X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..HEAD:/tests/Api/TestsApi.php

diff --git a/tests/Api/TestsApi.php b/tests/Api/TestsApi.php
index 1ad4d14b6..466acbffb 100644
--- a/tests/Api/TestsApi.php
+++ b/tests/Api/TestsApi.php
@@ -1,17 +1,42 @@
-<?php namespace Tests\Api;
+<?php
+
+namespace Tests\Api;
+
+use BookStack\Users\Models\User;
 
 trait TestsApi
 {
+    protected string $apiTokenId = 'apitoken';
+    protected string $apiTokenSecret = 'password';
+
+    /**
+     * Set the given user as the current logged-in user via the API driver.
+     * This does not ensure API access. The user may still lack required role permissions.
+     */
+    protected function actingAsForApi(User $user): static
+    {
+        parent::actingAs($user, 'api');
 
-    protected $apiTokenId = 'apitoken';
-    protected $apiTokenSecret = 'password';
+        return $this;
+    }
 
     /**
      * Set the API editor role as the current user via the API driver.
      */
-    protected function actingAsApiEditor()
+    protected function actingAsApiEditor(): static
+    {
+        $this->actingAs($this->users->editor(), 'api');
+
+        return $this;
+    }
+
+    /**
+     * Set the API admin role as the current user via the API driver.
+     */
+    protected function actingAsApiAdmin(): static
     {
-        $this->actingAs($this->getEditor(), 'api');
+        $this->actingAs($this->users->admin(), 'api');
+
         return $this;
     }
 
@@ -20,7 +45,15 @@ trait TestsApi
      */
     protected function errorResponse(string $message, int $code): array
     {
-        return ["error" => ["code" => $code, "message" => $message]];
+        return ['error' => ['code' => $code, 'message' => $message]];
+    }
+
+    /**
+     * Get the structure that matches a permission error response.
+     */
+    protected function permissionErrorResponse(): array
+    {
+        return $this->errorResponse('You do not have permission to perform the requested action.', 403);
     }
 
     /**
@@ -29,18 +62,19 @@ trait TestsApi
      */
     protected function validationResponse(array $messages): array
     {
-        $err = $this->errorResponse("The given data was invalid.", 422);
+        $err = $this->errorResponse('The given data was invalid.', 422);
         $err['error']['validation'] = $messages;
+
         return $err;
     }
+
     /**
      * Get an approved API auth header.
      */
     protected function apiAuthHeader(): array
     {
         return [
-            "Authorization" => "Token {$this->apiTokenId}:{$this->apiTokenSecret}"
+            'Authorization' => "Token {$this->apiTokenId}:{$this->apiTokenSecret}",
         ];
     }
-
-}
\ No newline at end of file
+}