X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/ced8c8e4978a7458f1e3d2b75af64917cd50ec7d..refs/pull/446/head:/tests/Permissions/RestrictionsTest.php diff --git a/tests/Permissions/RestrictionsTest.php b/tests/Permissions/RestrictionsTest.php index 40b5a7647..faceab92c 100644 --- a/tests/Permissions/RestrictionsTest.php +++ b/tests/Permissions/RestrictionsTest.php @@ -1,33 +1,52 @@ -user = $this->getNewUser(); + $this->user = $this->getEditor(); + $this->viewer = $this->getViewer(); + $this->restrictionService = $this->app[\BookStack\Services\PermissionService::class]; + } + + protected function getViewer() + { + $role = \BookStack\Role::getRole('viewer'); + $viewer = $this->getNewBlankUser(); + $viewer->attachRole($role);; + return $viewer; } /** - * Manually set some restrictions on an entity. + * Manually set some permissions on an entity. * @param \BookStack\Entity $entity * @param $actions */ protected function setEntityRestrictions(\BookStack\Entity $entity, $actions) { $entity->restricted = true; - $entity->restrictions()->delete(); + $entity->permissions()->delete(); $role = $this->user->roles->first(); + $viewerRole = $this->viewer->roles->first(); foreach ($actions as $action) { - $entity->restrictions()->create([ + $entity->permissions()->create([ 'role_id' => $role->id, 'action' => strtolower($action) ]); + $entity->permissions()->create([ + 'role_id' => $viewerRole->id, + 'action' => strtolower($action) + ]); } $entity->save(); - $entity->load('restrictions'); + $entity->load('permissions'); + $this->restrictionService->buildJointPermissionsForEntity($entity); + $entity->load('jointPermissions'); } public function test_book_view_restriction() @@ -46,9 +65,9 @@ class RestrictionsTest extends TestCase $this->forceVisit($bookUrl) ->see('Book not found'); $this->forceVisit($bookPage->getUrl()) - ->see('Book not found'); + ->see('Page not found'); $this->forceVisit($bookChapter->getUrl()) - ->see('Book not found'); + ->see('Chapter not found'); $this->setEntityRestrictions($book, ['view']); @@ -65,6 +84,10 @@ class RestrictionsTest extends TestCase $book = \BookStack\Book::first(); $bookUrl = $book->getUrl(); + $this->actingAs($this->viewer) + ->visit($bookUrl) + ->dontSeeInElement('.action-buttons', 'New Page') + ->dontSeeInElement('.action-buttons', 'New Chapter'); $this->actingAs($this->user) ->visit($bookUrl) ->seeInElement('.action-buttons', 'New Page') @@ -203,6 +226,7 @@ class RestrictionsTest extends TestCase ->type('test content', 'html') ->press('Save Page') ->seePageIs($chapter->book->getUrl() . '/page/test-page'); + $this->visit($chapterUrl)->seeInElement('.action-buttons', 'New Page'); } @@ -319,13 +343,13 @@ class RestrictionsTest extends TestCase public function test_book_restriction_form() { $book = \BookStack\Book::first(); - $this->asAdmin()->visit($book->getUrl() . '/restrict') - ->see('Book Restrictions') + $this->asAdmin()->visit($book->getUrl() . '/permissions') + ->see('Book Permissions') ->check('restricted') ->check('restrictions[2][view]') - ->press('Save Restrictions') + ->press('Save Permissions') ->seeInDatabase('books', ['id' => $book->id, 'restricted' => true]) - ->seeInDatabase('restrictions', [ + ->seeInDatabase('entity_permissions', [ 'restrictable_id' => $book->id, 'restrictable_type' => 'BookStack\Book', 'role_id' => '2', @@ -336,13 +360,13 @@ class RestrictionsTest extends TestCase public function test_chapter_restriction_form() { $chapter = \BookStack\Chapter::first(); - $this->asAdmin()->visit($chapter->getUrl() . '/restrict') - ->see('Chapter Restrictions') + $this->asAdmin()->visit($chapter->getUrl() . '/permissions') + ->see('Chapter Permissions') ->check('restricted') ->check('restrictions[2][update]') - ->press('Save Restrictions') + ->press('Save Permissions') ->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true]) - ->seeInDatabase('restrictions', [ + ->seeInDatabase('entity_permissions', [ 'restrictable_id' => $chapter->id, 'restrictable_type' => 'BookStack\Chapter', 'role_id' => '2', @@ -353,13 +377,13 @@ class RestrictionsTest extends TestCase public function test_page_restriction_form() { $page = \BookStack\Page::first(); - $this->asAdmin()->visit($page->getUrl() . '/restrict') - ->see('Page Restrictions') + $this->asAdmin()->visit($page->getUrl() . '/permissions') + ->see('Page Permissions') ->check('restricted') ->check('restrictions[2][delete]') - ->press('Save Restrictions') + ->press('Save Permissions') ->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true]) - ->seeInDatabase('restrictions', [ + ->seeInDatabase('entity_permissions', [ 'restrictable_id' => $page->id, 'restrictable_type' => 'BookStack\Page', 'role_id' => '2', @@ -404,4 +428,116 @@ class RestrictionsTest extends TestCase ->dontSee($page->name); } + public function test_book_create_restriction_override() + { + $book = \BookStack\Book::first(); + + $bookUrl = $book->getUrl(); + $this->actingAs($this->viewer) + ->visit($bookUrl) + ->dontSeeInElement('.action-buttons', 'New Page') + ->dontSeeInElement('.action-buttons', 'New Chapter'); + + $this->setEntityRestrictions($book, ['view', 'delete', 'update']); + + $this->forceVisit($bookUrl . '/chapter/create') + ->see('You do not have permission')->seePageIs('/'); + $this->forceVisit($bookUrl . '/page/create') + ->see('You do not have permission')->seePageIs('/'); + $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page') + ->dontSeeInElement('.action-buttons', 'New Chapter'); + + $this->setEntityRestrictions($book, ['view', 'create']); + + $this->visit($bookUrl . '/chapter/create') + ->type('test chapter', 'name') + ->type('test description for chapter', 'description') + ->press('Save Chapter') + ->seePageIs($bookUrl . '/chapter/test-chapter'); + $this->visit($bookUrl . '/page/create') + ->type('test page', 'name') + ->type('test content', 'html') + ->press('Save Page') + ->seePageIs($bookUrl . '/page/test-page'); + $this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page') + ->seeInElement('.action-buttons', 'New Chapter'); + } + + public function test_book_update_restriction_override() + { + $book = \BookStack\Book::first(); + $bookPage = $book->pages->first(); + $bookChapter = $book->chapters->first(); + + $bookUrl = $book->getUrl(); + $this->actingAs($this->viewer) + ->visit($bookUrl . '/edit') + ->dontSee('Edit Book'); + + $this->setEntityRestrictions($book, ['view', 'delete']); + + $this->forceVisit($bookUrl . '/edit') + ->see('You do not have permission')->seePageIs('/'); + $this->forceVisit($bookPage->getUrl() . '/edit') + ->see('You do not have permission')->seePageIs('/'); + $this->forceVisit($bookChapter->getUrl() . '/edit') + ->see('You do not have permission')->seePageIs('/'); + + $this->setEntityRestrictions($book, ['view', 'update']); + + $this->visit($bookUrl . '/edit') + ->seePageIs($bookUrl . '/edit'); + $this->visit($bookPage->getUrl() . '/edit') + ->seePageIs($bookPage->getUrl() . '/edit'); + $this->visit($bookChapter->getUrl() . '/edit') + ->see('Edit Chapter'); + } + + public function test_book_delete_restriction_override() + { + $book = \BookStack\Book::first(); + $bookPage = $book->pages->first(); + $bookChapter = $book->chapters->first(); + + $bookUrl = $book->getUrl(); + $this->actingAs($this->viewer) + ->visit($bookUrl . '/delete') + ->dontSee('Delete Book'); + + $this->setEntityRestrictions($book, ['view', 'update']); + + $this->forceVisit($bookUrl . '/delete') + ->see('You do not have permission')->seePageIs('/'); + $this->forceVisit($bookPage->getUrl() . '/delete') + ->see('You do not have permission')->seePageIs('/'); + $this->forceVisit($bookChapter->getUrl() . '/delete') + ->see('You do not have permission')->seePageIs('/'); + + $this->setEntityRestrictions($book, ['view', 'delete']); + + $this->visit($bookUrl . '/delete') + ->seePageIs($bookUrl . '/delete')->see('Delete Book'); + $this->visit($bookPage->getUrl() . '/delete') + ->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page'); + $this->visit($bookChapter->getUrl() . '/delete') + ->see('Delete Chapter'); + } + + public function test_page_visible_if_has_permissions_when_book_not_visible() + { + $book = \BookStack\Book::first(); + $bookChapter = $book->chapters->first(); + $bookPage = $bookChapter->pages->first(); + + $this->setEntityRestrictions($book, []); + $this->setEntityRestrictions($bookPage, ['view']); + + $this->actingAs($this->viewer); + $this->get($bookPage->getUrl()); + $this->assertResponseOk(); + $this->see($bookPage->name); + $this->dontSee(substr($book->name, 0, 15)); + $this->dontSee(substr($bookChapter->name, 0, 15)); + } + }