X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/c429cf78187e80deb63982a282a1c6889f30291a..refs/pull/4554/head:/tests/Api/TestsApi.php

diff --git a/tests/Api/TestsApi.php b/tests/Api/TestsApi.php
index 683ca0c74..466acbffb 100644
--- a/tests/Api/TestsApi.php
+++ b/tests/Api/TestsApi.php
@@ -2,17 +2,40 @@
 
 namespace Tests\Api;
 
+use BookStack\Users\Models\User;
+
 trait TestsApi
 {
-    protected $apiTokenId = 'apitoken';
-    protected $apiTokenSecret = 'password';
+    protected string $apiTokenId = 'apitoken';
+    protected string $apiTokenSecret = 'password';
+
+    /**
+     * Set the given user as the current logged-in user via the API driver.
+     * This does not ensure API access. The user may still lack required role permissions.
+     */
+    protected function actingAsForApi(User $user): static
+    {
+        parent::actingAs($user, 'api');
+
+        return $this;
+    }
 
     /**
      * Set the API editor role as the current user via the API driver.
      */
-    protected function actingAsApiEditor()
+    protected function actingAsApiEditor(): static
+    {
+        $this->actingAs($this->users->editor(), 'api');
+
+        return $this;
+    }
+
+    /**
+     * Set the API admin role as the current user via the API driver.
+     */
+    protected function actingAsApiAdmin(): static
     {
-        $this->actingAs($this->getEditor(), 'api');
+        $this->actingAs($this->users->admin(), 'api');
 
         return $this;
     }
@@ -25,6 +48,14 @@ trait TestsApi
         return ['error' => ['code' => $code, 'message' => $message]];
     }
 
+    /**
+     * Get the structure that matches a permission error response.
+     */
+    protected function permissionErrorResponse(): array
+    {
+        return $this->errorResponse('You do not have permission to perform the requested action.', 403);
+    }
+
     /**
      * Format the given (field_name => ["messages"]) array
      * into a standard validation response format.