'update' => [
'owner_id' => ['int'],
- 'override_role_permissions' => ['array'],
- 'override_role_permissions.*.role_id' => ['required', 'int'],
- 'override_role_permissions.*.view' => ['required', 'boolean'],
- 'override_role_permissions.*.create' => ['required', 'boolean'],
- 'override_role_permissions.*.update' => ['required', 'boolean'],
- 'override_role_permissions.*.delete' => ['required', 'boolean'],
-
- 'override_fallback_permissions' => ['nullable'],
- 'override_fallback_permissions.view' => ['required', 'boolean'],
- 'override_fallback_permissions.create' => ['required', 'boolean'],
- 'override_fallback_permissions.update' => ['required', 'boolean'],
- 'override_fallback_permissions.delete' => ['required', 'boolean'],
+ 'role_permissions' => ['array'],
+ 'role_permissions.*.role_id' => ['required', 'int', 'exists:roles,id'],
+ 'role_permissions.*.view' => ['required', 'boolean'],
+ 'role_permissions.*.create' => ['required', 'boolean'],
+ 'role_permissions.*.update' => ['required', 'boolean'],
+ 'role_permissions.*.delete' => ['required', 'boolean'],
+
+ 'fallback_permissions' => ['nullable'],
+ 'fallback_permissions.inheriting' => ['required_with:fallback_permissions', 'boolean'],
+ 'fallback_permissions.view' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
+ 'fallback_permissions.create' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
+ 'fallback_permissions.update' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
+ 'fallback_permissions.delete' => ['required_if:fallback_permissions.inheriting,false', 'boolean'],
]
];
* Read the configured content-level permissions for the item of the given type and ID.
* 'contentType' should be one of: page, book, chapter, bookshelf.
* 'contentId' should be the relevant ID of that item type you'd like to handle permissions for.
+ * The permissions shown are those that override the default for just the specified item, they do not show the
+ * full evaluated permission for a role, nor do they reflect permissions inherited from other items in the hierarchy.
+ * Fallback permission values may be `null` when inheriting is active.
*/
public function read(string $contentType, string $contentId)
{
* Update the configured content-level permissions for the item of the given type and ID.
* 'contentType' should be one of: page, book, chapter, bookshelf.
* 'contentId' should be the relevant ID of that item type you'd like to handle permissions for.
+ * Providing an empty `role_permissions` array will remove any existing configured role permissions,
+ * so you may want to fetch existing permissions beforehand if just adding/removing a single item.
+ * You should completely omit the `owner_id`, `role_permissions` and/or the `fallback_permissions` properties
+ * if you don't wish to update details within those categories.
*/
public function update(Request $request, string $contentType, string $contentId)
{
->get();
$fallback = $entity->permissions()->where('role_id', '=', 0)->first();
- $fallback?->makeHidden('role_id');
+ $fallbackData = [
+ 'inheriting' => is_null($fallback),
+ 'view' => $fallback->view ?? null,
+ 'create' => $fallback->create ?? null,
+ 'update' => $fallback->update ?? null,
+ 'delete' => $fallback->delete ?? null,
+ ];
return [
'owner' => $entity->ownedBy()->first(),
- 'override_role_permissions' => $rolePermissions,
- 'override_fallback_permissions' => $fallback,
- 'inheriting' => is_null($fallback),
+ 'role_permissions' => $rolePermissions,
+ 'fallback_permissions' => $fallbackData,
];
}
}
--- /dev/null
+<?php
+
+namespace Tests\Api;
+
+use Tests\TestCase;
+
+class ContentPermissionsApiTest extends TestCase
+{
+ use TestsApi;
+
+ protected string $baseEndpoint = '/api/content-permissions';
+
+ public function test_user_roles_manage_permission_needed_for_all_endpoints()
+ {
+ $page = $this->entities->page();
+ $endpointMap = [
+ ['get', "/api/content-permissions/page/{$page->id}"],
+ ['put', "/api/content-permissions/page/{$page->id}"],
+ ];
+ $editor = $this->users->editor();
+
+ $this->actingAs($editor, 'api');
+ foreach ($endpointMap as [$method, $uri]) {
+ $resp = $this->json($method, $uri);
+ $resp->assertStatus(403);
+ $resp->assertJson($this->permissionErrorResponse());
+ }
+
+ $this->permissions->grantUserRolePermissions($editor, ['restrictions-manage-all']);
+
+ foreach ($endpointMap as [$method, $uri]) {
+ $resp = $this->json($method, $uri);
+ $this->assertNotEquals(403, $resp->getStatusCode());
+ }
+ }
+
+ public function test_read_endpoint_shows_expected_detail()
+ {
+ $page = $this->entities->page();
+ $owner = $this->users->newUser();
+ $role = $this->users->createRole();
+ $this->permissions->addEntityPermission($page, ['view', 'delete'], $role);
+ $this->permissions->changeEntityOwner($page, $owner);
+ $this->permissions->setFallbackPermissions($page, ['update', 'create']);
+
+ $this->actingAsApiAdmin();
+ $resp = $this->getJson($this->baseEndpoint . "/page/{$page->id}");
+
+ $resp->assertOk();
+ $resp->assertExactJson([
+ 'owner' => [
+ 'id' => $owner->id, 'name' => $owner->name, 'slug' => $owner->slug,
+ ],
+ 'role_permissions' => [
+ [
+ 'role_id' => $role->id,
+ 'view' => true,
+ 'create' => false,
+ 'update' => false,
+ 'delete' => true,
+ 'role' => [
+ 'id' => $role->id,
+ 'display_name' => $role->display_name,
+ ]
+ ]
+ ],
+ 'fallback_permissions' => [
+ 'inheriting' => false,
+ 'view' => false,
+ 'create' => true,
+ 'update' => true,
+ 'delete' => false,
+ ],
+ ]);
+ }
+
+ public function test_read_endpoint_shows_expected_detail_when_items_are_empty()
+ {
+ $page = $this->entities->page();
+ $page->permissions()->delete();
+ $page->owned_by = null;
+ $page->save();
+
+ $this->actingAsApiAdmin();
+ $resp = $this->getJson($this->baseEndpoint . "/page/{$page->id}");
+
+ $resp->assertOk();
+ $resp->assertExactJson([
+ 'owner' => null,
+ 'role_permissions' => [],
+ 'fallback_permissions' => [
+ 'inheriting' => true,
+ 'view' => null,
+ 'create' => null,
+ 'update' => null,
+ 'delete' => null,
+ ],
+ ]);
+ }
+
+ public function test_update_endpoint_can_change_owner()
+ {
+ $page = $this->entities->page();
+ $newOwner = $this->users->newUser();
+
+ $this->actingAsApiAdmin();
+ $resp = $this->putJson($this->baseEndpoint . "/page/{$page->id}", [
+ 'owner_id' => $newOwner->id,
+ ]);
+
+ $resp->assertOk();
+ $resp->assertExactJson([
+ 'owner' => ['id' => $newOwner->id, 'name' => $newOwner->name, 'slug' => $newOwner->slug],
+ 'role_permissions' => [],
+ 'fallback_permissions' => [
+ 'inheriting' => true,
+ 'view' => null,
+ 'create' => null,
+ 'update' => null,
+ 'delete' => null,
+ ],
+ ]);
+ }
+
+ public function test_update_can_set_role_permissions()
+ {
+ $page = $this->entities->page();
+ $page->owned_by = null;
+ $page->save();
+ $newRoleA = $this->users->createRole();
+ $newRoleB = $this->users->createRole();
+
+ $this->actingAsApiAdmin();
+ $resp = $this->putJson($this->baseEndpoint . "/page/{$page->id}", [
+ 'role_permissions' => [
+ ['role_id' => $newRoleA->id, 'view' => true, 'create' => false, 'update' => false, 'delete' => false],
+ ['role_id' => $newRoleB->id, 'view' => true, 'create' => false, 'update' => true, 'delete' => true],
+ ],
+ ]);
+
+ $resp->assertOk();
+ $resp->assertExactJson([
+ 'owner' => null,
+ 'role_permissions' => [
+ [
+ 'role_id' => $newRoleA->id,
+ 'view' => true,
+ 'create' => false,
+ 'update' => false,
+ 'delete' => false,
+ 'role' => [
+ 'id' => $newRoleA->id,
+ 'display_name' => $newRoleA->display_name,
+ ]
+ ],
+ [
+ 'role_id' => $newRoleB->id,
+ 'view' => true,
+ 'create' => false,
+ 'update' => true,
+ 'delete' => true,
+ 'role' => [
+ 'id' => $newRoleB->id,
+ 'display_name' => $newRoleB->display_name,
+ ]
+ ]
+ ],
+ 'fallback_permissions' => [
+ 'inheriting' => true,
+ 'view' => null,
+ 'create' => null,
+ 'update' => null,
+ 'delete' => null,
+ ],
+ ]);
+ }
+
+ public function test_update_can_set_fallback_permissions()
+ {
+ $page = $this->entities->page();
+ $page->owned_by = null;
+ $page->save();
+
+ $this->actingAsApiAdmin();
+ $resp = $this->putJson($this->baseEndpoint . "/page/{$page->id}", [
+ 'fallback_permissions' => [
+ 'inheriting' => false,
+ 'view' => true,
+ 'create' => true,
+ 'update' => true,
+ 'delete' => false,
+ ],
+ ]);
+
+ $resp->assertOk();
+ $resp->assertExactJson([
+ 'owner' => null,
+ 'role_permissions' => [],
+ 'fallback_permissions' => [
+ 'inheriting' => false,
+ 'view' => true,
+ 'create' => true,
+ 'update' => true,
+ 'delete' => false,
+ ],
+ ]);
+ }
+
+ public function test_update_can_clear_roles_permissions()
+ {
+ $page = $this->entities->page();
+ $this->permissions->addEntityPermission($page, ['view'], $this->users->createRole());
+ $page->owned_by = null;
+ $page->save();
+
+ $this->actingAsApiAdmin();
+ $resp = $this->putJson($this->baseEndpoint . "/page/{$page->id}", [
+ 'role_permissions' => [],
+ ]);
+
+ $resp->assertOk();
+ $resp->assertExactJson([
+ 'owner' => null,
+ 'role_permissions' => [],
+ 'fallback_permissions' => [
+ 'inheriting' => true,
+ 'view' => null,
+ 'create' => null,
+ 'update' => null,
+ 'delete' => null,
+ ],
+ ]);
+ }
+
+ public function test_update_can_clear_fallback_permissions()
+ {
+ $page = $this->entities->page();
+ $this->permissions->setFallbackPermissions($page, ['view', 'update']);
+ $page->owned_by = null;
+ $page->save();
+
+ $this->actingAsApiAdmin();
+ $resp = $this->putJson($this->baseEndpoint . "/page/{$page->id}", [
+ 'fallback_permissions' => [
+ 'inheriting' => true,
+ ],
+ ]);
+
+ $resp->assertOk();
+ $resp->assertExactJson([
+ 'owner' => null,
+ 'role_permissions' => [],
+ 'fallback_permissions' => [
+ 'inheriting' => true,
+ 'view' => null,
+ 'create' => null,
+ 'update' => null,
+ 'delete' => null,
+ ],
+ ]);
+ }
+}
projects / bookstack / commitdiff