use BookStack\Entities\Book;
use BookStack\Entities\Chapter;
use BookStack\Entities\Page;
-use BookStack\Entities\Repos\EntityRepo;
use BookStack\Entities\Repos\PageRepo;
class SortTest extends TestCase
$newBook = Book::where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
- $this->setEntityRestrictions($newBook, ['view', 'edit', 'delete'], $editor->roles);
+ $this->setEntityRestrictions($newBook, ['view', 'update', 'delete'], $editor->roles);
$movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id
]);
$this->assertPermissionError($movePageResp);
- $this->setEntityRestrictions($newBook, ['view', 'edit', 'delete', 'create'], $editor->roles);
+ $this->setEntityRestrictions($newBook, ['view', 'update', 'delete', 'create'], $editor->roles);
$movePageResp = $this->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id
]);
$this->assertTrue($page->book->id == $newBook->id, 'Page book is now the new book');
}
+ public function test_page_move_requires_delete_permissions()
+ {
+ $page = Page::first();
+ $currentBook = $page->book;
+ $newBook = Book::where('id', '!=', $currentBook->id)->first();
+ $editor = $this->getEditor();
+
+ $this->setEntityRestrictions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles);
+ $this->setEntityRestrictions($page, ['view', 'update', 'create'], $editor->roles);
+
+ $movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [
+ 'entity_selection' => 'book:' . $newBook->id
+ ]);
+ $this->assertPermissionError($movePageResp);
+ $pageView = $this->get($page->getUrl());
+ $pageView->assertDontSee($page->getUrl('/move'));
+
+ $this->setEntityRestrictions($page, ['view', 'update', 'create', 'delete'], $editor->roles);
+ $movePageResp = $this->put($page->getUrl('/move'), [
+ 'entity_selection' => 'book:' . $newBook->id
+ ]);
+
+ $page = Page::find($page->id);
+ $movePageResp->assertRedirect($page->getUrl());
+ $this->assertTrue($page->book->id == $newBook->id, 'Page book is now the new book');
+ }
+
public function test_chapter_move()
{
$chapter = Chapter::first();
$pageCheckResp->assertSee($newBook->name);
}
+ public function test_chapter_move_requires_delete_permissions()
+ {
+ $chapter = Chapter::first();
+ $currentBook = $chapter->book;
+ $newBook = Book::where('id', '!=', $currentBook->id)->first();
+ $editor = $this->getEditor();
+
+ $this->setEntityRestrictions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles);
+ $this->setEntityRestrictions($chapter, ['view', 'update', 'create'], $editor->roles);
+
+ $moveChapterResp = $this->actingAs($editor)->put($chapter->getUrl('/move'), [
+ 'entity_selection' => 'book:' . $newBook->id
+ ]);
+ $this->assertPermissionError($moveChapterResp);
+ $pageView = $this->get($chapter->getUrl());
+ $pageView->assertDontSee($chapter->getUrl('/move'));
+
+ $this->setEntityRestrictions($chapter, ['view', 'update', 'create', 'delete'], $editor->roles);
+ $moveChapterResp = $this->put($chapter->getUrl('/move'), [
+ 'entity_selection' => 'book:' . $newBook->id
+ ]);
+
+ $chapter = Chapter::find($chapter->id);
+ $moveChapterResp->assertRedirect($chapter->getUrl());
+ $this->assertTrue($chapter->book->id == $newBook->id, 'Page book is now the new book');
+ }
+
public function test_book_sort()
{
$oldBook = Book::query()->first();
projects / bookstack / blobdiff