Added tests for not-yet-built role API endpoints

diff --git a/app/Auth/Permissions/RolePermission.php b/app/Auth/Permissions/RolePermission.php
index f34de917c07a425e7bf689c728d2edbe8ed2bfab..467c43ce282c17941ced8d87705878b40de42c01 100644 (file)
--- a/app/Auth/Permissions/RolePermission.php
+++ b/app/Auth/Permissions/RolePermission.php
@@ -8,6 +8,8 @@ use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 
 /**
  * @property int $id
+ * @property string $name
+ * @property string $display_name
  */
 class RolePermission extends Model
 {

diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php
index 64e9d732da769496eb93e390e0941b1b77c57ae5..da6ca4321c3eab9c05ed4046efa535bf2ab9640f 100644 (file)
--- a/app/Http/Controllers/Api/UserApiController.php
+++ b/app/Http/Controllers/Api/UserApiController.php
@@ -13,9 +13,9 @@ use Illuminate\Validation\Rules\Unique;
 
 class UserApiController extends ApiController
 {
-    protected $userRepo;
+    protected UserRepo $userRepo;
 
-    protected $fieldsToExpose = [
+    protected array $fieldsToExpose = [
         'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id',
     ];
 

diff --git a/tests/Api/RolesApiTest.php b/tests/Api/RolesApiTest.php
new file mode 100644 (file)
index 0000000..38026a4
--- /dev/null
+++ b/tests/Api/RolesApiTest.php
@@ -0,0 +1,227 @@
+<?php
+
+namespace Tests\Api;
+
+use BookStack\Actions\ActivityType;
+use BookStack\Auth\Role;
+use BookStack\Auth\User;
+use Tests\TestCase;
+
+class RolesApiTest extends TestCase
+{
+    use TestsApi;
+
+    protected string $baseEndpoint = '/api/roles';
+
+    protected array $endpointMap = [
+        ['get', '/api/roles'],
+        ['post', '/api/roles'],
+        ['get', '/api/roles/1'],
+        ['put', '/api/roles/1'],
+        ['delete', '/api/roles/1'],
+    ];
+
+    public function test_user_roles_manage_permission_needed_for_all_endpoints()
+    {
+        $this->actingAsApiEditor();
+        foreach ($this->endpointMap as [$method, $uri]) {
+            $resp = $this->json($method, $uri);
+            $resp->assertStatus(403);
+            $resp->assertJson($this->permissionErrorResponse());
+        }
+    }
+
+    public function test_index_endpoint_returns_expected_role_and_count()
+    {
+        $this->actingAsApiAdmin();
+        /** @var Role $firstRole */
+        $firstRole = Role::query()->orderBy('id', 'asc')->first();
+
+        $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
+        $resp->assertJson(['data' => [
+            [
+                'id'          => $firstRole->id,
+                'display_name'        => $firstRole->display_name,
+                'description'        => $firstRole->description,
+                'mfa_enforced'       => $firstRole->mfa_enforced,
+                'permissions_count' => $firstRole->permissions()->count(),
+                'users_count'    => $firstRole->users()->count(),
+                'created_at'    => $firstRole->created_at->toJSON(),
+                'updated_at'    => $firstRole->updated_at->toJSON(),
+            ],
+        ]]);
+
+        $resp->assertJson(['total' => Role::query()->count()]);
+    }
+
+    public function test_create_endpoint()
+    {
+        $this->actingAsApiAdmin();
+        /** @var Role $role */
+        $role = Role::query()->first();
+
+        $resp = $this->postJson($this->baseEndpoint, [
+            'display_name' => 'My awesome role',
+            'description'  => 'My great role description',
+            'mfa_enforced' => true,
+            'permissions'  => [
+                'content-export',
+                'users-manage',
+                'page-view-own',
+                'page-view-all',
+            ]
+        ]);
+
+        $resp->assertStatus(200);
+        $resp->assertJson([
+            'display_name' => 'My awesome role',
+            'description'  => 'My great role description',
+            'mfa_enforced' => true,
+            'permissions'  => [
+                'content-export',
+                'users-manage',
+                'page-view-own',
+                'page-view-all',
+            ]
+        ]);
+
+        $this->assertDatabaseHas('roles', [
+            'display_name' => 'My awesome role',
+            'description'  => 'My great role description',
+            'mfa_enforced' => true,
+        ]);
+
+        /** @var Role $role */
+        $role = Role::query()->where('display_name', '=', 'My awesome role')->first();
+        $this->assertActivityExists(ActivityType::ROLE_CREATE, null, $role->logDescriptor());
+        $this->assertEquals(4, $role->permissions()->count());
+    }
+
+    public function test_create_name_and_description_validation()
+    {
+        $this->actingAsApiAdmin();
+        /** @var User $existingUser */
+        $existingUser = User::query()->first();
+
+        $resp = $this->postJson($this->baseEndpoint, [
+            'description' => 'My new role',
+        ]);
+        $resp->assertStatus(422);
+        $resp->assertJson($this->validationResponse(['display_name' => ['The display_name field is required.']]));
+
+        $resp = $this->postJson($this->baseEndpoint, [
+            'name' => 'My great role with a too long desc',
+            'description' => str_repeat('My great desc', 20),
+        ]);
+        $resp->assertStatus(422);
+        $resp->assertJson($this->validationResponse(['description' => ['The description may not be greater than 180 characters.']]));
+    }
+
+    public function test_read_endpoint()
+    {
+        $this->actingAsApiAdmin();
+        $role = $this->users->editor()->roles()->first();
+        $resp = $this->getJson($this->baseEndpoint . "/{$role->id}");
+
+        $resp->assertStatus(200);
+        $resp->assertJson([
+            'display_name' => $role->display_name,
+            'description'  => $role->description,
+            'mfa_enforced' => $role->mfa_enforced,
+            'permissions'  => $role->permissions()->pluck('name')->toArray(),
+            'users' => $role->users()->get()->map(function (User $user) {
+                return [
+                    'id' => $user->id,
+                    'name' => $user->name,
+                    'slug' => $user->slug,
+                ];
+            })->toArray(),
+        ]);
+    }
+
+    public function test_update_endpoint()
+    {
+        $this->actingAsApiAdmin();
+        $role = $this->users->editor()->roles()->first();
+        $resp = $this->putJson($this->baseEndpoint . "/{$role->id}", [
+            'display_name' => 'My updated role',
+            'description'  => 'My great role description',
+            'mfa_enforced' => true,
+            'permissions'  => [
+                'content-export',
+                'users-manage',
+                'page-view-own',
+                'page-view-all',
+            ]
+        ]);
+
+        $resp->assertStatus(200);
+        $resp->assertJson([
+            'id'           => $role->id,
+            'display_name' => 'My updated role',
+            'description'  => 'My great role description',
+            'mfa_enforced' => true,
+            'permissions'  => [
+                'content-export',
+                'users-manage',
+                'page-view-own',
+                'page-view-all',
+            ]
+        ]);
+
+        $role->refresh();
+        $this->assertEquals(4, $role->permissions()->count());
+    }
+
+    public function test_update_endpoint_does_not_remove_info_if_not_provided()
+    {
+        $this->actingAsApiAdmin();
+        $role = $this->users->editor()->roles()->first();
+        $resp = $this->putJson($this->baseEndpoint . "/{$role->id}", []);
+        $permissionCount = $role->permissions()->count();
+
+        $resp->assertStatus(200);
+        $this->assertDatabaseHas('users', [
+            'id'           => $role->id,
+            'display_name' => $role->display_name,
+            'description'  => $role->description,
+        ]);
+
+        $role->refresh();
+        $this->assertEquals($permissionCount, $role->permissions()->count());
+    }
+
+    public function test_delete_endpoint()
+    {
+        $this->actingAsApiAdmin();
+        $role = $this->users->editor()->roles()->first();
+
+        $resp = $this->deleteJson($this->baseEndpoint . "/{$role->id}");
+
+        $resp->assertStatus(204);
+        $this->assertActivityExists(ActivityType::ROLE_DELETE, null, $role->logDescriptor());
+    }
+
+    public function test_delete_endpoint_fails_deleting_system_role()
+    {
+        $this->actingAsApiAdmin();
+        $adminRole = Role::getSystemRole('admin');
+
+        $resp = $this->deleteJson($this->baseEndpoint . "/{$adminRole->id}");
+
+        $resp->assertStatus(500);
+        $resp->assertJson($this->errorResponse('This role is a system role and cannot be deleted', 500));
+    }
+
+    public function test_delete_endpoint_fails_deleting_default_registration_role()
+    {
+        $this->actingAsApiAdmin();
+        $role = $this->users->attachNewRole($this->users->editor());
+        $this->setSettings(['registration-role' => $role->id]);
+
+        $resp = $this->deleteJson($this->baseEndpoint . "/{$role->id}");
+
+        $resp->assertStatus(500);
+        $resp->assertJson($this->errorResponse('This role cannot be deleted while set as the default registration role', 500));
+    }
+}

diff --git a/tests/Api/UsersApiTest.php b/tests/Api/UsersApiTest.php
index c89f9e6e30b83e26154f99174c59d86519393daa..fadd2610c9b99581663276181541a319fe71c8d8 100644 (file)
--- a/tests/Api/UsersApiTest.php
+++ b/tests/Api/UsersApiTest.php
@@ -15,9 +15,9 @@ class UsersApiTest extends TestCase
 {
     use TestsApi;
 
-    protected $baseEndpoint = '/api/users';
+    protected string $baseEndpoint = '/api/users';
 
-    protected $endpointMap = [
+    protected array $endpointMap = [
         ['get', '/api/users'],
         ['post', '/api/users'],
         ['get', '/api/users/1'],
@@ -47,7 +47,7 @@ class UsersApiTest extends TestCase
         }
     }
 
-    public function test_index_endpoint_returns_expected_shelf()
+    public function test_index_endpoint_returns_expected_user()
     {
         $this->actingAsApiAdmin();
         /** @var User $firstUser */