BookStack Code Mirror - bookstack/blob - tests/Permissions/RestrictionsTest.php

1 <?php namespace Tests;

3 use BookStack\Book;

4 use BookStack\Bookshelf;

5 use BookStack\Entity;

6 use BookStack\User;

7 use BookStack\Repos\EntityRepo;

9 class RestrictionsTest extends BrowserKitTest

10 {

12 /**

13 * @var User

14 */

15 protected $user;

17 /**

18 * @var User

19 */

20 protected $viewer;

22 public function setUp()

23 {

24 parent::setUp();

25 $this->user = $this->getEditor();

26 $this->viewer = $this->getViewer();

27 }

29 protected function setEntityRestrictions(Entity $entity, $actions = [], $roles = [])

30 {

31 $roles = [

32 $this->user->roles->first(),

33 $this->viewer->roles->first(),

34 ];

35 parent::setEntityRestrictions($entity, $actions, $roles);

36 }

38 public function test_bookshelf_view_restriction()

39 {

40 $shelf = Bookshelf::first();

42 $this->actingAs($this->user)

43 ->visit($shelf->getUrl())

44 ->seePageIs($shelf->getUrl());

46 $this->setEntityRestrictions($shelf, []);

48 $this->forceVisit($shelf->getUrl())

49 ->see('Bookshelf not found');

51 $this->setEntityRestrictions($shelf, ['view']);

53 $this->visit($shelf->getUrl())

54 ->see($shelf->name);

55 }

57 public function test_bookshelf_update_restriction()

58 {

59 $shelf = BookShelf::first();

61 $this->actingAs($this->user)

62 ->visit($shelf->getUrl('/edit'))

63 ->see('Edit Book');

65 $this->setEntityRestrictions($shelf, ['view', 'delete']);

67 $this->forceVisit($shelf->getUrl('/edit'))

68 ->see('You do not have permission')->seePageIs('/');

70 $this->setEntityRestrictions($shelf, ['view', 'update']);

72 $this->visit($shelf->getUrl('/edit'))

73 ->seePageIs($shelf->getUrl('/edit'));

74 }

76 public function test_bookshelf_delete_restriction()

77 {

78 $shelf = Book::first();

80 $this->actingAs($this->user)

81 ->visit($shelf->getUrl('/delete'))

82 ->see('Delete Book');

84 $this->setEntityRestrictions($shelf, ['view', 'update']);

86 $this->forceVisit($shelf->getUrl('/delete'))

87 ->see('You do not have permission')->seePageIs('/');

89 $this->setEntityRestrictions($shelf, ['view', 'delete']);

91 $this->visit($shelf->getUrl('/delete'))

92 ->seePageIs($shelf->getUrl('/delete'))->see('Delete Book');

93 }

95 public function test_book_view_restriction()

96 {

97 $book = Book::first();

98 $bookPage = $book->pages->first();

99 $bookChapter = $book->chapters->first();

100

101 $bookUrl = $book->getUrl();

102 $this->actingAs($this->user)

103 ->visit($bookUrl)

104 ->seePageIs($bookUrl);

105

106 $this->setEntityRestrictions($book, []);

107

108 $this->forceVisit($bookUrl)

109 ->see('Book not found');

110 $this->forceVisit($bookPage->getUrl())

111 ->see('Page not found');

112 $this->forceVisit($bookChapter->getUrl())

113 ->see('Chapter not found');

114

115 $this->setEntityRestrictions($book, ['view']);

116

117 $this->visit($bookUrl)

118 ->see($book->name);

119 $this->visit($bookPage->getUrl())

120 ->see($bookPage->name);

121 $this->visit($bookChapter->getUrl())

122 ->see($bookChapter->name);

123 }

124

125 public function test_book_create_restriction()

126 {

127 $book = Book::first();

128

129 $bookUrl = $book->getUrl();

130 $this->actingAs($this->viewer)

131 ->visit($bookUrl)

132 ->dontSeeInElement('.action-buttons', 'New Page')

133 ->dontSeeInElement('.action-buttons', 'New Chapter');

134 $this->actingAs($this->user)

135 ->visit($bookUrl)

136 ->seeInElement('.action-buttons', 'New Page')

137 ->seeInElement('.action-buttons', 'New Chapter');

138

139 $this->setEntityRestrictions($book, ['view', 'delete', 'update']);

140

141 $this->forceVisit($bookUrl . '/create-chapter')

142 ->see('You do not have permission')->seePageIs('/');

143 $this->forceVisit($bookUrl . '/create-page')

144 ->see('You do not have permission')->seePageIs('/');

145 $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')

146 ->dontSeeInElement('.action-buttons', 'New Chapter');

147

148 $this->setEntityRestrictions($book, ['view', 'create']);

149

150 $this->visit($bookUrl . '/create-chapter')

151 ->type('test chapter', 'name')

152 ->type('test description for chapter', 'description')

153 ->press('Save Chapter')

154 ->seePageIs($bookUrl . '/chapter/test-chapter');

155 $this->visit($bookUrl . '/create-page')

156 ->type('test page', 'name')

157 ->type('test content', 'html')

158 ->press('Save Page')

159 ->seePageIs($bookUrl . '/page/test-page');

160 $this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')

161 ->seeInElement('.action-buttons', 'New Chapter');

162 }

163

164 public function test_book_update_restriction()

165 {

166 $book = Book::first();

167 $bookPage = $book->pages->first();

168 $bookChapter = $book->chapters->first();

169

170 $bookUrl = $book->getUrl();

171 $this->actingAs($this->user)

172 ->visit($bookUrl . '/edit')

173 ->see('Edit Book');

174

175 $this->setEntityRestrictions($book, ['view', 'delete']);

176

177 $this->forceVisit($bookUrl . '/edit')

178 ->see('You do not have permission')->seePageIs('/');

179 $this->forceVisit($bookPage->getUrl() . '/edit')

180 ->see('You do not have permission')->seePageIs('/');

181 $this->forceVisit($bookChapter->getUrl() . '/edit')

182 ->see('You do not have permission')->seePageIs('/');

183

184 $this->setEntityRestrictions($book, ['view', 'update']);

185

186 $this->visit($bookUrl . '/edit')

187 ->seePageIs($bookUrl . '/edit');

188 $this->visit($bookPage->getUrl() . '/edit')

189 ->seePageIs($bookPage->getUrl() . '/edit');

190 $this->visit($bookChapter->getUrl() . '/edit')

191 ->see('Edit Chapter');

192 }

193

194 public function test_book_delete_restriction()

195 {

196 $book = Book::first();

197 $bookPage = $book->pages->first();

198 $bookChapter = $book->chapters->first();

199

200 $bookUrl = $book->getUrl();

201 $this->actingAs($this->user)

202 ->visit($bookUrl . '/delete')

203 ->see('Delete Book');

204

205 $this->setEntityRestrictions($book, ['view', 'update']);

206

207 $this->forceVisit($bookUrl . '/delete')

208 ->see('You do not have permission')->seePageIs('/');

209 $this->forceVisit($bookPage->getUrl() . '/delete')

210 ->see('You do not have permission')->seePageIs('/');

211 $this->forceVisit($bookChapter->getUrl() . '/delete')

212 ->see('You do not have permission')->seePageIs('/');

213

214 $this->setEntityRestrictions($book, ['view', 'delete']);

215

216 $this->visit($bookUrl . '/delete')

217 ->seePageIs($bookUrl . '/delete')->see('Delete Book');

218 $this->visit($bookPage->getUrl() . '/delete')

219 ->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');

220 $this->visit($bookChapter->getUrl() . '/delete')

221 ->see('Delete Chapter');

222 }

223

224 public function test_chapter_view_restriction()

225 {

226 $chapter = \BookStack\Chapter::first();

227 $chapterPage = $chapter->pages->first();

228

229 $chapterUrl = $chapter->getUrl();

230 $this->actingAs($this->user)

231 ->visit($chapterUrl)

232 ->seePageIs($chapterUrl);

233

234 $this->setEntityRestrictions($chapter, []);

235

236 $this->forceVisit($chapterUrl)

237 ->see('Chapter not found');

238 $this->forceVisit($chapterPage->getUrl())

239 ->see('Page not found');

240

241 $this->setEntityRestrictions($chapter, ['view']);

242

243 $this->visit($chapterUrl)

244 ->see($chapter->name);

245 $this->visit($chapterPage->getUrl())

246 ->see($chapterPage->name);

247 }

248

249 public function test_chapter_create_restriction()

250 {

251 $chapter = \BookStack\Chapter::first();

252

253 $chapterUrl = $chapter->getUrl();

254 $this->actingAs($this->user)

255 ->visit($chapterUrl)

256 ->seeInElement('.action-buttons', 'New Page');

257

258 $this->setEntityRestrictions($chapter, ['view', 'delete', 'update']);

259

260 $this->forceVisit($chapterUrl . '/create-page')

261 ->see('You do not have permission')->seePageIs('/');

262 $this->visit($chapterUrl)->dontSeeInElement('.action-buttons', 'New Page');

263

264 $this->setEntityRestrictions($chapter, ['view', 'create']);

265

266

267 $this->visit($chapterUrl . '/create-page')

268 ->type('test page', 'name')

269 ->type('test content', 'html')

270 ->press('Save Page')

271 ->seePageIs($chapter->book->getUrl() . '/page/test-page');

272

273 $this->visit($chapterUrl)->seeInElement('.action-buttons', 'New Page');

274 }

275

276 public function test_chapter_update_restriction()

277 {

278 $chapter = \BookStack\Chapter::first();

279 $chapterPage = $chapter->pages->first();

280

281 $chapterUrl = $chapter->getUrl();

282 $this->actingAs($this->user)

283 ->visit($chapterUrl . '/edit')

284 ->see('Edit Chapter');

285

286 $this->setEntityRestrictions($chapter, ['view', 'delete']);

287

288 $this->forceVisit($chapterUrl . '/edit')

289 ->see('You do not have permission')->seePageIs('/');

290 $this->forceVisit($chapterPage->getUrl() . '/edit')

291 ->see('You do not have permission')->seePageIs('/');

292

293 $this->setEntityRestrictions($chapter, ['view', 'update']);

294

295 $this->visit($chapterUrl . '/edit')

296 ->seePageIs($chapterUrl . '/edit')->see('Edit Chapter');

297 $this->visit($chapterPage->getUrl() . '/edit')

298 ->seePageIs($chapterPage->getUrl() . '/edit');

299 }

300

301 public function test_chapter_delete_restriction()

302 {

303 $chapter = \BookStack\Chapter::first();

304 $chapterPage = $chapter->pages->first();

305

306 $chapterUrl = $chapter->getUrl();

307 $this->actingAs($this->user)

308 ->visit($chapterUrl . '/delete')

309 ->see('Delete Chapter');

310

311 $this->setEntityRestrictions($chapter, ['view', 'update']);

312

313 $this->forceVisit($chapterUrl . '/delete')

314 ->see('You do not have permission')->seePageIs('/');

315 $this->forceVisit($chapterPage->getUrl() . '/delete')

316 ->see('You do not have permission')->seePageIs('/');

317

318 $this->setEntityRestrictions($chapter, ['view', 'delete']);

319

320 $this->visit($chapterUrl . '/delete')

321 ->seePageIs($chapterUrl . '/delete')->see('Delete Chapter');

322 $this->visit($chapterPage->getUrl() . '/delete')

323 ->seePageIs($chapterPage->getUrl() . '/delete')->see('Delete Page');

324 }

325

326 public function test_page_view_restriction()

327 {

328 $page = \BookStack\Page::first();

329

330 $pageUrl = $page->getUrl();

331 $this->actingAs($this->user)

332 ->visit($pageUrl)

333 ->seePageIs($pageUrl);

334

335 $this->setEntityRestrictions($page, ['update', 'delete']);

336

337 $this->forceVisit($pageUrl)

338 ->see('Page not found');

339

340 $this->setEntityRestrictions($page, ['view']);

341

342 $this->visit($pageUrl)

343 ->see($page->name);

344 }

345

346 public function test_page_update_restriction()

347 {

348 $page = \BookStack\Chapter::first();

349

350 $pageUrl = $page->getUrl();

351 $this->actingAs($this->user)

352 ->visit($pageUrl . '/edit')

353 ->seeInField('name', $page->name);

354

355 $this->setEntityRestrictions($page, ['view', 'delete']);

356

357 $this->forceVisit($pageUrl . '/edit')

358 ->see('You do not have permission')->seePageIs('/');

359

360 $this->setEntityRestrictions($page, ['view', 'update']);

361

362 $this->visit($pageUrl . '/edit')

363 ->seePageIs($pageUrl . '/edit')->seeInField('name', $page->name);

364 }

365

366 public function test_page_delete_restriction()

367 {

368 $page = \BookStack\Page::first();

369

370 $pageUrl = $page->getUrl();

371 $this->actingAs($this->user)

372 ->visit($pageUrl . '/delete')

373 ->see('Delete Page');

374

375 $this->setEntityRestrictions($page, ['view', 'update']);

376

377 $this->forceVisit($pageUrl . '/delete')

378 ->see('You do not have permission')->seePageIs('/');

379

380 $this->setEntityRestrictions($page, ['view', 'delete']);

381

382 $this->visit($pageUrl . '/delete')

383 ->seePageIs($pageUrl . '/delete')->see('Delete Page');

384 }

385

386 public function test_bookshelf_restriction_form()

387 {

388 $shelf = Bookshelf::first();

389 $this->asAdmin()->visit($shelf->getUrl('/permissions'))

390 ->see('Bookshelf Permissions')

391 ->check('restricted')

392 ->check('restrictions[2][view]')

393 ->press('Save Permissions')

394 ->seeInDatabase('bookshelves', ['id' => $shelf->id, 'restricted' => true])

395 ->seeInDatabase('entity_permissions', [

396 'restrictable_id' => $shelf->id,

397 'restrictable_type' => 'BookStack\Bookshelf',

398 'role_id' => '2',

399 'action' => 'view'

400 ]);

401 }

402

403 public function test_book_restriction_form()

404 {

405 $book = Book::first();

406 $this->asAdmin()->visit($book->getUrl() . '/permissions')

407 ->see('Book Permissions')

408 ->check('restricted')

409 ->check('restrictions[2][view]')

410 ->press('Save Permissions')

411 ->seeInDatabase('books', ['id' => $book->id, 'restricted' => true])

412 ->seeInDatabase('entity_permissions', [

413 'restrictable_id' => $book->id,

414 'restrictable_type' => 'BookStack\Book',

415 'role_id' => '2',

416 'action' => 'view'

417 ]);

418 }

419

420 public function test_chapter_restriction_form()

421 {

422 $chapter = \BookStack\Chapter::first();

423 $this->asAdmin()->visit($chapter->getUrl() . '/permissions')

424 ->see('Chapter Permissions')

425 ->check('restricted')

426 ->check('restrictions[2][update]')

427 ->press('Save Permissions')

428 ->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true])

429 ->seeInDatabase('entity_permissions', [

430 'restrictable_id' => $chapter->id,

431 'restrictable_type' => 'BookStack\Chapter',

432 'role_id' => '2',

433 'action' => 'update'

434 ]);

435 }

436

437 public function test_page_restriction_form()

438 {

439 $page = \BookStack\Page::first();

440 $this->asAdmin()->visit($page->getUrl() . '/permissions')

441 ->see('Page Permissions')

442 ->check('restricted')

443 ->check('restrictions[2][delete]')

444 ->press('Save Permissions')

445 ->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true])

446 ->seeInDatabase('entity_permissions', [

447 'restrictable_id' => $page->id,

448 'restrictable_type' => 'BookStack\Page',

449 'role_id' => '2',

450 'action' => 'delete'

451 ]);

452 }

453

454 public function test_restricted_pages_not_visible_in_book_navigation_on_pages()

455 {

456 $chapter = \BookStack\Chapter::first();

457 $page = $chapter->pages->first();

458 $page2 = $chapter->pages[2];

459

460 $this->setEntityRestrictions($page, []);

461

462 $this->actingAs($this->user)

463 ->visit($page2->getUrl())

464 ->dontSeeInElement('.sidebar-page-list', $page->name);

465 }

466

467 public function test_restricted_pages_not_visible_in_book_navigation_on_chapters()

468 {

469 $chapter = \BookStack\Chapter::first();

470 $page = $chapter->pages->first();

471

472 $this->setEntityRestrictions($page, []);

473

474 $this->actingAs($this->user)

475 ->visit($chapter->getUrl())

476 ->dontSeeInElement('.sidebar-page-list', $page->name);

477 }

478

479 public function test_restricted_pages_not_visible_on_chapter_pages()

480 {

481 $chapter = \BookStack\Chapter::first();

482 $page = $chapter->pages->first();

483

484 $this->setEntityRestrictions($page, []);

485

486 $this->actingAs($this->user)

487 ->visit($chapter->getUrl())

488 ->dontSee($page->name);

489 }

490

491 public function test_bookshelf_update_restriction_override()

492 {

493 $shelf = Bookshelf::first();

494

495 $this->actingAs($this->viewer)

496 ->visit($shelf->getUrl('/edit'))

497 ->dontSee('Edit Book');

498

499 $this->setEntityRestrictions($shelf, ['view', 'delete']);

500

501 $this->forceVisit($shelf->getUrl('/edit'))

502 ->see('You do not have permission')->seePageIs('/');

503

504 $this->setEntityRestrictions($shelf, ['view', 'update']);

505

506 $this->visit($shelf->getUrl('/edit'))

507 ->seePageIs($shelf->getUrl('/edit'));

508 }

509

510 public function test_bookshelf_delete_restriction_override()

511 {

512 $shelf = Bookshelf::first();

513

514 $this->actingAs($this->viewer)

515 ->visit($shelf->getUrl('/delete'))

516 ->dontSee('Delete Book');

517

518 $this->setEntityRestrictions($shelf, ['view', 'update']);

519

520 $this->forceVisit($shelf->getUrl('/delete'))

521 ->see('You do not have permission')->seePageIs('/');

522

523 $this->setEntityRestrictions($shelf, ['view', 'delete']);

524

525 $this->visit($shelf->getUrl('/delete'))

526 ->seePageIs($shelf->getUrl('/delete'))->see('Delete Book');

527 }

528

529 public function test_book_create_restriction_override()

530 {

531 $book = Book::first();

532

533 $bookUrl = $book->getUrl();

534 $this->actingAs($this->viewer)

535 ->visit($bookUrl)

536 ->dontSeeInElement('.action-buttons', 'New Page')

537 ->dontSeeInElement('.action-buttons', 'New Chapter');

538

539 $this->setEntityRestrictions($book, ['view', 'delete', 'update']);

540

541 $this->forceVisit($bookUrl . '/create-chapter')

542 ->see('You do not have permission')->seePageIs('/');

543 $this->forceVisit($bookUrl . '/create-page')

544 ->see('You do not have permission')->seePageIs('/');

545 $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')

546 ->dontSeeInElement('.action-buttons', 'New Chapter');

547

548 $this->setEntityRestrictions($book, ['view', 'create']);

549

550 $this->visit($bookUrl . '/create-chapter')

551 ->type('test chapter', 'name')

552 ->type('test description for chapter', 'description')

553 ->press('Save Chapter')

554 ->seePageIs($bookUrl . '/chapter/test-chapter');

555 $this->visit($bookUrl . '/create-page')

556 ->type('test page', 'name')

557 ->type('test content', 'html')

558 ->press('Save Page')

559 ->seePageIs($bookUrl . '/page/test-page');

560 $this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')

561 ->seeInElement('.action-buttons', 'New Chapter');

562 }

563

564 public function test_book_update_restriction_override()

565 {

566 $book = Book::first();

567 $bookPage = $book->pages->first();

568 $bookChapter = $book->chapters->first();

569

570 $bookUrl = $book->getUrl();

571 $this->actingAs($this->viewer)

572 ->visit($bookUrl . '/edit')

573 ->dontSee('Edit Book');

574

575 $this->setEntityRestrictions($book, ['view', 'delete']);

576

577 $this->forceVisit($bookUrl . '/edit')

578 ->see('You do not have permission')->seePageIs('/');

579 $this->forceVisit($bookPage->getUrl() . '/edit')

580 ->see('You do not have permission')->seePageIs('/');

581 $this->forceVisit($bookChapter->getUrl() . '/edit')

582 ->see('You do not have permission')->seePageIs('/');

583

584 $this->setEntityRestrictions($book, ['view', 'update']);

585

586 $this->visit($bookUrl . '/edit')

587 ->seePageIs($bookUrl . '/edit');

588 $this->visit($bookPage->getUrl() . '/edit')

589 ->seePageIs($bookPage->getUrl() . '/edit');

590 $this->visit($bookChapter->getUrl() . '/edit')

591 ->see('Edit Chapter');

592 }

593

594 public function test_book_delete_restriction_override()

595 {

596 $book = Book::first();

597 $bookPage = $book->pages->first();

598 $bookChapter = $book->chapters->first();

599

600 $bookUrl = $book->getUrl();

601 $this->actingAs($this->viewer)

602 ->visit($bookUrl . '/delete')

603 ->dontSee('Delete Book');

604

605 $this->setEntityRestrictions($book, ['view', 'update']);

606

607 $this->forceVisit($bookUrl . '/delete')

608 ->see('You do not have permission')->seePageIs('/');

609 $this->forceVisit($bookPage->getUrl() . '/delete')

610 ->see('You do not have permission')->seePageIs('/');

611 $this->forceVisit($bookChapter->getUrl() . '/delete')

612 ->see('You do not have permission')->seePageIs('/');

613

614 $this->setEntityRestrictions($book, ['view', 'delete']);

615

616 $this->visit($bookUrl . '/delete')

617 ->seePageIs($bookUrl . '/delete')->see('Delete Book');

618 $this->visit($bookPage->getUrl() . '/delete')

619 ->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');

620 $this->visit($bookChapter->getUrl() . '/delete')

621 ->see('Delete Chapter');

622 }

623

624 public function test_page_visible_if_has_permissions_when_book_not_visible()

625 {

626 $book = Book::first();

627

628 $this->setEntityRestrictions($book, []);

629

630 $bookChapter = $book->chapters->first();

631 $bookPage = $bookChapter->pages->first();

632 $this->setEntityRestrictions($bookPage, ['view']);

633

634 $this->actingAs($this->viewer);

635 $this->get($bookPage->getUrl());

636 $this->assertResponseOk();

637 $this->see($bookPage->name);

638 $this->dontSee(substr($book->name, 0, 15));

639 $this->dontSee(substr($bookChapter->name, 0, 15));

640 }

641

642 public function test_book_sort_view_permission()

643 {

644 $firstBook = Book::first();

645 $secondBook = Book::find(2);

646 $thirdBook = Book::find(3);

647

648 $this->setEntityRestrictions($firstBook, ['view', 'update']);

649 $this->setEntityRestrictions($secondBook, ['view']);

650 $this->setEntityRestrictions($thirdBook, ['view', 'update']);

651

652 // Test sort page visibility

653 $this->actingAs($this->user)->visit($secondBook->getUrl() . '/sort')

654 ->see('You do not have permission')

655 ->seePageIs('/');

656

657 // Check sort page on first book

658 $this->actingAs($this->user)->visit($firstBook->getUrl() . '/sort')

659 ->see($thirdBook->name)

660 ->dontSee($secondBook->name);

661 }

662

663 public function test_book_sort_permission() {

664 $firstBook = Book::first();

665 $secondBook = Book::find(2);

666

667 $this->setEntityRestrictions($firstBook, ['view', 'update']);

668 $this->setEntityRestrictions($secondBook, ['view']);

669

670 $firstBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter',

671 ['name' => 'first book chapter'], $firstBook);

672 $secondBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter',

673 ['name' => 'second book chapter'], $secondBook);

674

675 // Create request data

676 $reqData = [

677 [

678 'id' => $firstBookChapter->id,

679 'sort' => 0,

680 'parentChapter' => false,

681 'type' => 'chapter',

682 'book' => $secondBook->id

683 ]

684 ];

685

686 // Move chapter from first book to a second book

687 $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)])

688 ->followRedirects()

689 ->see('You do not have permission')

690 ->seePageIs('/');

691

692 $reqData = [

693 [

694 'id' => $secondBookChapter->id,

695 'sort' => 0,

696 'parentChapter' => false,

697 'type' => 'chapter',

698 'book' => $firstBook->id

699 ]

700 ];

701

702 // Move chapter from second book to first book

703 $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)])

704 ->followRedirects()

705 ->see('You do not have permission')

706 ->seePageIs('/');

707 }

708

709 public function test_can_create_page_if_chapter_has_permissions_when_book_not_visible()

710 {

711 $book = Book::first();

712 $this->setEntityRestrictions($book, []);

713 $bookChapter = $book->chapters->first();

714 $this->setEntityRestrictions($bookChapter, ['view']);

715

716 $this->actingAs($this->user)->visit($bookChapter->getUrl())

717 ->dontSee('New Page');

718

719 $this->setEntityRestrictions($bookChapter, ['view', 'create']);

720

721 $this->actingAs($this->user)->visit($bookChapter->getUrl())

722 ->click('New Page')

723 ->seeStatusCode(200)

724 ->type('test page', 'name')

725 ->type('test content', 'html')

726 ->press('Save Page')

727 ->seePageIs($book->getUrl('/page/test-page'))

728 ->seeStatusCode(200);

729 }

730 }