BookStack Code Mirror - bookstack/blob - tests/Api/PagesApiTest.php

   1 <?php
   2
   3 namespace Tests\Api;
   4
   5 use BookStack\Entities\Models\Book;
   6 use BookStack\Entities\Models\Chapter;
   7 use BookStack\Entities\Models\Page;
   8 use Carbon\Carbon;
   9 use Illuminate\Support\Facades\DB;
  10 use Tests\TestCase;
  11
  12 class PagesApiTest extends TestCase
  13 {
  14     use TestsApi;
  15
  16     protected string $baseEndpoint = '/api/pages';
  17
  18     public function test_index_endpoint_returns_expected_page()
  19     {
  20         $this->actingAsApiEditor();
  21         $firstPage = Page::query()->orderBy('id', 'asc')->first();
  22
  23         $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
  24         $resp->assertJson(['data' => [
  25             [
  26                 'id'       => $firstPage->id,
  27                 'name'     => $firstPage->name,
  28                 'slug'     => $firstPage->slug,
  29                 'book_id'  => $firstPage->book->id,
  30                 'priority' => $firstPage->priority,
  31             ],
  32         ]]);
  33     }
  34
  35     public function test_create_endpoint()
  36     {
  37         $this->actingAsApiEditor();
  38         $book = Book::query()->first();
  39         $details = [
  40             'name'    => 'My API page',
  41             'book_id' => $book->id,
  42             'html'    => '<p>My new page content</p>',
  43             'tags'    => [
  44                 [
  45                     'name'  => 'tagname',
  46                     'value' => 'tagvalue',
  47                 ],
  48             ],
  49         ];
  50
  51         $resp = $this->postJson($this->baseEndpoint, $details);
  52         unset($details['html']);
  53         $resp->assertStatus(200);
  54         $newItem = Page::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();
  55         $resp->assertJson(array_merge($details, ['id' => $newItem->id, 'slug' => $newItem->slug]));
  56         $this->assertDatabaseHas('tags', [
  57             'entity_id'   => $newItem->id,
  58             'entity_type' => $newItem->getMorphClass(),
  59             'name'        => 'tagname',
  60             'value'       => 'tagvalue',
  61         ]);
  62         $resp->assertSeeText('My new page content');
  63         $resp->assertJsonMissing(['book' => []]);
  64         $this->assertActivityExists('page_create', $newItem);
  65     }
  66
  67     public function test_page_name_needed_to_create()
  68     {
  69         $this->actingAsApiEditor();
  70         $book = Book::query()->first();
  71         $details = [
  72             'book_id' => $book->id,
  73             'html'    => '<p>A page created via the API</p>',
  74         ];
  75
  76         $resp = $this->postJson($this->baseEndpoint, $details);
  77         $resp->assertStatus(422);
  78         $resp->assertJson($this->validationResponse([
  79             'name' => ['The name field is required.'],
  80         ]));
  81     }
  82
  83     public function test_book_id_or_chapter_id_needed_to_create()
  84     {
  85         $this->actingAsApiEditor();
  86         $details = [
  87             'name' => 'My api page',
  88             'html' => '<p>A page created via the API</p>',
  89         ];
  90
  91         $resp = $this->postJson($this->baseEndpoint, $details);
  92         $resp->assertStatus(422);
  93         $resp->assertJson($this->validationResponse([
  94             'book_id'    => ['The book id field is required when chapter id is not present.'],
  95             'chapter_id' => ['The chapter id field is required when book id is not present.'],
  96         ]));
  97
  98         $chapter = Chapter::visible()->first();
  99         $resp = $this->postJson($this->baseEndpoint, array_merge($details, ['chapter_id' => $chapter->id]));
 100         $resp->assertStatus(200);
 101
 102         $book = Book::visible()->first();
 103         $resp = $this->postJson($this->baseEndpoint, array_merge($details, ['book_id' => $book->id]));
 104         $resp->assertStatus(200);
 105     }
 106
 107     public function test_markdown_can_be_provided_for_create()
 108     {
 109         $this->actingAsApiEditor();
 110         $book = Book::visible()->first();
 111         $details = [
 112             'book_id'  => $book->id,
 113             'name'     => 'My api page',
 114             'markdown' => "# A new API page \n[link](https://example.com)",
 115         ];
 116
 117         $resp = $this->postJson($this->baseEndpoint, $details);
 118         $resp->assertJson(['markdown' => $details['markdown']]);
 119
 120         $respHtml = $resp->json('html');
 121         $this->assertStringContainsString('new API page</h1>', $respHtml);
 122         $this->assertStringContainsString('link</a>', $respHtml);
 123         $this->assertStringContainsString('href="https://example.com"', $respHtml);
 124     }
 125
 126     public function test_read_endpoint()
 127     {
 128         $this->actingAsApiEditor();
 129         $page = Page::visible()->first();
 130
 131         $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
 132         $resp->assertStatus(200);
 133         $resp->assertJson([
 134             'id'         => $page->id,
 135             'slug'       => $page->slug,
 136             'created_by' => [
 137                 'name' => $page->createdBy->name,
 138             ],
 139             'book_id'    => $page->book_id,
 140             'updated_by' => [
 141                 'name' => $page->createdBy->name,
 142             ],
 143             'owned_by' => [
 144                 'name' => $page->ownedBy->name,
 145             ],
 146         ]);
 147     }
 148
 149     public function test_read_endpoint_provides_rendered_html()
 150     {
 151         $this->actingAsApiEditor();
 152         $page = Page::visible()->first();
 153         $page->html = "<p>testing</p><script>alert('danger')</script><h1>Hello</h1>";
 154         $page->save();
 155
 156         $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
 157         $html = $resp->json('html');
 158         $this->assertStringNotContainsString('script', $html);
 159         $this->assertStringContainsString('Hello', $html);
 160         $this->assertStringContainsString('testing', $html);
 161     }
 162
 163     public function test_update_endpoint()
 164     {
 165         $this->actingAsApiEditor();
 166         $page = Page::visible()->first();
 167         $details = [
 168             'name' => 'My updated API page',
 169             'html' => '<p>A page created via the API</p>',
 170             'tags' => [
 171                 [
 172                     'name'  => 'freshtag',
 173                     'value' => 'freshtagval',
 174                 ],
 175             ],
 176         ];
 177
 178         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 179         $page->refresh();
 180
 181         $resp->assertStatus(200);
 182         unset($details['html']);
 183         $resp->assertJson(array_merge($details, [
 184             'id' => $page->id, 'slug' => $page->slug, 'book_id' => $page->book_id,
 185         ]));
 186         $this->assertActivityExists('page_update', $page);
 187     }
 188
 189     public function test_providing_new_chapter_id_on_update_will_move_page()
 190     {
 191         $this->actingAsApiEditor();
 192         $page = Page::visible()->first();
 193         $chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
 194         $details = [
 195             'name'       => 'My updated API page',
 196             'chapter_id' => $chapter->id,
 197             'html'       => '<p>A page created via the API</p>',
 198         ];
 199
 200         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 201         $resp->assertStatus(200);
 202         $resp->assertJson([
 203             'chapter_id' => $chapter->id,
 204             'book_id'    => $chapter->book_id,
 205         ]);
 206     }
 207
 208     public function test_providing_move_via_update_requires_page_create_permission_on_new_parent()
 209     {
 210         $this->actingAsApiEditor();
 211         $page = Page::visible()->first();
 212         $chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
 213         $this->setEntityRestrictions($chapter, ['view'], [$this->getEditor()->roles()->first()]);
 214         $details = [
 215             'name'       => 'My updated API page',
 216             'chapter_id' => $chapter->id,
 217             'html'       => '<p>A page created via the API</p>',
 218         ];
 219
 220         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 221         $resp->assertStatus(403);
 222     }
 223
 224     public function test_update_endpoint_does_not_wipe_content_if_no_html_or_md_provided()
 225     {
 226         $this->actingAsApiEditor();
 227         $page = Page::visible()->first();
 228         $originalContent = $page->html;
 229         $details = [
 230             'name' => 'My updated API page',
 231             'tags' => [
 232                 [
 233                     'name'  => 'freshtag',
 234                     'value' => 'freshtagval',
 235                 ],
 236             ],
 237         ];
 238
 239         $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 240         $page->refresh();
 241
 242         $this->assertEquals($originalContent, $page->html);
 243     }
 244
 245     public function test_update_increments_updated_date_if_only_tags_are_sent()
 246     {
 247         $this->actingAsApiEditor();
 248         $page = Page::visible()->first();
 249         DB::table('pages')->where('id', '=', $page->id)->update(['updated_at' => Carbon::now()->subWeek()]);
 250
 251         $details = [
 252             'tags' => [['name' => 'Category', 'value' => 'Testing']]
 253         ];
 254
 255         $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 256         $page->refresh();
 257         $this->assertGreaterThan(Carbon::now()->subDay()->unix(), $page->updated_at->unix());
 258     }
 259
 260     public function test_delete_endpoint()
 261     {
 262         $this->actingAsApiEditor();
 263         $page = Page::visible()->first();
 264         $resp = $this->deleteJson($this->baseEndpoint . "/{$page->id}");
 265
 266         $resp->assertStatus(204);
 267         $this->assertActivityExists('page_delete', $page);
 268     }
 269
 270     public function test_export_html_endpoint()
 271     {
 272         $this->actingAsApiEditor();
 273         $page = Page::visible()->first();
 274
 275         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/html");
 276         $resp->assertStatus(200);
 277         $resp->assertSee($page->name);
 278         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.html"');
 279     }
 280
 281     public function test_export_plain_text_endpoint()
 282     {
 283         $this->actingAsApiEditor();
 284         $page = Page::visible()->first();
 285
 286         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/plaintext");
 287         $resp->assertStatus(200);
 288         $resp->assertSee($page->name);
 289         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.txt"');
 290     }
 291
 292     public function test_export_pdf_endpoint()
 293     {
 294         $this->actingAsApiEditor();
 295         $page = Page::visible()->first();
 296
 297         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/pdf");
 298         $resp->assertStatus(200);
 299         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.pdf"');
 300     }
 301
 302     public function test_export_markdown_endpoint()
 303     {
 304         $this->actingAsApiEditor();
 305         $page = Page::visible()->first();
 306
 307         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/markdown");
 308         $resp->assertStatus(200);
 309         $resp->assertSee('# ' . $page->name);
 310         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.md"');
 311     }
 312
 313     public function test_cant_export_when_not_have_permission()
 314     {
 315         $types = ['html', 'plaintext', 'pdf', 'markdown'];
 316         $this->actingAsApiEditor();
 317         $this->removePermissionFromUser($this->getEditor(), 'content-export');
 318
 319         $page = Page::visible()->first();
 320         foreach ($types as $type) {
 321             $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/{$type}");
 322             $this->assertPermissionError($resp);
 323         }
 324     }
 325 }