrictionsTest.php index 2bbb1a5fa..7d6c1831a 100644 --- a/tests/Permissions/RestrictionsTest.php +++ b/tests/Permissions/RestrictionsTest.php @@ -1,9 +1,12 @@ -user = $this->getEditor(); @@ -34,6 +37,63 @@ class RestrictionsTest extends BrowserKitTest parent::setEntityRestrictions($entity, $actions, $roles); } + public function test_bookshelf_view_restriction() + { + $shelf = Bookshelf::first(); + + $this->actingAs($this->user) + ->visit($shelf->getUrl()) + ->seePageIs($shelf->getUrl()); + + $this->setEntityRestrictions($shelf, []); + + $this->forceVisit($shelf->getUrl()) + ->see('Bookshelf not found'); + + $this->setEntityRestrictions($shelf, ['view']); + + $this->visit($shelf->getUrl()) + ->see($shelf->name); + } + + public function test_bookshelf_update_restriction() + { + $shelf = BookShelf::first(); + + $this->actingAs($this->user) + ->visit($shelf->getUrl('/edit')) + ->see('Edit Book'); + + $this->setEntityRestrictions($shelf, ['view', 'delete']); + + $this->forceVisit($shelf->getUrl('/edit')) + ->see('You do not have permission')->seePageIs('/'); + + $this->setEntityRestrictions($shelf, ['view', 'update']); + + $this->visit($shelf->getUrl('/edit')) + ->seePageIs($shelf->getUrl('/edit')); + } + + public function test_bookshelf_delete_restriction() + { + $shelf = Book::first(); + + $this->actingAs($this->user) + ->visit($shelf->getUrl('/delete')) + ->see('Delete Book'); + + $this->setEntityRestrictions($shelf, ['view', 'update']); + + $this->forceVisit($shelf->getUrl('/delete')) + ->see('You do not have permission')->seePageIs('/'); + + $this->setEntityRestrictions($shelf, ['view', 'delete']); + + $this->visit($shelf->getUrl('/delete')) + ->seePageIs($shelf->getUrl('/delete'))->see('Delete Book'); + } + public function test_book_view_restriction() { $book = Book::first(); @@ -71,12 +131,12 @@ class RestrictionsTest extends BrowserKitTest $bookUrl = $book->getUrl(); $this->actingAs($this->viewer) ->visit($bookUrl) - ->dontSeeInElement('.action-buttons', 'New Page') - ->dontSeeInElement('.action-buttons', 'New Chapter'); + ->dontSeeInElement('.actions', 'New Page') + ->dontSeeInElement('.actions', 'New Chapter'); $this->actingAs($this->user) ->visit($bookUrl) - ->seeInElement('.action-buttons', 'New Page') - ->seeInElement('.action-buttons', 'New Chapter'); + ->seeInElement('.actions', 'New Page') + ->seeInElement('.actions', 'New Chapter'); $this->setEntityRestrictions($book, ['view', 'delete', 'update']); @@ -84,8 +144,8 @@ class RestrictionsTest extends BrowserKitTest ->see('You do not have permission')->seePageIs('/'); $this->forceVisit($bookUrl . '/create-page') ->see('You do not have permission')->seePageIs('/'); - $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page') - ->dontSeeInElement('.action-buttons', 'New Chapter'); + $this->visit($bookUrl)->dontSeeInElement('.actions', 'New Page') + ->dontSeeInElement('.actions', 'New Chapter'); $this->setEntityRestrictions($book, ['view', 'create']); @@ -99,8 +159,8 @@ class RestrictionsTest extends BrowserKitTest ->type('test content', 'html') ->press('Save Page') ->seePageIs($bookUrl . '/page/test-page'); - $this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page') - ->seeInElement('.action-buttons', 'New Chapter'); + $this->visit($bookUrl)->seeInElement('.actions', 'New Page') + ->seeInElement('.actions', 'New Chapter'); } public function test_book_update_restriction() @@ -165,7 +225,7 @@ class RestrictionsTest extends BrowserKitTest public function test_chapter_view_restriction() { - $chapter = \BookStack\Chapter::first(); + $chapter = Chapter::first(); $chapterPage = $chapter->pages->first(); $chapterUrl = $chapter->getUrl(); @@ -190,18 +250,18 @@ class RestrictionsTest extends BrowserKitTest public function test_chapter_create_restriction() { - $chapter = \BookStack\Chapter::first(); + $chapter = Chapter::first(); $chapterUrl = $chapter->getUrl(); $this->actingAs($this->user) ->visit($chapterUrl) - ->seeInElement('.action-buttons', 'New Page'); + ->seeInElement('.actions', 'New Page'); $this->setEntityRestrictions($chapter, ['view', 'delete', 'update']); $this->forceVisit($chapterUrl . '/create-page') ->see('You do not have permission')->seePageIs('/'); - $this->visit($chapterUrl)->dontSeeInElement('.action-buttons', 'New Page'); + $this->visit($chapterUrl)->dontSeeInElement('.actions', 'New Page'); $this->setEntityRestrictions($chapter, ['view', 'create']); @@ -212,12 +272,12 @@ class RestrictionsTest extends BrowserKitTest ->press('Save Page') ->seePageIs($chapter->book->getUrl() . '/page/test-page'); - $this->visit($chapterUrl)->seeInElement('.action-buttons', 'New Page'); + $this->visit($chapterUrl)->seeInElement('.actions', 'New Page'); } public function test_chapter_update_restriction() { - $chapter = \BookStack\Chapter::first(); + $chapter = Chapter::first(); $chapterPage = $chapter->pages->first(); $chapterUrl = $chapter->getUrl(); @@ -242,7 +302,7 @@ class RestrictionsTest extends BrowserKitTest public function test_chapter_delete_restriction() { - $chapter = \BookStack\Chapter::first(); + $chapter = Chapter::first(); $chapterPage = $chapter->pages->first(); $chapterUrl = $chapter->getUrl(); @@ -267,7 +327,7 @@ class RestrictionsTest extends BrowserKitTest public function test_page_view_restriction() { - $page = \BookStack\Page::first(); + $page = Page::first(); $pageUrl = $page->getUrl(); $this->actingAs($this->user) @@ -287,7 +347,7 @@ class RestrictionsTest extends BrowserKitTest public function test_page_update_restriction() { - $page = \BookStack\Chapter::first(); + $page = Chapter::first(); $pageUrl = $page->getUrl(); $this->actingAs($this->user) @@ -307,7 +367,7 @@ class RestrictionsTest extends BrowserKitTest public function test_page_delete_restriction() { - $page = \BookStack\Page::first(); + $page = Page::first(); $pageUrl = $page->getUrl(); $this->actingAs($this->user) @@ -325,6 +385,23 @@ class RestrictionsTest extends BrowserKitTest ->seePageIs($pageUrl . '/delete')->see('Delete Page'); } + public function test_bookshelf_restriction_form() + { + $shelf = Bookshelf::first(); + $this->asAdmin()->visit($shelf->getUrl('/permissions')) + ->see('Bookshelf Permissions') + ->check('restricted') + ->check('restrictions[2][view]') + ->press('Save Permissions') + ->seeInDatabase('bookshelves', ['id' => $shelf->id, 'restricted' => true]) + ->seeInDatabase('entity_permissions', [ + 'restrictable_id' => $shelf->id, + 'restrictable_type' => Bookshelf::newModelInstance()->getMorphClass(), + 'role_id' => '2', + 'action' => 'view' + ]); + } + public function test_book_restriction_form() { $book = Book::first(); @@ -336,7 +413,7 @@ class RestrictionsTest extends BrowserKitTest ->seeInDatabase('books', ['id' => $book->id, 'restricted' => true]) ->seeInDatabase('entity_permissions', [ 'restrictable_id' => $book->id, - 'restrictable_type' => 'BookStack\Book', + 'restrictable_type' => Book::newModelInstance()->getMorphClass(), 'role_id' => '2', 'action' => 'view' ]); @@ -344,7 +421,7 @@ class RestrictionsTest extends BrowserKitTest public function test_chapter_restriction_form() { - $chapter = \BookStack\Chapter::first(); + $chapter = Chapter::first(); $this->asAdmin()->visit($chapter->getUrl() . '/permissions') ->see('Chapter Permissions') ->check('restricted') @@ -353,7 +430,7 @@ class RestrictionsTest extends BrowserKitTest ->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true]) ->seeInDatabase('entity_permissions', [ 'restrictable_id' => $chapter->id, - 'restrictable_type' => 'BookStack\Chapter', + 'restrictable_type' => Chapter::newModelInstance()->getMorphClass(), 'role_id' => '2', 'action' => 'update' ]); @@ -361,7 +438,7 @@ class RestrictionsTest extends BrowserKitTest public function test_page_restriction_form() { - $page = \BookStack\Page::first(); + $page = Page::first(); $this->asAdmin()->visit($page->getUrl() . '/permissions') ->see('Page Permissions') ->check('restricted') @@ -370,7 +447,7 @@ class RestrictionsTest extends BrowserKitTest ->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true]) ->seeInDatabase('entity_permissions', [ 'restrictable_id' => $page->id, - 'restrictable_type' => 'BookStack\Page', + 'restrictable_type' => Page::newModelInstance()->getMorphClass(), 'role_id' => '2', 'action' => 'delete' ]); @@ -378,7 +455,7 @@ class RestrictionsTest extends BrowserKitTest public function test_restricted_pages_not_visible_in_book_navigation_on_pages() { - $chapter = \BookStack\Chapter::first(); + $chapter = Chapter::first(); $page = $chapter->pages->first(); $page2 = $chapter->pages[2]; @@ -391,7 +468,7 @@ class RestrictionsTest extends BrowserKitTest public function test_restricted_pages_not_visible_in_book_navigation_on_chapters() { - $chapter = \BookStack\Chapter::first(); + $chapter = Chapter::first(); $page = $chapter->pages->first(); $this->setEntityRestrictions($page, []); @@ -403,7 +480,7 @@ class RestrictionsTest extends BrowserKitTest public function test_restricted_pages_not_visible_on_chapter_pages() { - $chapter = \BookStack\Chapter::first(); + $chapter = Chapter::first(); $page = $chapter->pages->first(); $this->setEntityRestrictions($page, []); @@ -413,6 +490,44 @@ class RestrictionsTest extends BrowserKitTest ->dontSee($page->name); } + public function test_bookshelf_update_restriction_override() + { + $shelf = Bookshelf::first(); + + $this->actingAs($this->viewer) + ->visit($shelf->getUrl('/edit')) + ->dontSee('Edit Book'); + + $this->setEntityRestrictions($shelf, ['view', 'delete']); + + $this->forceVisit($shelf->getUrl('/edit')) + ->see('You do not have permission')->seePageIs('/'); + + $this->setEntityRestrictions($shelf, ['view', 'update']); + + $this->visit($shelf->getUrl('/edit')) + ->seePageIs($shelf->getUrl('/edit')); + } + + public function test_bookshelf_delete_restriction_override() + { + $shelf = Bookshelf::first(); + + $this->actingAs($this->viewer) + ->visit($shelf->getUrl('/delete')) + ->dontSee('Delete Book'); + + $this->setEntityRestrictions($shelf, ['view', 'update']); + + $this->forceVisit($shelf->getUrl('/delete')) + ->see('You do not have permission')->seePageIs('/'); + + $this->setEntityRestrictions($shelf, ['view', 'delete']); + + $this->visit($shelf->getUrl('/delete')) + ->seePageIs($shelf->getUrl('/delete'))->see('Delete Book'); + } + public function test_book_create_restriction_override() { $book = Book::first(); @@ -420,8 +535,8 @@ class RestrictionsTest extends BrowserKitTest $bookUrl = $book->getUrl(); $this->actingAs($this->viewer) ->visit($bookUrl) - ->dontSeeInElement('.action-buttons', 'New Page') - ->dontSeeInElement('.action-buttons', 'New Chapter'); + ->dontSeeInElement('.actions', 'New Page') + ->dontSeeInElement('.actions', 'New Chapter'); $this->setEntityRestrictions($book, ['view', 'delete', 'update']); @@ -429,8 +544,8 @@ class RestrictionsTest extends BrowserKitTest ->see('You do not have permission')->seePageIs('/'); $this->forceVisit($bookUrl . '/create-page') ->see('You do not have permission')->seePageIs('/'); - $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page') - ->dontSeeInElement('.action-buttons', 'New Chapter'); + $this->visit($bookUrl)->dontSeeInElement('.actions', 'New Page') + ->dontSeeInElement('.actions', 'New Chapter'); $this->setEntityRestrictions($book, ['view', 'create']); @@ -444,8 +559,8 @@ class RestrictionsTest extends BrowserKitTest ->type('test content', 'html') ->press('Save Page') ->seePageIs($bookUrl . '/page/test-page'); - $this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page') - ->seeInElement('.action-buttons', 'New Chapter'); + $this->visit($bookUrl)->seeInElement('.actions', 'New Page') + ->seeInElement('.actions', 'New Chapter'); } public function test_book_update_restriction_override() @@ -530,11 +645,9 @@ class RestrictionsTest extends BrowserKitTest { $firstBook = Book::first(); $secondBook = Book::find(2); - $thirdBook = Book::find(3); $this->setEntityRestrictions($firstBook, ['view', 'update']); $this->setEntityRestrictions($secondBook, ['view']); - $this->setEntityRestrictions($thirdBook, ['view', 'update']); // Test sort page visibility $this->actingAs($this->user)->visit($secondBook->getUrl() . '/sort') @@ -542,9 +655,7 @@ class RestrictionsTest extends BrowserKitTest ->seePageIs('/'); // Check sort page on first book - $this->actingAs($this->user)->visit($firstBook->getUrl() . '/sort') - ->see($thirdBook->name) - ->dontSee($secondBook->name); + $this->actingAs($this->user)->visit($firstBook->getUrl() . '/sort'); } public function test_book_sort_permission() { @@ -554,10 +665,8 @@ class RestrictionsTest extends BrowserKitTest $this->setEntityRestrictions($firstBook, ['view', 'update']); $this->setEntityRestrictions($secondBook, ['view']); - $firstBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter', - ['name' => 'first book chapter'], $firstBook); - $secondBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter', - ['name' => 'second book chapter'], $secondBook); + $firstBookChapter = $this->newChapter(['name' => 'first book chapter'], $firstBook); + $secondBookChapter = $this->newChapter(['name' => 'second book chapter'], $secondBook); // Create request data $reqData = [