]> BookStack Code Mirror - bookstack/blob - tests/Api/PagesApiTest.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Refactor notify exception to clean up api exception handling
[bookstack] / tests / Api / PagesApiTest.php
1 <?php
2
3 namespace Tests\Api;
4
5 use BookStack\Entities\Models\Chapter;
6 use BookStack\Entities\Models\Page;
7 use Carbon\Carbon;
8 use Illuminate\Support\Facades\DB;
9 use Tests\TestCase;
10
11 class PagesApiTest extends TestCase
12 {
13     use TestsApi;
14
15     protected string $baseEndpoint = '/api/pages';
16
17     public function test_index_endpoint_returns_expected_page()
18     {
19         $this->actingAsApiEditor();
20         $firstPage = Page::query()->orderBy('id', 'asc')->first();
21
22         $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
23         $resp->assertJson(['data' => [
24             [
25                 'id'       => $firstPage->id,
26                 'name'     => $firstPage->name,
27                 'slug'     => $firstPage->slug,
28                 'book_id'  => $firstPage->book->id,
29                 'priority' => $firstPage->priority,
30             ],
31         ]]);
32     }
33
34     public function test_create_endpoint()
35     {
36         $this->actingAsApiEditor();
37         $book = $this->entities->book();
38         $details = [
39             'name'    => 'My API page',
40             'book_id' => $book->id,
41             'html'    => '<p>My new page content</p>',
42             'tags'    => [
43                 [
44                     'name'  => 'tagname',
45                     'value' => 'tagvalue',
46                 ],
47             ],
48         ];
49
50         $resp = $this->postJson($this->baseEndpoint, $details);
51         unset($details['html']);
52         $resp->assertStatus(200);
53         $newItem = Page::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();
54         $resp->assertJson(array_merge($details, ['id' => $newItem->id, 'slug' => $newItem->slug]));
55         $this->assertDatabaseHas('tags', [
56             'entity_id'   => $newItem->id,
57             'entity_type' => $newItem->getMorphClass(),
58             'name'        => 'tagname',
59             'value'       => 'tagvalue',
60         ]);
61         $resp->assertSeeText('My new page content');
62         $resp->assertJsonMissing(['book' => []]);
63         $this->assertActivityExists('page_create', $newItem);
64     }
65
66     public function test_page_name_needed_to_create()
67     {
68         $this->actingAsApiEditor();
69         $book = $this->entities->book();
70         $details = [
71             'book_id' => $book->id,
72             'html'    => '<p>A page created via the API</p>',
73         ];
74
75         $resp = $this->postJson($this->baseEndpoint, $details);
76         $resp->assertStatus(422);
77         $resp->assertJson($this->validationResponse([
78             'name' => ['The name field is required.'],
79         ]));
80     }
81
82     public function test_book_id_or_chapter_id_needed_to_create()
83     {
84         $this->actingAsApiEditor();
85         $details = [
86             'name' => 'My api page',
87             'html' => '<p>A page created via the API</p>',
88         ];
89
90         $resp = $this->postJson($this->baseEndpoint, $details);
91         $resp->assertStatus(422);
92         $resp->assertJson($this->validationResponse([
93             'book_id'    => ['The book id field is required when chapter id is not present.'],
94             'chapter_id' => ['The chapter id field is required when book id is not present.'],
95         ]));
96
97         $chapter = $this->entities->chapter();
98         $resp = $this->postJson($this->baseEndpoint, array_merge($details, ['chapter_id' => $chapter->id]));
99         $resp->assertStatus(200);
100
101         $book = $this->entities->book();
102         $resp = $this->postJson($this->baseEndpoint, array_merge($details, ['book_id' => $book->id]));
103         $resp->assertStatus(200);
104     }
105
106     public function test_markdown_can_be_provided_for_create()
107     {
108         $this->actingAsApiEditor();
109         $book = $this->entities->book();
110         $details = [
111             'book_id'  => $book->id,
112             'name'     => 'My api page',
113             'markdown' => "# A new API page \n[link](https://example.com)",
114         ];
115
116         $resp = $this->postJson($this->baseEndpoint, $details);
117         $resp->assertJson(['markdown' => $details['markdown']]);
118
119         $respHtml = $resp->json('html');
120         $this->assertStringContainsString('new API page</h1>', $respHtml);
121         $this->assertStringContainsString('link</a>', $respHtml);
122         $this->assertStringContainsString('href="https://example.com"', $respHtml);
123     }
124
125     public function test_read_endpoint()
126     {
127         $this->actingAsApiEditor();
128         $page = $this->entities->page();
129
130         $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
131         $resp->assertStatus(200);
132         $resp->assertJson([
133             'id'         => $page->id,
134             'slug'       => $page->slug,
135             'created_by' => [
136                 'name' => $page->createdBy->name,
137             ],
138             'book_id'    => $page->book_id,
139             'updated_by' => [
140                 'name' => $page->createdBy->name,
141             ],
142             'owned_by' => [
143                 'name' => $page->ownedBy->name,
144             ],
145         ]);
146     }
147
148     public function test_read_endpoint_provides_rendered_html()
149     {
150         $this->actingAsApiEditor();
151         $page = $this->entities->page();
152         $page->html = "<p>testing</p><script>alert('danger')</script><h1>Hello</h1>";
153         $page->save();
154
155         $resp = $this->getJson($this->baseEndpoint . "/{$page->id}");
156         $html = $resp->json('html');
157         $this->assertStringNotContainsString('script', $html);
158         $this->assertStringContainsString('Hello', $html);
159         $this->assertStringContainsString('testing', $html);
160     }
161
162     public function test_read_endpoint_returns_not_found()
163     {
164         $this->actingAsApiEditor();
165         // get an id that is not used
166         $id = Page::orderBy('id', 'desc')->first()->id + 1;
167         $this->assertNull(Page::find($id));
168
169         $resp = $this->getJson($this->baseEndpoint . "/$id");
170
171         $resp->assertNotFound();
172         $this->assertNull($resp->json('id'));
173         $resp->assertJsonIsObject('error');
174         $resp->assertJsonStructure([
175             'error' => [
176                 'code',
177                 'message',
178             ],
179         ]);
180         $this->assertSame(404, $resp->json('error')['code']);
181     }
182
183     public function test_update_endpoint()
184     {
185         $this->actingAsApiEditor();
186         $page = $this->entities->page();
187         $details = [
188             'name' => 'My updated API page',
189             'html' => '<p>A page created via the API</p>',
190             'tags' => [
191                 [
192                     'name'  => 'freshtag',
193                     'value' => 'freshtagval',
194                 ],
195             ],
196         ];
197
198         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
199         $page->refresh();
200
201         $resp->assertStatus(200);
202         unset($details['html']);
203         $resp->assertJson(array_merge($details, [
204             'id' => $page->id, 'slug' => $page->slug, 'book_id' => $page->book_id,
205         ]));
206         $this->assertActivityExists('page_update', $page);
207     }
208
209     public function test_providing_new_chapter_id_on_update_will_move_page()
210     {
211         $this->actingAsApiEditor();
212         $page = $this->entities->page();
213         $chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
214         $details = [
215             'name'       => 'My updated API page',
216             'chapter_id' => $chapter->id,
217             'html'       => '<p>A page created via the API</p>',
218         ];
219
220         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
221         $resp->assertStatus(200);
222         $resp->assertJson([
223             'chapter_id' => $chapter->id,
224             'book_id'    => $chapter->book_id,
225         ]);
226     }
227
228     public function test_providing_move_via_update_requires_page_create_permission_on_new_parent()
229     {
230         $this->actingAsApiEditor();
231         $page = $this->entities->page();
232         $chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
233         $this->permissions->setEntityPermissions($chapter, ['view'], [$this->users->editor()->roles()->first()]);
234         $details = [
235             'name'       => 'My updated API page',
236             'chapter_id' => $chapter->id,
237             'html'       => '<p>A page created via the API</p>',
238         ];
239
240         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
241         $resp->assertStatus(403);
242     }
243
244     public function test_update_endpoint_does_not_wipe_content_if_no_html_or_md_provided()
245     {
246         $this->actingAsApiEditor();
247         $page = $this->entities->page();
248         $originalContent = $page->html;
249         $details = [
250             'name' => 'My updated API page',
251             'tags' => [
252                 [
253                     'name'  => 'freshtag',
254                     'value' => 'freshtagval',
255                 ],
256             ],
257         ];
258
259         $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
260         $page->refresh();
261
262         $this->assertEquals($originalContent, $page->html);
263     }
264
265     public function test_update_increments_updated_date_if_only_tags_are_sent()
266     {
267         $this->actingAsApiEditor();
268         $page = $this->entities->page();
269         DB::table('pages')->where('id', '=', $page->id)->update(['updated_at' => Carbon::now()->subWeek()]);
270
271         $details = [
272             'tags' => [['name' => 'Category', 'value' => 'Testing']],
273         ];
274
275         $resp = $this->putJson($this->baseEndpoint . "/{$page->id}", $details);
276         $resp->assertOk();
277
278         $page->refresh();
279         $this->assertGreaterThan(Carbon::now()->subDay()->unix(), $page->updated_at->unix());
280     }
281
282     public function test_delete_endpoint()
283     {
284         $this->actingAsApiEditor();
285         $page = $this->entities->page();
286         $resp = $this->deleteJson($this->baseEndpoint . "/{$page->id}");
287
288         $resp->assertStatus(204);
289         $this->assertActivityExists('page_delete', $page);
290     }
291
292     public function test_export_html_endpoint()
293     {
294         $this->actingAsApiEditor();
295         $page = $this->entities->page();
296
297         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/html");
298         $resp->assertStatus(200);
299         $resp->assertSee($page->name);
300         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.html"');
301     }
302
303     public function test_export_plain_text_endpoint()
304     {
305         $this->actingAsApiEditor();
306         $page = $this->entities->page();
307
308         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/plaintext");
309         $resp->assertStatus(200);
310         $resp->assertSee($page->name);
311         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.txt"');
312     }
313
314     public function test_export_pdf_endpoint()
315     {
316         $this->actingAsApiEditor();
317         $page = $this->entities->page();
318
319         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/pdf");
320         $resp->assertStatus(200);
321         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.pdf"');
322     }
323
324     public function test_export_markdown_endpoint()
325     {
326         $this->actingAsApiEditor();
327         $page = $this->entities->page();
328
329         $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/markdown");
330         $resp->assertStatus(200);
331         $resp->assertSee('# ' . $page->name);
332         $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $page->slug . '.md"');
333     }
334
335     public function test_cant_export_when_not_have_permission()
336     {
337         $types = ['html', 'plaintext', 'pdf', 'markdown'];
338         $this->actingAsApiEditor();
339         $this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);
340
341         $page = $this->entities->page();
342         foreach ($types as $type) {
343             $resp = $this->get($this->baseEndpoint . "/{$page->id}/export/{$type}");
344             $this->assertPermissionError($resp);
345         }
346     }
347 }
The core source code for the BookStack project.