namespace Tests;
-use BookStack\Auth\Permissions\JointPermissionBuilder;
-use BookStack\Auth\Permissions\RolePermission;
-use BookStack\Auth\Role;
-use BookStack\Auth\User;
use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Chapter;
-use BookStack\Entities\Models\Page;
+use BookStack\Permissions\Models\RolePermission;
+use BookStack\Users\Models\Role;
+use BookStack\Users\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\View;
public function test_app_not_public()
{
$this->setSettings(['app-public' => 'false']);
- $book = Book::query()->first();
+ $book = $this->entities->book();
$this->get('/books')->assertRedirect('/login');
$this->get($book->getUrl())->assertRedirect('/login');
- $page = Page::query()->first();
+ $page = $this->entities->page();
$this->get($page->getUrl())->assertRedirect('/login');
}
foreach (RolePermission::all() as $perm) {
$publicRole->attachPermission($perm);
}
- $this->app->make(JointPermissionBuilder::class)->rebuildForRole($publicRole);
user()->clearPermissionCache();
- /** @var Chapter $chapter */
- $chapter = Chapter::query()->first();
+ $chapter = $this->entities->chapter();
$resp = $this->get($chapter->getUrl());
$resp->assertSee('New Page');
$this->withHtml($resp)->assertElementExists('a[href="' . $chapter->getUrl('/create-page') . '"]');
$resp = $this->post($chapter->getUrl('/create-guest-page'), ['name' => 'My guest page']);
$resp->assertRedirect($chapter->book->getUrl('/page/my-guest-page/edit'));
- $user = User::getDefault();
+ $user = $this->users->guest();
$this->assertDatabaseHas('pages', [
'name' => 'My guest page',
'chapter_id' => $chapter->id,
public function test_content_not_listed_on_404_for_public_users()
{
- $page = Page::query()->first();
+ $page = $this->entities->page();
$page->fill(['name' => 'my testing random unique page name'])->save();
$this->asAdmin()->get($page->getUrl()); // Fake visit to show on recents
$resp = $this->get('/cats/dogs/hippos');
$resp->assertDontSee($page->name);
}
- public function test_robots_effected_by_public_status()
+ public function test_default_favicon_file_created_upon_access()
{
- $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
-
- $this->setSettings(['app-public' => 'true']);
-
- $resp = $this->get('/robots.txt');
- $resp->assertSee("User-agent: *\nDisallow:");
- $resp->assertDontSee('Disallow: /');
- }
-
- public function test_robots_effected_by_setting()
- {
- $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
-
- config()->set('app.allow_robots', true);
-
- $resp = $this->get('/robots.txt');
- $resp->assertSee("User-agent: *\nDisallow:");
- $resp->assertDontSee('Disallow: /');
+ $faviconPath = public_path('favicon.ico');
+ if (file_exists($faviconPath)) {
+ unlink($faviconPath);
+ }
- // Check config overrides app-public setting
- config()->set('app.allow_robots', false);
- $this->setSettings(['app-public' => 'true']);
- $this->get('/robots.txt')->assertSee("User-agent: *\nDisallow: /");
+ $this->assertFileDoesNotExist($faviconPath);
+ $this->get('/favicon.ico');
+ $this->assertFileExists($faviconPath);
}
public function test_public_view_then_login_redirects_to_previous_content()
{
$this->setSettings(['app-public' => 'true']);
- /** @var Book $book */
- $book = Book::query()->first();
+ $book = $this->entities->book();
$resp = $this->get($book->getUrl());
$resp->assertSee($book->name);
public function test_access_hidden_content_then_login_redirects_to_intended_content()
{
$this->setSettings(['app-public' => 'true']);
- /** @var Book $book */
- $book = Book::query()->first();
- $this->setEntityRestrictions($book);
+ $book = $this->entities->book();
+ $this->permissions->setEntityPermissions($book);
$resp = $this->get($book->getUrl());
$resp->assertSee('Book not found');
$resp->assertRedirect($book->getUrl());
$this->followRedirects($resp)->assertSee($book->name);
}
+
+ public function test_public_view_can_take_on_other_roles()
+ {
+ $this->setSettings(['app-public' => 'true']);
+ $newRole = $this->users->attachNewRole($this->users->guest(), []);
+ $page = $this->entities->page();
+ $this->permissions->disableEntityInheritedPermissions($page);
+ $this->permissions->addEntityPermission($page, ['view', 'update'], $newRole);
+
+ $resp = $this->get($page->getUrl());
+ $resp->assertOk();
+
+ $this->withHtml($resp)->assertLinkExists($page->getUrl('/edit'));
+ }
+
+ public function test_public_user_cannot_view_or_update_their_profile()
+ {
+ $this->setSettings(['app-public' => 'true']);
+ $guest = $this->users->guest();
+
+ $resp = $this->get($guest->getEditUrl());
+ $this->assertPermissionError($resp);
+
+ $resp = $this->put($guest->getEditUrl(), ['name' => 'My new guest name']);
+ $this->assertPermissionError($resp);
+ }
}
projects / bookstack / blobdiff