]> BookStack Code Mirror - bookstack/blobdiff - tests/Permissions/Scenarios/EntityRolePermissionsTest.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed role entity permissions ignoring inheritance
[bookstack] / tests / Permissions / Scenarios / EntityRolePermissionsTest.php
diff --git a/tests/Permissions/Scenarios/EntityRolePermissionsTest.php b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php
index c8f1401e7745ea2a49c8619b2a83fbb9dfcd2422..bd5b31fdc35113bf1f8bc0feaf7c54e3c6971c84 100644 (file)
--- a/tests/Permissions/Scenarios/EntityRolePermissionsTest.php
+++ b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php
@@ -293,4 +293,31 @@ class EntityRolePermissionsTest extends PermissionScenarioTestCase
 
         $this->assertNotVisibleToUser($page, $user);
     }
+
+    public function test_90_fallback_overrides_parent_entity_role_deny()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole();
+        $page = $this->entities->page();
+        $chapter = $page->chapter;
+
+        $this->permissions->setFallbackPermissions($chapter, []);
+        $this->permissions->setFallbackPermissions($page, []);
+        $this->permissions->addEntityPermission($chapter, ['view'], $roleA);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
+    public function test_91_fallback_overrides_parent_entity_role_inherit()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole();
+        $page = $this->entities->page();
+        $chapter = $page->chapter;
+        $book = $page->book;
+
+        $this->permissions->setFallbackPermissions($book, []);
+        $this->permissions->setFallbackPermissions($chapter, []);
+        $this->permissions->addEntityPermission($book, ['view'], $roleA);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
 }
The core source code for the BookStack project.