BookStack Code Mirror - bookstack/blob - tests/Api/BooksApiTest.php

1 <?php

3 namespace Tests\Api;

5 use BookStack\Entities\Models\Book;

6 use Carbon\Carbon;

7 use Illuminate\Support\Facades\DB;

8 use Tests\TestCase;

10 class BooksApiTest extends TestCase

11 {

12 use TestsApi;

14 protected string $baseEndpoint = '/api/books';

16 public function test_index_endpoint_returns_expected_book()

17 {

18 $this->actingAsApiEditor();

19 $firstBook = Book::query()->orderBy('id', 'asc')->first();

21 $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');

22 $resp->assertJson(['data' => [

23 [

24 'id' => $firstBook->id,

25 'name' => $firstBook->name,

26 'slug' => $firstBook->slug,

27 'owned_by' => $firstBook->owned_by,

28 'created_by' => $firstBook->created_by,

29 'updated_by' => $firstBook->updated_by,

30 ],

31 ]]);

32 }

34 public function test_create_endpoint()

35 {

36 $this->actingAsApiEditor();

37 $templatePage = $this->entities->templatePage();

38 $details = [

39 'name' => 'My API book',

40 'description' => 'A book created via the API',

41 'default_template_id' => $templatePage->id,

42 ];

44 $resp = $this->postJson($this->baseEndpoint, $details);

45 $resp->assertStatus(200);

47 $newItem = Book::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();

48 $resp->assertJson(array_merge($details, [

49 'id' => $newItem->id,

50 'slug' => $newItem->slug,

51 'description_html' => 'A book created via the API',

52 ]));

53 $this->assertActivityExists('book_create', $newItem);

54 }

56 public function test_create_endpoint_with_html()

57 {

58 $this->actingAsApiEditor();

59 $details = [

60 'name' => 'My API book',

61 'description_html' => 'A book created via the API',

62 ];

64 $resp = $this->postJson($this->baseEndpoint, $details);

65 $resp->assertStatus(200);

67 $newItem = Book::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();

68 $expectedDetails = array_merge($details, [

69 'id' => $newItem->id,

70 'description' => 'A book created via the API',

71 ]);

73 $resp->assertJson($expectedDetails);

74 $this->assertDatabaseHas('books', $expectedDetails);

75 }

77 public function test_book_name_needed_to_create()

78 {

79 $this->actingAsApiEditor();

80 $details = [

81 'description' => 'A book created via the API',

82 ];

84 $resp = $this->postJson($this->baseEndpoint, $details);

85 $resp->assertStatus(422);

86 $resp->assertJson([

87 'error' => [

88 'message' => 'The given data was invalid.',

89 'validation' => [

90 'name' => ['The name field is required.'],

91 ],

92 'code' => 422,

93 ],

94 ]);

95 }

97 public function test_read_endpoint()

98 {

99 $this->actingAsApiEditor();

100 $book = $this->entities->book();

101

102 $resp = $this->getJson($this->baseEndpoint . "/{$book->id}");

103

104 $resp->assertStatus(200);

105 $resp->assertJson([

106 'id' => $book->id,

107 'slug' => $book->slug,

108 'created_by' => [

109 'name' => $book->createdBy->name,

110 ],

111 'updated_by' => [

112 'name' => $book->createdBy->name,

113 ],

114 'owned_by' => [

115 'name' => $book->ownedBy->name,

116 ],

117 'default_template_id' => null,

118 ]);

119 }

120

121 public function test_read_endpoint_includes_chapter_and_page_contents()

122 {

123 $this->actingAsApiEditor();

124 $book = $this->entities->bookHasChaptersAndPages();

125 $chapter = $book->chapters()->first();

126 $chapterPage = $chapter->pages()->first();

127

128 $resp = $this->getJson($this->baseEndpoint . "/{$book->id}");

129

130 $directChildCount = $book->directPages()->count() + $book->chapters()->count();

131 $resp->assertStatus(200);

132 $resp->assertJsonCount($directChildCount, 'contents');

133 $resp->assertJson([

134 'contents' => [

135 [

136 'type' => 'chapter',

137 'id' => $chapter->id,

138 'name' => $chapter->name,

139 'slug' => $chapter->slug,

140 'pages' => [

141 [

142 'id' => $chapterPage->id,

143 'name' => $chapterPage->name,

144 'slug' => $chapterPage->slug,

145 ]

146 ]

147 ]

148 ]

149 ]);

150 }

151

152 public function test_read_endpoint_contents_nested_pages_has_permissions_applied()

153 {

154 $this->actingAsApiEditor();

155

156 $book = $this->entities->bookHasChaptersAndPages();

157 $chapter = $book->chapters()->first();

158 $chapterPage = $chapter->pages()->first();

159 $customName = 'MyNonVisiblePageWithinAChapter';

160 $chapterPage->name = $customName;

161 $chapterPage->save();

162

163 $this->permissions->disableEntityInheritedPermissions($chapterPage);

164

165 $resp = $this->getJson($this->baseEndpoint . "/{$book->id}");

166 $resp->assertJsonMissing(['name' => $customName]);

167 }

168

169 public function test_update_endpoint()

170 {

171 $this->actingAsApiEditor();

172 $book = $this->entities->book();

173 $templatePage = $this->entities->templatePage();

174 $details = [

175 'name' => 'My updated API book',

176 'description' => 'A book updated via the API',

177 'default_template_id' => $templatePage->id,

178 ];

179

180 $resp = $this->putJson($this->baseEndpoint . "/{$book->id}", $details);

181 $book->refresh();

182

183 $resp->assertStatus(200);

184 $resp->assertJson(array_merge($details, [

185 'id' => $book->id,

186 'slug' => $book->slug,

187 'description_html' => 'A book updated via the API',

188 ]));

189 $this->assertActivityExists('book_update', $book);

190 }

191

192 public function test_update_endpoint_with_html()

193 {

194 $this->actingAsApiEditor();

195 $book = $this->entities->book();

196 $details = [

197 'name' => 'My updated API book',

198 'description_html' => 'A book updated via the API',

199 ];

200

201 $resp = $this->putJson($this->baseEndpoint . "/{$book->id}", $details);

202 $resp->assertStatus(200);

203

204 $this->assertDatabaseHas('books', array_merge($details, ['id' => $book->id, 'description' => 'A book updated via the API']));

205 }

206

207 public function test_update_increments_updated_date_if_only_tags_are_sent()

208 {

209 $this->actingAsApiEditor();

210 $book = $this->entities->book();

211 DB::table('books')->where('id', '=', $book->id)->update(['updated_at' => Carbon::now()->subWeek()]);

212

213 $details = [

214 'tags' => [['name' => 'Category', 'value' => 'Testing']],

215 ];

216

217 $this->putJson($this->baseEndpoint . "/{$book->id}", $details);

218 $book->refresh();

219 $this->assertGreaterThan(Carbon::now()->subDay()->unix(), $book->updated_at->unix());

220 }

221

222 public function test_update_cover_image_control()

223 {

224 $this->actingAsApiEditor();

225 /** @var Book $book */

226 $book = $this->entities->book();

227 $this->assertNull($book->cover);

228 $file = $this->files->uploadedImage('image.png');

229

230 // Ensure cover image can be set via API

231 $resp = $this->call('PUT', $this->baseEndpoint . "/{$book->id}", [

232 'name' => 'My updated API book with image',

233 ], [], ['image' => $file]);

234 $book->refresh();

235

236 $resp->assertStatus(200);

237 $this->assertNotNull($book->cover);

238

239 // Ensure further updates without image do not clear cover image

240 $resp = $this->put($this->baseEndpoint . "/{$book->id}", [

241 'name' => 'My updated book again',

242 ]);

243 $book->refresh();

244

245 $resp->assertStatus(200);

246 $this->assertNotNull($book->cover);

247

248 // Ensure update with null image property clears image

249 $resp = $this->put($this->baseEndpoint . "/{$book->id}", [

250 'image' => null,

251 ]);

252 $book->refresh();

253

254 $resp->assertStatus(200);

255 $this->assertNull($book->cover);

256 }

257

258 public function test_delete_endpoint()

259 {

260 $this->actingAsApiEditor();

261 $book = $this->entities->book();

262 $resp = $this->deleteJson($this->baseEndpoint . "/{$book->id}");

263

264 $resp->assertStatus(204);

265 $this->assertActivityExists('book_delete');

266 }

267

268 public function test_export_html_endpoint()

269 {

270 $this->actingAsApiEditor();

271 $book = $this->entities->book();

272

273 $resp = $this->get($this->baseEndpoint . "/{$book->id}/export/html");

274 $resp->assertStatus(200);

275 $resp->assertSee($book->name);

276 $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $book->slug . '.html"');

277 }

278

279 public function test_export_plain_text_endpoint()

280 {

281 $this->actingAsApiEditor();

282 $book = $this->entities->book();

283

284 $resp = $this->get($this->baseEndpoint . "/{$book->id}/export/plaintext");

285 $resp->assertStatus(200);

286 $resp->assertSee($book->name);

287 $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $book->slug . '.txt"');

288 }

289

290 public function test_export_pdf_endpoint()

291 {

292 $this->actingAsApiEditor();

293 $book = $this->entities->book();

294

295 $resp = $this->get($this->baseEndpoint . "/{$book->id}/export/pdf");

296 $resp->assertStatus(200);

297 $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $book->slug . '.pdf"');

298 }

299

300 public function test_export_markdown_endpoint()

301 {

302 $this->actingAsApiEditor();

303 $book = Book::visible()->has('pages')->has('chapters')->first();

304

305 $resp = $this->get($this->baseEndpoint . "/{$book->id}/export/markdown");

306 $resp->assertStatus(200);

307 $resp->assertHeader('Content-Disposition', 'attachment; filename="' . $book->slug . '.md"');

308 $resp->assertSee('# ' . $book->name);

309 $resp->assertSee('# ' . $book->pages()->first()->name);

310 $resp->assertSee('# ' . $book->chapters()->first()->name);

311 }

312

313 public function test_cant_export_when_not_have_permission()

314 {

315 $types = ['html', 'plaintext', 'pdf', 'markdown'];

316 $this->actingAsApiEditor();

317 $this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);

318

319 $book = $this->entities->book();

320 foreach ($types as $type) {

321 $resp = $this->get($this->baseEndpoint . "/{$book->id}/export/{$type}");

322 $this->assertPermissionError($resp);

323 }

324 }

325 }