Applied permissions to revision action visibility

author Dan Brown <redacted>

Wed, 28 Sep 2022 10:10:06 +0000 (11:10 +0100)

committer Dan Brown <redacted>

Wed, 28 Sep 2022 10:10:06 +0000 (11:10 +0100)
author Dan Brown <redacted>
Wed, 28 Sep 2022 10:10:06 +0000 (11:10 +0100)
committer Dan Brown <redacted>
Wed, 28 Sep 2022 10:10:06 +0000 (11:10 +0100)
diff --git a/resources/views/pages/parts/revision-table-row.blade.php b/resources/views/pages/parts/revision-table-row.blade.php

index bd891d6c44f0c4dd4e113684c693a23127c8ec4e..24301adc376991a9bbe4412440f627fd2ee14388 100644 (file)
--- a/resources/views/pages/parts/revision-table-row.blade.php
+++ b/resources/views/pages/parts/revision-table-row.blade.php
@@ -30,40 +30,46 @@
              <a target="_blank" rel="noopener" href="{{ $revision->page->getUrl() }}"><i>{{ trans('entities.pages_revisions_current') }}</i></a>
          @else
              <a href="{{ $revision->getUrl() }}" target="_blank" rel="noopener">{{ trans('entities.pages_revisions_preview') }}</a>
              <a target="_blank" rel="noopener" href="{{ $revision->page->getUrl() }}"><i>{{ trans('entities.pages_revisions_current') }}</i></a>
          @else
              <a href="{{ $revision->getUrl() }}" target="_blank" rel="noopener">{{ trans('entities.pages_revisions_preview') }}</a>
-            <span class="text-muted">&nbsp;|&nbsp;</span>
-            <div component="dropdown" class="dropdown-container">
-                <a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('entities.pages_revisions_restore') }}</a>
-                <ul refs="dropdown@menu" class="dropdown-menu" role="menu">
-                    <li class="px-m py-s"><small class="text-muted">{{trans('entities.revision_restore_confirm')}}</small></li>
-                    <li>
-                        <form action="{{ $revision->getUrl('/restore') }}" method="POST">
-                            {!! csrf_field() !!}
-                            <input type="hidden" name="_method" value="PUT">
-                            <button type="submit" class="text-primary icon-item">
-                                @icon('history')
-                                <div>{{ trans('entities.pages_revisions_restore') }}</div>
-                            </button>
-                        </form>
-                    </li>
-                </ul>
-            </div>
-            <span class="text-muted">&nbsp;|&nbsp;</span>
-            <div component="dropdown" class="dropdown-container">
-                <a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('common.delete') }}</a>
-                <ul refs="dropdown@menu" class="dropdown-menu" role="menu">
-                    <li class="px-m py-s"><small class="text-muted">{{trans('entities.revision_delete_confirm')}}</small></li>
-                    <li>
-                        <form action="{{ $revision->getUrl('/delete/') }}" method="POST">
-                            {!! csrf_field() !!}
-                            <input type="hidden" name="_method" value="DELETE">
-                            <button type="submit" class="text-neg icon-item">
-                                @icon('delete')
-                                <div>{{ trans('common.delete') }}</div>
-                            </button>
-                        </form>
-                    </li>
-                </ul>
-            </div>
+
+            @if(userCan('page-update', $revision->page))
+                <span class="text-muted">&nbsp;|&nbsp;</span>
+                <div component="dropdown" class="dropdown-container">
+                    <a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('entities.pages_revisions_restore') }}</a>
+                    <ul refs="dropdown@menu" class="dropdown-menu" role="menu">
+                        <li class="px-m py-s"><small class="text-muted">{{trans('entities.revision_restore_confirm')}}</small></li>
+                        <li>
+                            <form action="{{ $revision->getUrl('/restore') }}" method="POST">
+                                {!! csrf_field() !!}
+                                <input type="hidden" name="_method" value="PUT">
+                                <button type="submit" class="text-primary icon-item">
+                                    @icon('history')
+                                    <div>{{ trans('entities.pages_revisions_restore') }}</div>
+                                </button>
+                            </form>
+                        </li>
+                    </ul>
+                </div>
+            @endif
+
+            @if(userCan('page-delete', $revision->page))
+                <span class="text-muted">&nbsp;|&nbsp;</span>
+                <div component="dropdown" class="dropdown-container">
+                    <a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('common.delete') }}</a>
+                    <ul refs="dropdown@menu" class="dropdown-menu" role="menu">
+                        <li class="px-m py-s"><small class="text-muted">{{trans('entities.revision_delete_confirm')}}</small></li>
+                        <li>
+                            <form action="{{ $revision->getUrl('/delete/') }}" method="POST">
+                                {!! csrf_field() !!}
+                                <input type="hidden" name="_method" value="DELETE">
+                                <button type="submit" class="text-neg icon-item">
+                                    @icon('delete')
+                                    <div>{{ trans('common.delete') }}</div>
+                                </button>
+                            </form>
+                        </li>
+                    </ul>
+                </div>
+            @endif
          @endif
      </td>
  </tr>
 \ No newline at end of file
          @endif
      </td>
  </tr>
 \ No newline at end of file
diff --git a/tests/Entity/PageRevisionTest.php b/tests/Entity/PageRevisionTest.php

index 5ddad8441f39157439dd0e3b52e908dabe869647..05c86c97d8519e89afabcf13de8a090c5b46a2c6 100644 (file)
--- a/tests/Entity/PageRevisionTest.php
+++ b/tests/Entity/PageRevisionTest.php
@@ -4,7 +4,6 @@ namespace Tests\Entity;
  
  use BookStack\Actions\ActivityType;
  use BookStack\Entities\Models\Page;
  
  use BookStack\Actions\ActivityType;
  use BookStack\Entities\Models\Page;
-use BookStack\Entities\Repos\PageRepo;
  use Tests\TestCase;
  
  class PageRevisionTest extends TestCase
  use Tests\TestCase;
  
  class PageRevisionTest extends TestCase
@@ -23,30 +22,26 @@ class PageRevisionTest extends TestCase
      public function test_page_revision_views_viewable()
      {
          $this->asEditor();
      public function test_page_revision_views_viewable()
      {
          $this->asEditor();
-
-        $pageRepo = app(PageRepo::class);
          $page = Page::first();
          $page = Page::first();
-        $pageRepo->update($page, ['name' => 'updated page', 'html' => '<p>new content</p>', 'summary' => 'page revision testing']);
+        $this->createRevisions($page, 1, ['name' => 'updated page', 'html' => '<p>new content</p>']);
          $pageRevision = $page->revisions->last();
  
          $pageRevision = $page->revisions->last();
  
-        $revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id);
-        $revisionView->assertStatus(200);
-        $revisionView->assertSee('new content');
+        $resp = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id);
+        $resp->assertStatus(200);
+        $resp->assertSee('new content');
  
  
-        $revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id . '/changes');
-        $revisionView->assertStatus(200);
-        $revisionView->assertSee('new content');
+        $resp = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id . '/changes');
+        $resp->assertStatus(200);
+        $resp->assertSee('new content');
      }
  
      public function test_page_revision_preview_shows_content_of_revision()
      {
          $this->asEditor();
      }
  
      public function test_page_revision_preview_shows_content_of_revision()
      {
          $this->asEditor();
-
-        $pageRepo = app(PageRepo::class);
          $page = Page::first();
          $page = Page::first();
-        $pageRepo->update($page, ['name' => 'updated page', 'html' => '<p>new revision content</p>', 'summary' => 'page revision testing']);
+        $this->createRevisions($page, 1, ['name' => 'updated page', 'html' => '<p>new revision content</p>']);
          $pageRevision = $page->revisions->last();
          $pageRevision = $page->revisions->last();
-        $pageRepo->update($page, ['name' => 'updated page', 'html' => '<p>Updated content</p>', 'summary' => 'page revision testing 2']);
+        $this->createRevisions($page, 1, ['name' => 'updated page', 'html' => '<p>Updated content</p>']);
  
          $revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id);
          $revisionView->assertStatus(200);
  
          $revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id);
          $revisionView->assertStatus(200);
@@ -56,11 +51,9 @@ class PageRevisionTest extends TestCase
      public function test_page_revision_restore_updates_content()
      {
          $this->asEditor();
      public function test_page_revision_restore_updates_content()
      {
          $this->asEditor();
-
-        $pageRepo = app(PageRepo::class);
          $page = Page::first();
          $page = Page::first();
-        $pageRepo->update($page, ['name' => 'updated page abc123', 'html' => '<p>new contente def456</p>', 'summary' => 'initial page revision testing']);
-        $pageRepo->update($page, ['name' => 'updated page again', 'html' => '<p>new content</p>', 'summary' => 'page revision testing']);
+        $this->createRevisions($page, 1, ['name' => 'updated page abc123', 'html' => '<p>new contente def456</p>']);
+        $this->createRevisions($page, 1, ['name' => 'updated page again', 'html' => '<p>new content</p>']);
          $page = Page::find($page->id);
  
          $pageView = $this->get($page->getUrl());
          $page = Page::find($page->id);
  
          $pageView = $this->get($page->getUrl());
@@ -82,11 +75,9 @@ class PageRevisionTest extends TestCase
      public function test_page_revision_restore_with_markdown_retains_markdown_content()
      {
          $this->asEditor();
      public function test_page_revision_restore_with_markdown_retains_markdown_content()
      {
          $this->asEditor();
-
-        $pageRepo = app(PageRepo::class);
          $page = Page::first();
          $page = Page::first();
-        $pageRepo->update($page, ['name' => 'updated page abc123', 'markdown' => '## New Content def456', 'summary' => 'initial page revision testing']);
-        $pageRepo->update($page, ['name' => 'updated page again', 'markdown' => '## New Content Updated', 'summary' => 'page revision testing']);
+        $this->createRevisions($page, 1, ['name' => 'updated page abc123', 'markdown' => '## New Content def456']);
+        $this->createRevisions($page, 1, ['name' => 'updated page again', 'markdown' => '## New Content Updated']);
          $page = Page::find($page->id);
  
          $pageView = $this->get($page->getUrl());
          $page = Page::find($page->id);
  
          $pageView = $this->get($page->getUrl());
@@ -112,11 +103,9 @@ class PageRevisionTest extends TestCase
      public function test_page_revision_restore_sets_new_revision_with_summary()
      {
          $this->asEditor();
      public function test_page_revision_restore_sets_new_revision_with_summary()
      {
          $this->asEditor();
-
-        $pageRepo = app(PageRepo::class);
          $page = Page::first();
          $page = Page::first();
-        $pageRepo->update($page, ['name' => 'updated page abc123', 'html' => '<p>new contente def456</p>', 'summary' => 'My first update']);
-        $pageRepo->update($page, ['name' => 'updated page again', 'html' => '<p>new content</p>', 'summary' => '']);
+        $this->createRevisions($page, 1, ['name' => 'updated page abc123', 'html' => '<p>new contente def456</p>', 'summary' => 'My first update']);
+        $this->createRevisions($page, 1, ['html' => '<p>new content</p>']);
          $page->refresh();
  
          $revToRestore = $page->revisions()->where('name', 'like', '%abc123')->first();
          $page->refresh();
  
          $revToRestore = $page->revisions()->where('name', 'like', '%abc123')->first();
@@ -138,8 +127,7 @@ class PageRevisionTest extends TestCase
      {
          $page = Page::first();
          $startCount = $page->revision_count;
      {
          $page = Page::first();
          $startCount = $page->revision_count;
-        $resp = $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-        $resp->assertStatus(302);
+        $this->createRevisions($page, 1);
  
          $this->assertTrue(Page::find($page->id)->revision_count === $startCount + 1);
      }
  
          $this->assertTrue(Page::find($page->id)->revision_count === $startCount + 1);
      }
@@ -147,12 +135,8 @@ class PageRevisionTest extends TestCase
      public function test_revision_count_shown_in_page_meta()
      {
          $page = Page::first();
      public function test_revision_count_shown_in_page_meta()
      {
          $page = Page::first();
-        $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
+        $this->createRevisions($page, 2);
  
  
-        $page = Page::find($page->id);
-        $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-
-        $page = Page::find($page->id);
          $pageView = $this->get($page->getUrl());
          $pageView->assertSee('Revision #' . $page->revision_count);
      }
          $pageView = $this->get($page->getUrl());
          $pageView->assertSee('Revision #' . $page->revision_count);
      }
@@ -161,12 +145,7 @@ class PageRevisionTest extends TestCase
      {
          /** @var Page $page */
          $page = Page::query()->first();
      {
          /** @var Page $page */
          $page = Page::query()->first();
-        $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-
-        $page->refresh();
-        $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-
-        $page->refresh();
+        $this->createRevisions($page, 2);
          $beforeRevisionCount = $page->revisions->count();
  
          // Delete the first revision
          $beforeRevisionCount = $page->revisions->count();
  
          // Delete the first revision
@@ -196,12 +175,7 @@ class PageRevisionTest extends TestCase
      {
          config()->set('app.revision_limit', 2);
          $page = Page::first();
      {
          config()->set('app.revision_limit', 2);
          $page = Page::first();
-        $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-        $page = Page::find($page->id);
-        $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-        for ($i = 0; $i < 10; $i++) {
-            $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-        }
+        $this->createRevisions($page, 12);
  
          $revisionCount = $page->revisions()->count();
          $this->assertEquals(2, $revisionCount);
  
          $revisionCount = $page->revisions()->count();
          $this->assertEquals(2, $revisionCount);
@@ -211,12 +185,7 @@ class PageRevisionTest extends TestCase
      {
          config()->set('app.revision_limit', false);
          $page = Page::first();
      {
          config()->set('app.revision_limit', false);
          $page = Page::first();
-        $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-        $page = Page::find($page->id);
-        $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-        for ($i = 0; $i < 10; $i++) {
-            $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
-        }
+        $this->createRevisions($page, 12);
  
          $revisionCount = $page->revisions()->count();
          $this->assertEquals(12, $revisionCount);
  
          $revisionCount = $page->revisions()->count();
          $this->assertEquals(12, $revisionCount);
@@ -226,14 +195,68 @@ class PageRevisionTest extends TestCase
      {
          /** @var Page $page */
          $page = Page::first();
      {
          /** @var Page $page */
          $page = Page::first();
-        $this->asAdmin()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html']);
+        $this->createRevisions($page, 1, ['html' => 'new page html']);
  
  
-        $resp = $this->get($page->refresh()->getUrl('/revisions'));
+        $resp = $this->asAdmin()->get($page->refresh()->getUrl('/revisions'));
          $this->withHtml($resp)->assertElementContains('td', '(WYSIWYG)');
          $this->withHtml($resp)->assertElementNotContains('td', '(Markdown)');
  
          $this->withHtml($resp)->assertElementContains('td', '(WYSIWYG)');
          $this->withHtml($resp)->assertElementNotContains('td', '(Markdown)');
  
-        $this->asAdmin()->put($page->getUrl(), ['name' => 'Updated page', 'markdown' => '# Some markdown content']);
+        $this->createRevisions($page, 1, ['markdown' => '# Some markdown content']);
          $resp = $this->get($page->refresh()->getUrl('/revisions'));
          $this->withHtml($resp)->assertElementContains('td', '(Markdown)');
      }
          $resp = $this->get($page->refresh()->getUrl('/revisions'));
          $this->withHtml($resp)->assertElementContains('td', '(Markdown)');
      }
+
+    public function test_revision_restore_action_only_visible_with_permission()
+    {
+        /** @var Page $page */
+        $page = Page::query()->first();
+        $this->createRevisions($page, 2);
+
+        $viewer = $this->getViewer();
+        $this->actingAs($viewer);
+        $respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
+        $respHtml->assertElementNotContains('.actions a', 'Restore');
+        $respHtml->assertElementNotExists('form[action$="/restore"]');
+
+        $this->giveUserPermissions($viewer, ['page-update-all']);
+
+        $respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
+        $respHtml->assertElementContains('.actions a', 'Restore');
+        $respHtml->assertElementExists('form[action$="/restore"]');
+    }
+
+    public function test_revision_delete_action_only_visible_with_permission()
+    {
+        /** @var Page $page */
+        $page = Page::query()->first();
+        $this->createRevisions($page, 2);
+
+        $viewer = $this->getViewer();
+        $this->actingAs($viewer);
+        $respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
+        $respHtml->assertElementNotContains('.actions a', 'Delete');
+        $respHtml->assertElementNotExists('form[action$="/delete"]');
+
+        $this->giveUserPermissions($viewer, ['page-delete-all']);
+
+        $respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
+        $respHtml->assertElementContains('.actions a', 'Delete');
+        $respHtml->assertElementExists('form[action$="/delete"]');
+    }
+
+    protected function createRevisions(Page $page, int $times, array $attrs = [])
+    {
+        $user = user();
+
+        for ($i = 0; $i < $times; $i++) {
+            $data = ['name' => 'Page update' . $i, 'summary' => 'Update entry' . $i];
+            if (!isset($attrs['markdown'])) {
+                $data['html'] = '<p>My update page</p>';
+            }
+            $this->asAdmin()->put($page->getUrl(), array_merge($data, $attrs));
+            $page->refresh();
+        }
+
+        $this->actingAs($user);
+    }
  }
  }
author	Dan Brown <redacted>
	Wed, 28 Sep 2022 10:10:06 +0000 (11:10 +0100)
committer	Dan Brown <redacted>
	Wed, 28 Sep 2022 10:10:06 +0000 (11:10 +0100)
resources/views/pages/parts/revision-table-row.blade.php		patch \| blob \| history
tests/Entity/PageRevisionTest.php		patch \| blob \| history