5 use BookStack\Entities\Models\Page;
6 use BookStack\Uploads\Image;
9 class ImageGalleryApiTest extends TestCase
13 protected string $baseEndpoint = '/api/image-gallery';
15 public function test_index_endpoint_returns_expected_image_and_count()
17 $this->actingAsApiAdmin();
18 $imagePage = $this->entities->page();
19 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
20 $image = Image::findOrFail($data['response']->id);
22 $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
23 $resp->assertJson(['data' => [
26 'name' => $image->name,
28 'path' => $image->path,
30 'uploaded_to' => $imagePage->id,
31 'created_by' => $this->users->admin()->id,
32 'updated_by' => $this->users->admin()->id,
36 $resp->assertJson(['total' => Image::query()->count()]);
39 public function test_index_endpoint_doesnt_show_images_for_those_uploaded_to_non_visible_pages()
41 $this->actingAsApiEditor();
42 $imagePage = $this->entities->page();
43 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
44 $image = Image::findOrFail($data['response']->id);
46 $resp = $this->getJson($this->baseEndpoint . '?filter[id]=' . $image->id);
47 $resp->assertJsonCount(1, 'data');
48 $resp->assertJson(['total' => 1]);
50 $this->permissions->disableEntityInheritedPermissions($imagePage);
52 $resp = $this->getJson($this->baseEndpoint . '?filter[id]=' . $image->id);
53 $resp->assertJsonCount(0, 'data');
54 $resp->assertJson(['total' => 0]);
57 public function test_index_endpoint_doesnt_show_other_image_types()
59 $this->actingAsApiEditor();
60 $imagePage = $this->entities->page();
61 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
62 $image = Image::findOrFail($data['response']->id);
64 $typesByCountExpectation = [
72 foreach ($typesByCountExpectation as $type => $count) {
76 $resp = $this->getJson($this->baseEndpoint . '?filter[id]=' . $image->id);
77 $resp->assertJsonCount($count, 'data');
78 $resp->assertJson(['total' => $count]);
82 public function test_create_endpoint()
84 $this->actingAsApiAdmin();
86 $imagePage = $this->entities->page();
87 $resp = $this->call('POST', $this->baseEndpoint, [
89 'uploaded_to' => $imagePage->id,
90 'name' => 'My awesome image!',
92 'image' => $this->files->uploadedImage('my-cool-image.png'),
95 $resp->assertStatus(200);
97 $image = Image::query()->where('uploaded_to', '=', $imagePage->id)->first();
99 'id' => $this->users->admin()->id,
100 'name' => $this->users->admin()->name,
101 'slug' => $this->users->admin()->slug,
105 'name' => 'My awesome image!',
106 'url' => $image->url,
107 'path' => $image->path,
109 'uploaded_to' => $imagePage->id,
110 'created_by' => $expectedUser,
111 'updated_by' => $expectedUser,
115 public function test_create_endpoint_requires_image_create_permissions()
117 $user = $this->users->editor();
118 $this->actingAsForApi($user);
119 $this->permissions->removeUserRolePermissions($user, ['image-create-all']);
121 $makeRequest = function () {
122 return $this->call('POST', $this->baseEndpoint, []);
125 $resp = $makeRequest();
126 $resp->assertStatus(403);
128 $this->permissions->grantUserRolePermissions($user, ['image-create-all']);
130 $resp = $makeRequest();
131 $resp->assertStatus(422);
134 public function test_create_fails_if_uploaded_to_not_visible_or_not_exists()
136 $this->actingAsApiEditor();
138 $makeRequest = function (int $uploadedTo) {
139 return $this->call('POST', $this->baseEndpoint, [
141 'uploaded_to' => $uploadedTo,
142 'name' => 'My awesome image!',
144 'image' => $this->files->uploadedImage('my-cool-image.png'),
148 $page = $this->entities->page();
149 $this->permissions->disableEntityInheritedPermissions($page);
150 $resp = $makeRequest($page->id);
151 $resp->assertStatus(404);
153 $resp = $makeRequest(Page::query()->max('id') + 55);
154 $resp->assertStatus(404);
157 public function test_create_has_restricted_types()
159 $this->actingAsApiEditor();
161 $typesByStatusExpectation = [
169 $makeRequest = function (string $type) {
170 return $this->call('POST', $this->baseEndpoint, [
172 'uploaded_to' => $this->entities->page()->id,
173 'name' => 'My awesome image!',
175 'image' => $this->files->uploadedImage('my-cool-image.png'),
179 foreach ($typesByStatusExpectation as $type => $status) {
180 $resp = $makeRequest($type);
181 $resp->assertStatus($status);
185 public function test_create_will_use_file_name_if_no_name_provided_in_request()
187 $this->actingAsApiEditor();
189 $imagePage = $this->entities->page();
190 $resp = $this->call('POST', $this->baseEndpoint, [
192 'uploaded_to' => $imagePage->id,
194 'image' => $this->files->uploadedImage('my-cool-image.png'),
196 $resp->assertStatus(200);
198 $this->assertDatabaseHas('images', [
200 'uploaded_to' => $imagePage->id,
201 'name' => 'my-cool-image.png',
205 public function test_read_endpoint()
207 $this->actingAsApiAdmin();
208 $imagePage = $this->entities->page();
209 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
210 $image = Image::findOrFail($data['response']->id);
212 $resp = $this->getJson($this->baseEndpoint . "/{$image->id}");
213 $resp->assertStatus(200);
216 'id' => $this->users->admin()->id,
217 'name' => $this->users->admin()->name,
218 'slug' => $this->users->admin()->slug,
221 $displayUrl = $image->getThumb(1680, null, true);
224 'name' => $image->name,
225 'url' => $image->url,
226 'path' => $image->path,
228 'uploaded_to' => $imagePage->id,
229 'created_by' => $expectedUser,
230 'updated_by' => $expectedUser,
232 'html' => "<a href=\"{$image->url}\" target=\"_blank\"><img src=\"{$displayUrl}\" alt=\"{$image->name}\"></a>",
233 'markdown' => "",
235 'created_at' => $image->created_at->toISOString(),
236 'updated_at' => $image->updated_at->toISOString(),
238 $this->assertStringStartsWith('http://', $resp->json('thumbs.gallery'));
239 $this->assertStringStartsWith('http://', $resp->json('thumbs.display'));
242 public function test_read_endpoint_provides_different_content_for_drawings()
244 $this->actingAsApiAdmin();
245 $imagePage = $this->entities->page();
246 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
247 $image = Image::findOrFail($data['response']->id);
249 $image->type = 'drawio';
252 $resp = $this->getJson($this->baseEndpoint . "/{$image->id}");
253 $resp->assertStatus(200);
255 $drawing = "<div drawio-diagram=\"{$image->id}\"><img src=\"{$image->url}\"></div>";
260 'markdown' => $drawing,
265 public function test_read_endpoint_does_not_show_if_no_permissions_for_related_page()
267 $this->actingAsApiEditor();
268 $imagePage = $this->entities->page();
269 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
270 $image = Image::findOrFail($data['response']->id);
272 $this->permissions->disableEntityInheritedPermissions($imagePage);
274 $resp = $this->getJson($this->baseEndpoint . "/{$image->id}");
275 $resp->assertStatus(404);
278 public function test_update_endpoint()
280 $this->actingAsApiAdmin();
281 $imagePage = $this->entities->page();
282 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
283 $image = Image::findOrFail($data['response']->id);
285 $resp = $this->putJson($this->baseEndpoint . "/{$image->id}", [
286 'name' => 'My updated image name!',
289 $resp->assertStatus(200);
292 'name' => 'My updated image name!',
294 $this->assertDatabaseHas('images', [
296 'name' => 'My updated image name!',
300 public function test_update_existing_image_file()
302 $this->actingAsApiAdmin();
303 $imagePage = $this->entities->page();
304 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
305 $image = Image::findOrFail($data['response']->id);
307 $this->assertFileEquals($this->files->testFilePath('test-image.png'), public_path($data['path']));
309 $resp = $this->call('PUT', $this->baseEndpoint . "/{$image->id}", [], [], [
310 'image' => $this->files->uploadedImage('my-cool-image.png', 'compressed.png'),
313 $resp->assertStatus(200);
314 $this->assertFileEquals($this->files->testFilePath('compressed.png'), public_path($data['path']));
317 public function test_update_endpoint_requires_image_update_permission()
319 $user = $this->users->editor();
320 $this->actingAsForApi($user);
321 $imagePage = $this->entities->page();
322 $this->permissions->removeUserRolePermissions($user, ['image-update-all', 'image-update-own']);
323 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
324 $image = Image::findOrFail($data['response']->id);
326 $resp = $this->putJson($this->baseEndpoint . "/{$image->id}", ['name' => 'My new name']);
327 $resp->assertStatus(403);
328 $resp->assertJson($this->permissionErrorResponse());
330 $this->permissions->grantUserRolePermissions($user, ['image-update-all']);
331 $resp = $this->putJson($this->baseEndpoint . "/{$image->id}", ['name' => 'My new name']);
332 $resp->assertStatus(200);
335 public function test_delete_endpoint()
337 $this->actingAsApiAdmin();
338 $imagePage = $this->entities->page();
339 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
340 $image = Image::findOrFail($data['response']->id);
341 $this->assertDatabaseHas('images', ['id' => $image->id]);
343 $resp = $this->deleteJson($this->baseEndpoint . "/{$image->id}");
345 $resp->assertStatus(204);
346 $this->assertDatabaseMissing('images', ['id' => $image->id]);
349 public function test_delete_endpoint_requires_image_delete_permission()
351 $user = $this->users->editor();
352 $this->actingAsForApi($user);
353 $imagePage = $this->entities->page();
354 $this->permissions->removeUserRolePermissions($user, ['image-delete-all', 'image-delete-own']);
355 $data = $this->files->uploadGalleryImageToPage($this, $imagePage);
356 $image = Image::findOrFail($data['response']->id);
358 $resp = $this->deleteJson($this->baseEndpoint . "/{$image->id}");
359 $resp->assertStatus(403);
360 $resp->assertJson($this->permissionErrorResponse());
362 $this->permissions->grantUserRolePermissions($user, ['image-delete-all']);
363 $resp = $this->deleteJson($this->baseEndpoint . "/{$image->id}");
364 $resp->assertStatus(204);
projects / bookstack / blob