BookStack Code Mirror - bookstack/blob - tests/Api/PagesApiTest.php

   1 <?php
   2
   3 namespace Tests\Api;
   4
   5 use BookStack\Entities\Models\Chapter;
   6 use BookStack\Entities\Models\Page;
   7 use Carbon\Carbon;
   8 use Illuminate\Support\Facades\DB;
   9 use Tests\TestCase;
  10
  11 class PagesApiTest extends TestCase
  12 {
  13     use TestsApi;
  14
  15     protected string $baseEndpoint = '/api/pages';
  16
  17     public function test_index_endpoint_returns_expected_page()
  18     {
  19         $this->actingAsApiEditor();
  20         $firstPage = Page::query()->orderBy('id', 'asc')->first();
  21
  22         $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
  23         $resp->assertJson(['data' => [
  24             [
  25                 'id'       => $firstPage->id,
  26                 'name'     => $firstPage->name,
  27                 'slug'     => $firstPage->slug,
  28                 'book_id'  => $firstPage->book->id,
  29                 'priority' => $firstPage->priority,
  30             ],
  31         ]]);
  32     }
  33
  34     public function test_create_endpoint()
  35     {
  36         $this->actingAsApiEditor();
  37         $book = $this->entities->book();
  38         $details = [
  39             'name'    => 'My API page',
  40             'book_id' => $book->id,
  41             'html'    => '<p>My new page content</p>',
  42             'tags'    => [
  43                 [
  44                     'name'  => 'tagname',
  45                     'value' => 'tagvalue',
  46                 ],
  47             ],
  48         ];
  49
  50         $resp = $this->postJson($this->baseEndpoint, $details);
  51         unset($details['html']);
  52         $resp->assertStatus(200);
  53         $newItem = Page::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();
  54         $resp->assertJson(array_merge($details, ['id' => $newItem->id, 'slug' => $newItem->slug]));
  55         $this->assertDatabaseHas('tags', [
  56             'entity_id'   => $newItem->id,
  57             'entity_type' => $newItem->getMorphClass(),
  58             'name'        => 'tagname',
  59             'value'       => 'tagvalue',
  60         ]);
  61         $resp->assertSeeText('My new page content');
  62         $resp->assertJsonMissing(['book' => []]);
  63         $this->assertActivityExists('page_create', $newItem);
  64     }
  65
  66     public function test_page_name_needed_to_create()
  67     {
  68         $this->actingAsApiEditor();
  69         $book = $this->entities->book();
  70         $details = [
  71             'book_id' => $book->id,
  72             'html'    => '<p>A page created via the API</p>',
  73         ];
  74
  75         $resp = $this->postJson($this->baseEndpoint, $details);
  76         $resp->assertStatus(422);
  77         $resp->assertJson($this->validationResponse([
  78             'name' => ['The name field is required.'],
  79         ]));
  80     }
  81
  82     public function test_book_id_or_chapter_id_needed_to_create()
  83     {
  84         $this->actingAsApiEditor();
  85         $details = [
  86             'name' => 'My api page',
  87             'html' => '<p>A page created via the API</p>',
  88         ];
  89
  90         $resp = $this->postJson($this->baseEndpoint, $details);
  91         $resp->assertStatus(422);
  92         $resp->assertJson($this->validationResponse([
  93             'book_id'    => ['The book id field is required when chapter id is not present.'],
  94             'chapter_id' => ['The chapter id field is required when book id is not present.'],
  95         ]));
  96
  97         $chapter = $this->entities->chapter();
  98         $resp = $this->postJson($this->baseEndpoint, array_merge($details, ['chapter_id' => $chapter->id]));
  99         $resp->assertStatus(200);
 100
 101         $book = $this->entities->book();
 102         $resp = $this->postJson($this->baseEndpoint, array_merge($details, ['book_id' => $book->id]));
 103         $resp->assertStatus(200);
 104     }
 105
 106     public function test_markdown_can_be_provided_for_create()
 107     {
 108         $this->actingAsApiEditor();
 109         $book = $this->entities->book();
 110         $details = [
 111             'book_id'  => $book->id,
 112             'name'     => 'My api page',
 113             'markdown' => "# A new API page \n[link](https://example.com)",
 114         ];
 115
 116         $resp = $this->postJson($this->baseEndpoint, $details);
 117         $resp->assertJson(['markdown' => $details['markdown']]);
 118
 119         $respHtml = $resp->json('html');
 120         $this->assertStringContainsString('new API page</h1>', $respHtml);
 121         $this->assertStringContainsString('link</a>', $respHtml);
 122         $this->assertStringContainsString('href="https://example.com"', $respHtml);
 123     }
 124
 125     public function test_read_endpoint()
 126     {
 127         $this->actingAsApiEditor();
 128         $page = $this->entities->page();
 129
 130         $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
 131         $resp->assertStatus(200);
 132         $resp->assertJson([
 133             'id'         => $page->id,
 134             'slug'       => $page->slug,
 135             'created_by' => [
 136                 'name' => $page->createdBy->name,
 137             ],
 138             'book_id'    => $page->book_id,
 139             'updated_by' => [
 140                 'name' => $page->createdBy->name,
 141             ],
 142             'owned_by' => [
 143                 'name' => $page->ownedBy->name,
 144             ],
 145         ]);
 146     }
 147
 148     public function test_read_endpoint_provides_rendered_html()
 149     {
 150         $this->actingAsApiEditor();
 151         $page = $this->entities->page();
 152         $page->html = "<p>testing</p><script>alert('danger')</script><h1>Hello</h1>";
 153         $page->save();
 154
 155         $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
 156         $html = $resp->json('html');
 157         $this->assertStringNotContainsString('script', $html);
 158         $this->assertStringContainsString('Hello', $html);
 159         $this->assertStringContainsString('testing', $html);
 160     }
 161
 162     public function test_update_endpoint()
 163     {
 164         $this->actingAsApiEditor();
 165         $page = $this->entities->page();
 166         $details = [
 167             'name' => 'My updated API page',
 168             'html' => '<p>A page created via the API</p>',
 169             'tags' => [
 170                 [
 171                     'name'  => 'freshtag',
 172                     'value' => 'freshtagval',
 173                 ],
 174             ],
 175         ];
 176
 177         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 178         $page->refresh();
 179
 180         $resp->assertStatus(200);
 181         unset($details['html']);
 182         $resp->assertJson(array_merge($details, [
 183             'id' => $page->id, 'slug' => $page->slug, 'book_id' => $page->book_id,
 184         ]));
 185         $this->assertActivityExists('page_update', $page);
 186     }
 187
 188     public function test_providing_new_chapter_id_on_update_will_move_page()
 189     {
 190         $this->actingAsApiEditor();
 191         $page = $this->entities->page();
 192         $chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
 193         $details = [
 194             'name'       => 'My updated API page',
 195             'chapter_id' => $chapter->id,
 196             'html'       => '<p>A page created via the API</p>',
 197         ];
 198
 199         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 200         $resp->assertStatus(200);
 201         $resp->assertJson([
 202             'chapter_id' => $chapter->id,
 203             'book_id'    => $chapter->book_id,
 204         ]);
 205     }
 206
 207     public function test_providing_move_via_update_requires_page_create_permission_on_new_parent()
 208     {
 209         $this->actingAsApiEditor();
 210         $page = $this->entities->page();
 211         $chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
 212         $this->permissions->setEntityPermissions($chapter, ['view'], [$this->users->editor()->roles()->first()]);
 213         $details = [
 214             'name'       => 'My updated API page',
 215             'chapter_id' => $chapter->id,
 216             'html'       => '<p>A page created via the API</p>',
 217         ];
 218
 219         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 220         $resp->assertStatus(403);
 221     }
 222
 223     public function test_update_endpoint_does_not_wipe_content_if_no_html_or_md_provided()
 224     {
 225         $this->actingAsApiEditor();
 226         $page = $this->entities->page();
 227         $originalContent = $page->html;
 228         $details = [
 229             'name' => 'My updated API page',
 230             'tags' => [
 231                 [
 232                     'name'  => 'freshtag',
 233                     'value' => 'freshtagval',
 234                 ],
 235             ],
 236         ];
 237
 238         $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 239         $page->refresh();
 240
 241         $this->assertEquals($originalContent, $page->html);
 242     }
 243
 244     public function test_update_increments_updated_date_if_only_tags_are_sent()
 245     {
 246         $this->actingAsApiEditor();
 247         $page = $this->entities->page();
 248         DB::table('pages')->where('id', '=', $page->id)->update(['updated_at' => Carbon::now()->subWeek()]);
 249
 250         $details = [
 251             'tags' => [['name' => 'Category', 'value' => 'Testing']],
 252         ];
 253
 254         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
 255         $resp->assertOk();
 256
 257         $page->refresh();
 258         $this->assertGreaterThan(Carbon::now()->subDay()->unix(), $page->updated_at->unix());
 259     }
 260
 261     public function test_delete_endpoint()
 262     {
 263         $this->actingAsApiEditor();
 264         $page = $this->entities->page();
 265         $resp = $this->deleteJson($this->baseEndpoint . "/{$page->id}");
 266
 267         $resp->assertStatus(204);
 268         $this->assertActivityExists('page_delete', $page);
 269     }
 270
 271     public function test_export_html_endpoint()
 272     {
 273         $this->actingAsApiEditor();
 274         $page = $this->entities->page();
 275
 276         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/html");
 277         $resp->assertStatus(200);
 278         $resp->assertSee($page->name);
 279         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.html"');
 280     }
 281
 282     public function test_export_plain_text_endpoint()
 283     {
 284         $this->actingAsApiEditor();
 285         $page = $this->entities->page();
 286
 287         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/plaintext");
 288         $resp->assertStatus(200);
 289         $resp->assertSee($page->name);
 290         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.txt"');
 291     }
 292
 293     public function test_export_pdf_endpoint()
 294     {
 295         $this->actingAsApiEditor();
 296         $page = $this->entities->page();
 297
 298         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/pdf");
 299         $resp->assertStatus(200);
 300         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.pdf"');
 301     }
 302
 303     public function test_export_markdown_endpoint()
 304     {
 305         $this->actingAsApiEditor();
 306         $page = $this->entities->page();
 307
 308         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/markdown");
 309         $resp->assertStatus(200);
 310         $resp->assertSee('# ' . $page->name);
 311         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.md"');
 312     }
 313
 314     public function test_cant_export_when_not_have_permission()
 315     {
 316         $types = ['html', 'plaintext', 'pdf', 'markdown'];
 317         $this->actingAsApiEditor();
 318         $this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);
 319
 320         $page = $this->entities->page();
 321         foreach ($types as $type) {
 322             $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/{$type}");
 323             $this->assertPermissionError($resp);
 324         }
 325     }
 326 }