X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/cdb1c7ef88a0054c46ba9eb040464bdea274b095..99ce3067c7325bad066cde5eeb512ae421b869b4:/tests/Entity/SortTest.php diff --git a/tests/Entity/SortTest.php b/tests/Entity/SortTest.php index ea5ab665d..3c83d626a 100644 --- a/tests/Entity/SortTest.php +++ b/tests/Entity/SortTest.php @@ -1,15 +1,15 @@ book = Book::first(); @@ -18,8 +18,8 @@ class SortTest extends TestCase public function test_drafts_do_not_show_up() { $this->asAdmin(); - $entityRepo = app(EntityRepo::class); - $draft = $entityRepo->getDraftPage($this->book); + $pageRepo = app(PageRepo::class); + $draft = $pageRepo->getNewDraftPage($this->book); $resp = $this->get($this->book->getUrl()); $resp->assertSee($draft->name); @@ -57,14 +57,14 @@ class SortTest extends TestCase $newBook = Book::where('id', '!=', $currentBook->id)->first(); $editor = $this->getEditor(); - $this->setEntityRestrictions($newBook, ['view', 'edit', 'delete'], $editor->roles); + $this->setEntityRestrictions($newBook, ['view', 'update', 'delete'], $editor->roles); $movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id ]); $this->assertPermissionError($movePageResp); - $this->setEntityRestrictions($newBook, ['view', 'edit', 'delete', 'create'], $editor->roles); + $this->setEntityRestrictions($newBook, ['view', 'update', 'delete', 'create'], $editor->roles); $movePageResp = $this->put($page->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id ]); @@ -75,6 +75,33 @@ class SortTest extends TestCase $this->assertTrue($page->book->id == $newBook->id, 'Page book is now the new book'); } + public function test_page_move_requires_delete_permissions() + { + $page = Page::first(); + $currentBook = $page->book; + $newBook = Book::where('id', '!=', $currentBook->id)->first(); + $editor = $this->getEditor(); + + $this->setEntityRestrictions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles); + $this->setEntityRestrictions($page, ['view', 'update', 'create'], $editor->roles); + + $movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [ + 'entity_selection' => 'book:' . $newBook->id + ]); + $this->assertPermissionError($movePageResp); + $pageView = $this->get($page->getUrl()); + $pageView->assertDontSee($page->getUrl('/move')); + + $this->setEntityRestrictions($page, ['view', 'update', 'create', 'delete'], $editor->roles); + $movePageResp = $this->put($page->getUrl('/move'), [ + 'entity_selection' => 'book:' . $newBook->id + ]); + + $page = Page::find($page->id); + $movePageResp->assertRedirect($page->getUrl()); + $this->assertTrue($page->book->id == $newBook->id, 'Page book is now the new book'); + } + public function test_chapter_move() { $chapter = Chapter::first(); @@ -103,6 +130,33 @@ class SortTest extends TestCase $pageCheckResp->assertSee($newBook->name); } + public function test_chapter_move_requires_delete_permissions() + { + $chapter = Chapter::first(); + $currentBook = $chapter->book; + $newBook = Book::where('id', '!=', $currentBook->id)->first(); + $editor = $this->getEditor(); + + $this->setEntityRestrictions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles); + $this->setEntityRestrictions($chapter, ['view', 'update', 'create'], $editor->roles); + + $moveChapterResp = $this->actingAs($editor)->put($chapter->getUrl('/move'), [ + 'entity_selection' => 'book:' . $newBook->id + ]); + $this->assertPermissionError($moveChapterResp); + $pageView = $this->get($chapter->getUrl()); + $pageView->assertDontSee($chapter->getUrl('/move')); + + $this->setEntityRestrictions($chapter, ['view', 'update', 'create', 'delete'], $editor->roles); + $moveChapterResp = $this->put($chapter->getUrl('/move'), [ + 'entity_selection' => 'book:' . $newBook->id + ]); + + $chapter = Chapter::find($chapter->id); + $moveChapterResp->assertRedirect($chapter->getUrl()); + $this->assertTrue($chapter->book->id == $newBook->id, 'Page book is now the new book'); + } + public function test_book_sort() { $oldBook = Book::query()->first(); @@ -159,7 +213,6 @@ class SortTest extends TestCase 'entity_selection' => 'book:' . $newBook->id, 'name' => 'My copied test page' ]); - $pageCopy = Page::where('name', '=', 'My copied test page')->first(); $movePageResp->assertRedirect($pageCopy->getUrl()); @@ -185,4 +238,35 @@ class SortTest extends TestCase $this->assertTrue($pageCopy->id !== $page->id, 'Page copy is not the same instance'); } + public function test_page_can_be_copied_without_edit_permission() + { + $page = Page::first(); + $currentBook = $page->book; + $newBook = Book::where('id', '!=', $currentBook->id)->first(); + $viewer = $this->getViewer(); + + $resp = $this->actingAs($viewer)->get($page->getUrl()); + $resp->assertDontSee($page->getUrl('/copy')); + + $newBook->created_by = $viewer->id; + $newBook->save(); + $this->giveUserPermissions($viewer, ['page-create-own']); + $this->regenEntityPermissions($newBook); + + $resp = $this->actingAs($viewer)->get($page->getUrl()); + $resp->assertSee($page->getUrl('/copy')); + + $movePageResp = $this->post($page->getUrl('/copy'), [ + 'entity_selection' => 'book:' . $newBook->id, + 'name' => 'My copied test page' + ]); + $movePageResp->assertRedirect(); + + $this->assertDatabaseHas('pages', [ + 'name' => 'My copied test page', + 'created_by' => $viewer->id, + 'book_id' => $newBook->id, + ]); + } + } \ No newline at end of file