class PermissionsRepo
{
protected JointPermissionBuilder $permissionBuilder;
- protected $systemRoles = ['admin', 'public'];
+ protected array $systemRoles = ['admin', 'public'];
- /**
- * PermissionsRepo constructor.
- */
public function __construct(JointPermissionBuilder $permissionBuilder)
{
$this->permissionBuilder = $permissionBuilder;
/**
* Get a role via its ID.
*/
- public function getRoleById($id): Role
+ public function getRoleById(int $id): Role
{
return Role::query()->findOrFail($id);
}
public function saveNewRole(array $roleData): Role
{
$role = new Role($roleData);
- $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';
+ $role->mfa_enforced = boolval($roleData['mfa_enforced'] ?? false);
$role->save();
- $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
+ $permissions = $roleData['permissions'] ?? [];
$this->assignRolePermissions($role, $permissions);
$this->permissionBuilder->rebuildForRole($role);
/**
* Updates an existing role.
- * Ensure Admin role always have core permissions.
+ * Ensures Admin system role always have core permissions.
*/
- public function updateRole($roleId, array $roleData)
+ public function updateRole($roleId, array $roleData): Role
{
$role = $this->getRoleById($roleId);
- $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
- if ($role->system_name === 'admin') {
- $permissions = array_merge($permissions, [
- 'users-manage',
- 'user-roles-manage',
- 'restrictions-manage-all',
- 'restrictions-manage-own',
- 'settings-manage',
- ]);
+ if (isset($roleData['permissions'])) {
+ $this->assignRolePermissions($role, $roleData['permissions']);
}
- $this->assignRolePermissions($role, $permissions);
-
$role->fill($roleData);
- $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';
$role->save();
$this->permissionBuilder->rebuildForRole($role);
Activity::add(ActivityType::ROLE_UPDATE, $role);
+
+ return $role;
}
/**
- * Assign a list of permission names to a role.
+ * Assign a list of permission names to the given role.
*/
- protected function assignRolePermissions(Role $role, array $permissionNameArray = [])
+ protected function assignRolePermissions(Role $role, array $permissionNameArray = []): void
{
$permissions = [];
$permissionNameArray = array_values($permissionNameArray);
- if ($permissionNameArray) {
+ // Ensure the admin system role retains vital system permissions
+ if ($role->system_name === 'admin') {
+ $permissionNameArray = array_unique(array_merge($permissionNameArray, [
+ 'users-manage',
+ 'user-roles-manage',
+ 'restrictions-manage-all',
+ 'restrictions-manage-own',
+ 'settings-manage',
+ ]));
+ }
+
+ if (!empty($permissionNameArray)) {
$permissions = RolePermission::query()
->whereIn('name', $permissionNameArray)
->pluck('id')
/**
* Delete a role from the system.
* Check it's not an admin role or set as default before deleting.
- * If an migration Role ID is specified the users assign to the current role
+ * If a migration Role ID is specified the users assign to the current role
* will be added to the role of the specified id.
*
* @throws PermissionsException
* @throws Exception
*/
- public function deleteRole($roleId, $migrateRoleId)
+ public function deleteRole(int $roleId, int $migrateRoleId = 0): void
{
$role = $this->getRoleById($roleId);
throw new PermissionsException(trans('errors.role_registration_default_cannot_delete'));
}
- if ($migrateRoleId) {
+ if ($migrateRoleId !== 0) {
$newRole = Role::query()->find($migrateRoleId);
if ($newRole) {
$users = $role->users()->pluck('id')->toArray();
/**
* @property int $id
+ * @property string $name
+ * @property string $display_name
*/
class RolePermission extends Model
{
{
use HasFactory;
- protected $fillable = ['display_name', 'description', 'external_auth_id'];
+ protected $fillable = ['display_name', 'description', 'external_auth_id', 'mfa_enforced'];
protected $hidden = ['pivot'];
+ protected $casts = [
+ 'mfa_enforced' => 'boolean',
+ ];
+
/**
* The roles that belong to the role.
*/
*/
protected $hidden = [
'password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email',
- 'created_at', 'updated_at', 'image_id', 'roles', 'avatar', 'user_id',
+ 'created_at', 'updated_at', 'image_id', 'roles', 'avatar', 'user_id', 'pivot',
];
/**
*/
public function getValidationRules(): array
{
- if (method_exists($this, 'rules')) {
- return $this->rules();
- }
+ return $this->rules();
+ }
+ /**
+ * Get the validation rules for the actions in this controller.
+ * Defaults to a $rules property but can be a rules() method.
+ */
+ protected function rules(): array
+ {
return $this->rules;
}
}
--- /dev/null
+<?php
+
+namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Auth\Permissions\PermissionsRepo;
+use BookStack\Auth\Role;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+
+class RoleApiController extends ApiController
+{
+ protected PermissionsRepo $permissionsRepo;
+
+ protected array $fieldsToExpose = [
+ 'display_name', 'description', 'mfa_enforced', 'external_auth_id', 'created_at', 'updated_at',
+ ];
+
+ protected $rules = [
+ 'create' => [
+ 'display_name' => ['required', 'string', 'min:3', 'max:180'],
+ 'description' => ['string', 'max:180'],
+ 'mfa_enforced' => ['boolean'],
+ 'external_auth_id' => ['string'],
+ 'permissions' => ['array'],
+ 'permissions.*' => ['string'],
+ ],
+ 'update' => [
+ 'display_name' => ['string', 'min:3', 'max:180'],
+ 'description' => ['string', 'max:180'],
+ 'mfa_enforced' => ['boolean'],
+ 'external_auth_id' => ['string'],
+ 'permissions' => ['array'],
+ 'permissions.*' => ['string'],
+ ]
+ ];
+
+ public function __construct(PermissionsRepo $permissionsRepo)
+ {
+ $this->permissionsRepo = $permissionsRepo;
+
+ // Checks for all endpoints in this controller
+ $this->middleware(function ($request, $next) {
+ $this->checkPermission('user-roles-manage');
+
+ return $next($request);
+ });
+ }
+
+ /**
+ * Get a listing of roles in the system.
+ * Requires permission to manage roles.
+ */
+ public function list()
+ {
+ $roles = Role::query()->select(['*'])
+ ->withCount(['users', 'permissions']);
+
+ return $this->apiListingResponse($roles, [
+ ...$this->fieldsToExpose,
+ 'permissions_count',
+ 'users_count',
+ ]);
+ }
+
+ /**
+ * Create a new role in the system.
+ * Permissions should be provided as an array of permission name strings.
+ * Requires permission to manage roles.
+ */
+ public function create(Request $request)
+ {
+ $data = $this->validate($request, $this->rules()['create']);
+
+ $role = null;
+ DB::transaction(function () use ($data, &$role) {
+ $role = $this->permissionsRepo->saveNewRole($data);
+ });
+
+ $this->singleFormatter($role);
+
+ return response()->json($role);
+ }
+
+ /**
+ * View the details of a single role.
+ * Provides the permissions and a high-level list of the users assigned.
+ * Requires permission to manage roles.
+ */
+ public function read(string $id)
+ {
+ $user = $this->permissionsRepo->getRoleById($id);
+ $this->singleFormatter($user);
+
+ return response()->json($user);
+ }
+
+ /**
+ * Update an existing role in the system.
+ * Permissions should be provided as an array of permission name strings.
+ * An empty "permissions" array would clear granted permissions.
+ * In many cases, where permissions are changed, you'll want to fetch the existing
+ * permissions and then modify before providing in your update request.
+ * Requires permission to manage roles.
+ */
+ public function update(Request $request, string $id)
+ {
+ $data = $this->validate($request, $this->rules()['update']);
+ $role = $this->permissionsRepo->updateRole($id, $data);
+
+ $this->singleFormatter($role);
+
+ return response()->json($role);
+ }
+
+ /**
+ * Delete a role from the system.
+ * Requires permission to manage roles.
+ */
+ public function delete(string $id)
+ {
+ $this->permissionsRepo->deleteRole(intval($id));
+
+ return response('', 204);
+ }
+
+ /**
+ * Format the given role model for single-result display.
+ */
+ protected function singleFormatter(Role $role)
+ {
+ $role->load('users:id,name,slug');
+ $role->unsetRelation('permissions');
+ $role->setAttribute('permissions', $role->permissions()->orderBy('name', 'asc')->pluck('name'));
+ $role->makeVisible(['users', 'permissions']);
+ }
+}
class UserApiController extends ApiController
{
- protected $userRepo;
+ protected UserRepo $userRepo;
- protected $fieldsToExpose = [
+ protected array $fieldsToExpose = [
'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id',
];
public function store(Request $request)
{
$this->checkPermission('user-roles-manage');
- $this->validate($request, [
+ $data = $this->validate($request, [
'display_name' => ['required', 'min:3', 'max:180'],
'description' => ['max:180'],
+ 'external_auth_id' => ['string'],
+ 'permissions' => ['array'],
+ 'mfa_enforced' => ['string'],
]);
- $this->permissionsRepo->saveNewRole($request->all());
- $this->showSuccessNotification(trans('settings.role_create_success'));
+ $data['permissions'] = array_keys($data['permissions'] ?? []);
+ $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
+ $this->permissionsRepo->saveNewRole($data);
return redirect('/settings/roles');
}
/**
* Updates a user role.
- *
- * @throws ValidationException
*/
public function update(Request $request, string $id)
{
$this->checkPermission('user-roles-manage');
- $this->validate($request, [
+ $data = $this->validate($request, [
'display_name' => ['required', 'min:3', 'max:180'],
'description' => ['max:180'],
+ 'external_auth_id' => ['string'],
+ 'permissions' => ['array'],
+ 'mfa_enforced' => ['string'],
]);
- $this->permissionsRepo->updateRole($id, $request->all());
- $this->showSuccessNotification(trans('settings.role_update_success'));
+ $data['permissions'] = array_keys($data['permissions'] ?? []);
+ $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
+ $this->permissionsRepo->updateRole($id, $data);
return redirect('/settings/roles');
}
$this->checkPermission('user-roles-manage');
try {
- $this->permissionsRepo->deleteRole($id, $request->get('migrate_role_id'));
+ $this->permissionsRepo->deleteRole($id, $request->get('migrate_role_id', 0));
} catch (PermissionsException $e) {
$this->showErrorNotification($e->getMessage());
return redirect()->back();
}
- $this->showSuccessNotification(trans('settings.role_delete_success'));
-
return redirect('/settings/roles');
}
}
--- /dev/null
+{
+ "display_name": "Book Maintainer",
+ "description": "People who maintain books",
+ "mfa_enforced": true,
+ "permissions": [
+ "book-view-all",
+ "book-update-all",
+ "book-delete-all",
+ "restrictions-manage-all"
+ ]
+}
\ No newline at end of file
--- /dev/null
+{
+ "display_name": "Book & Shelf Maintainers",
+ "description": "All those who maintain books & shelves",
+ "mfa_enforced": false,
+ "permissions": [
+ "book-view-all",
+ "book-update-all",
+ "book-delete-all",
+ "bookshelf-view-all",
+ "bookshelf-update-all",
+ "bookshelf-delete-all",
+ "restrictions-manage-all"
+ ]
+}
\ No newline at end of file
--- /dev/null
+{
+ "display_name": "Book Maintainer",
+ "description": "People who maintain books",
+ "mfa_enforced": true,
+ "updated_at": "2023-02-19T15:38:40.000000Z",
+ "created_at": "2023-02-19T15:38:40.000000Z",
+ "id": 26,
+ "permissions": [
+ "book-delete-all",
+ "book-update-all",
+ "book-view-all",
+ "restrictions-manage-all"
+ ],
+ "users": []
+}
\ No newline at end of file
--- /dev/null
+{
+ "data": [
+ {
+ "id": 1,
+ "display_name": "Admin",
+ "description": "Administrator of the whole application",
+ "created_at": "2021-09-29T16:29:19.000000Z",
+ "updated_at": "2022-11-03T13:26:18.000000Z",
+ "system_name": "admin",
+ "external_auth_id": "wizards",
+ "mfa_enforced": true,
+ "users_count": 11,
+ "permissions_count": 54
+ },
+ {
+ "id": 2,
+ "display_name": "Editor",
+ "description": "User can edit Books, Chapters & Pages",
+ "created_at": "2021-09-29T16:29:19.000000Z",
+ "updated_at": "2022-12-01T02:32:57.000000Z",
+ "system_name": "",
+ "external_auth_id": "",
+ "mfa_enforced": false,
+ "users_count": 17,
+ "permissions_count": 49
+ },
+ {
+ "id": 3,
+ "display_name": "Public",
+ "description": "The role given to public visitors if allowed",
+ "created_at": "2021-09-29T16:29:19.000000Z",
+ "updated_at": "2022-09-02T12:32:12.000000Z",
+ "system_name": "public",
+ "external_auth_id": "",
+ "mfa_enforced": false,
+ "users_count": 1,
+ "permissions_count": 2
+ }
+ ],
+ "total": 3
+}
\ No newline at end of file
--- /dev/null
+{
+ "id": 26,
+ "display_name": "Book Maintainer",
+ "description": "People who maintain books",
+ "created_at": "2023-02-19T15:38:40.000000Z",
+ "updated_at": "2023-02-19T15:38:40.000000Z",
+ "system_name": "",
+ "external_auth_id": "",
+ "mfa_enforced": true,
+ "permissions": [
+ "book-delete-all",
+ "book-update-all",
+ "book-view-all",
+ "restrictions-manage-all"
+ ],
+ "users": [
+ {
+ "id": 11,
+ "name": "Barry Scott",
+ "slug": "barry-scott"
+ }
+ ]
+}
\ No newline at end of file
--- /dev/null
+{
+ "id": 26,
+ "display_name": "Book & Shelf Maintainers",
+ "description": "All those who maintain books & shelves",
+ "created_at": "2023-02-19T15:38:40.000000Z",
+ "updated_at": "2023-02-19T15:49:13.000000Z",
+ "system_name": "",
+ "external_auth_id": "",
+ "mfa_enforced": false,
+ "permissions": [
+ "book-delete-all",
+ "book-update-all",
+ "book-view-all",
+ "bookshelf-delete-all",
+ "bookshelf-update-all",
+ "bookshelf-view-all",
+ "restrictions-manage-all"
+ ],
+ "users": [
+ {
+ "id": 11,
+ "name": "Barry Scott",
+ "slug": "barry-scott"
+ }
+ ]
+}
\ No newline at end of file
'user_update_notification' => 'User successfully updated',
'user_delete_notification' => 'User successfully removed',
+ // Roles
+ 'role_create_notification' => 'Role successfully created',
+ 'role_update_notification' => 'Role successfully updated',
+ 'role_delete_notification' => 'Role successfully deleted',
+
// Other
'commented_on' => 'commented on',
'permissions_update' => 'updated permissions',
'roles_assigned_users' => 'Assigned Users',
'roles_permissions_provided' => 'Provided Permissions',
'role_create' => 'Create New Role',
- 'role_create_success' => 'Role successfully created',
'role_delete' => 'Delete Role',
'role_delete_confirm' => 'This will delete the role with the name \':roleName\'.',
'role_delete_users_assigned' => 'This role has :userCount users assigned to it. If you would like to migrate the users from this role select a new role below.',
'role_delete_no_migration' => "Don't migrate users",
'role_delete_sure' => 'Are you sure you want to delete this role?',
- 'role_delete_success' => 'Role successfully deleted',
'role_edit' => 'Edit Role',
'role_details' => 'Role Details',
'role_name' => 'Role Name',
'role_own' => 'Own',
'role_controlled_by_asset' => 'Controlled by the asset they are uploaded to',
'role_save' => 'Save Role',
- 'role_update_success' => 'Role successfully updated',
'role_users' => 'Users in this role',
'role_users_none' => 'No users are currently assigned to this role',
use BookStack\Http\Controllers\Api\PageApiController;
use BookStack\Http\Controllers\Api\PageExportApiController;
use BookStack\Http\Controllers\Api\RecycleBinApiController;
+use BookStack\Http\Controllers\Api\RoleApiController;
use BookStack\Http\Controllers\Api\SearchApiController;
use BookStack\Http\Controllers\Api\UserApiController;
use Illuminate\Support\Facades\Route;
Route::get('pages/{id}/export/html', [PageExportApiController::class, 'exportHtml']);
Route::get('pages/{id}/export/pdf', [PageExportApiController::class, 'exportPdf']);
Route::get('pages/{id}/export/plaintext', [PageExportApiController::class, 'exportPlainText']);
-Route::get('pages/{id}/export/markdown', [PageExportApiController::class, 'exportMarkDown']);
+Route::get('pages/{id}/export/markdown', [PageExportApiController::class, 'exportMarkdown']);
Route::get('search', [SearchApiController::class, 'all']);
Route::put('users/{id}', [UserApiController::class, 'update']);
Route::delete('users/{id}', [UserApiController::class, 'delete']);
+Route::get('roles', [RoleApiController::class, 'list']);
+Route::post('roles', [RoleApiController::class, 'create']);
+Route::get('roles/{id}', [RoleApiController::class, 'read']);
+Route::put('roles/{id}', [RoleApiController::class, 'update']);
+Route::delete('roles/{id}', [RoleApiController::class, 'delete']);
+
Route::get('recycle-bin', [RecycleBinApiController::class, 'list']);
Route::put('recycle-bin/{deletionId}', [RecycleBinApiController::class, 'restore']);
Route::delete('recycle-bin/{deletionId}', [RecycleBinApiController::class, 'destroy']);
--- /dev/null
+<?php
+
+namespace Tests\Api;
+
+use BookStack\Actions\ActivityType;
+use BookStack\Auth\Role;
+use BookStack\Auth\User;
+use Tests\TestCase;
+
+class RolesApiTest extends TestCase
+{
+ use TestsApi;
+
+ protected string $baseEndpoint = '/api/roles';
+
+ protected array $endpointMap = [
+ ['get', '/api/roles'],
+ ['post', '/api/roles'],
+ ['get', '/api/roles/1'],
+ ['put', '/api/roles/1'],
+ ['delete', '/api/roles/1'],
+ ];
+
+ public function test_user_roles_manage_permission_needed_for_all_endpoints()
+ {
+ $this->actingAsApiEditor();
+ foreach ($this->endpointMap as [$method, $uri]) {
+ $resp = $this->json($method, $uri);
+ $resp->assertStatus(403);
+ $resp->assertJson($this->permissionErrorResponse());
+ }
+ }
+
+ public function test_index_endpoint_returns_expected_role_and_count()
+ {
+ $this->actingAsApiAdmin();
+ /** @var Role $firstRole */
+ $firstRole = Role::query()->orderBy('id', 'asc')->first();
+
+ $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
+ $resp->assertJson(['data' => [
+ [
+ 'id' => $firstRole->id,
+ 'display_name' => $firstRole->display_name,
+ 'description' => $firstRole->description,
+ 'mfa_enforced' => $firstRole->mfa_enforced,
+ 'external_auth_id' => $firstRole->external_auth_id,
+ 'permissions_count' => $firstRole->permissions()->count(),
+ 'users_count' => $firstRole->users()->count(),
+ 'created_at' => $firstRole->created_at->toJSON(),
+ 'updated_at' => $firstRole->updated_at->toJSON(),
+ ],
+ ]]);
+
+ $resp->assertJson(['total' => Role::query()->count()]);
+ }
+
+ public function test_create_endpoint()
+ {
+ $this->actingAsApiAdmin();
+ /** @var Role $role */
+ $role = Role::query()->first();
+
+ $resp = $this->postJson($this->baseEndpoint, [
+ 'display_name' => 'My awesome role',
+ 'description' => 'My great role description',
+ 'mfa_enforced' => true,
+ 'external_auth_id' => 'auth_id',
+ 'permissions' => [
+ 'content-export',
+ 'page-view-all',
+ 'page-view-own',
+ 'users-manage',
+ ]
+ ]);
+
+ $resp->assertStatus(200);
+ $resp->assertJson([
+ 'display_name' => 'My awesome role',
+ 'description' => 'My great role description',
+ 'mfa_enforced' => true,
+ 'external_auth_id' => 'auth_id',
+ 'permissions' => [
+ 'content-export',
+ 'page-view-all',
+ 'page-view-own',
+ 'users-manage',
+ ]
+ ]);
+
+ $this->assertDatabaseHas('roles', [
+ 'display_name' => 'My awesome role',
+ 'description' => 'My great role description',
+ 'mfa_enforced' => true,
+ 'external_auth_id' => 'auth_id',
+ ]);
+
+ /** @var Role $role */
+ $role = Role::query()->where('display_name', '=', 'My awesome role')->first();
+ $this->assertActivityExists(ActivityType::ROLE_CREATE, null, $role->logDescriptor());
+ $this->assertEquals(4, $role->permissions()->count());
+ }
+
+ public function test_create_name_and_description_validation()
+ {
+ $this->actingAsApiAdmin();
+ /** @var User $existingUser */
+ $existingUser = User::query()->first();
+
+ $resp = $this->postJson($this->baseEndpoint, [
+ 'description' => 'My new role',
+ ]);
+ $resp->assertStatus(422);
+ $resp->assertJson($this->validationResponse(['display_name' => ['The display name field is required.']]));
+
+ $resp = $this->postJson($this->baseEndpoint, [
+ 'name' => 'My great role with a too long desc',
+ 'description' => str_repeat('My great desc', 20),
+ ]);
+ $resp->assertStatus(422);
+ $resp->assertJson($this->validationResponse(['description' => ['The description may not be greater than 180 characters.']]));
+ }
+
+ public function test_read_endpoint()
+ {
+ $this->actingAsApiAdmin();
+ $role = $this->users->editor()->roles()->first();
+ $resp = $this->getJson($this->baseEndpoint . "/{$role->id}");
+
+ $resp->assertStatus(200);
+ $resp->assertJson([
+ 'display_name' => $role->display_name,
+ 'description' => $role->description,
+ 'mfa_enforced' => $role->mfa_enforced,
+ 'external_auth_id' => $role->external_auth_id,
+ 'permissions' => $role->permissions()->orderBy('name', 'asc')->pluck('name')->toArray(),
+ 'users' => $role->users()->get()->map(function (User $user) {
+ return [
+ 'id' => $user->id,
+ 'name' => $user->name,
+ 'slug' => $user->slug,
+ ];
+ })->toArray(),
+ ]);
+ }
+
+ public function test_update_endpoint()
+ {
+ $this->actingAsApiAdmin();
+ $role = $this->users->editor()->roles()->first();
+ $resp = $this->putJson($this->baseEndpoint . "/{$role->id}", [
+ 'display_name' => 'My updated role',
+ 'description' => 'My great role description',
+ 'mfa_enforced' => true,
+ 'external_auth_id' => 'updated_auth_id',
+ 'permissions' => [
+ 'content-export',
+ 'page-view-all',
+ 'page-view-own',
+ 'users-manage',
+ ]
+ ]);
+
+ $resp->assertStatus(200);
+ $resp->assertJson([
+ 'id' => $role->id,
+ 'display_name' => 'My updated role',
+ 'description' => 'My great role description',
+ 'mfa_enforced' => true,
+ 'external_auth_id' => 'updated_auth_id',
+ 'permissions' => [
+ 'content-export',
+ 'page-view-all',
+ 'page-view-own',
+ 'users-manage',
+ ]
+ ]);
+
+ $role->refresh();
+ $this->assertEquals(4, $role->permissions()->count());
+ $this->assertActivityExists(ActivityType::ROLE_UPDATE);
+ }
+
+ public function test_update_endpoint_does_not_remove_info_if_not_provided()
+ {
+ $this->actingAsApiAdmin();
+ $role = $this->users->editor()->roles()->first();
+ $resp = $this->putJson($this->baseEndpoint . "/{$role->id}", []);
+ $permissionCount = $role->permissions()->count();
+
+ $resp->assertStatus(200);
+ $this->assertDatabaseHas('roles', [
+ 'id' => $role->id,
+ 'display_name' => $role->display_name,
+ 'description' => $role->description,
+ 'external_auth_id' => $role->external_auth_id,
+ ]);
+
+ $role->refresh();
+ $this->assertEquals($permissionCount, $role->permissions()->count());
+ }
+
+ public function test_delete_endpoint()
+ {
+ $this->actingAsApiAdmin();
+ $role = $this->users->editor()->roles()->first();
+
+ $resp = $this->deleteJson($this->baseEndpoint . "/{$role->id}");
+
+ $resp->assertStatus(204);
+ $this->assertActivityExists(ActivityType::ROLE_DELETE, null, $role->logDescriptor());
+ }
+
+ public function test_delete_endpoint_fails_deleting_system_role()
+ {
+ $this->actingAsApiAdmin();
+ $adminRole = Role::getSystemRole('admin');
+
+ $resp = $this->deleteJson($this->baseEndpoint . "/{$adminRole->id}");
+
+ $resp->assertStatus(500);
+ $resp->assertJson($this->errorResponse('This role is a system role and cannot be deleted', 500));
+ }
+
+ public function test_delete_endpoint_fails_deleting_default_registration_role()
+ {
+ $this->actingAsApiAdmin();
+ $role = $this->users->attachNewRole($this->users->editor());
+ $this->setSettings(['registration-role' => $role->id]);
+
+ $resp = $this->deleteJson($this->baseEndpoint . "/{$role->id}");
+
+ $resp->assertStatus(500);
+ $resp->assertJson($this->errorResponse('This role cannot be deleted while set as the default registration role', 500));
+ }
+}
{
use TestsApi;
- protected $baseEndpoint = '/api/users';
+ protected string $baseEndpoint = '/api/users';
- protected $endpointMap = [
+ protected array $endpointMap = [
['get', '/api/users'],
['post', '/api/users'],
['get', '/api/users/1'],
}
}
- public function test_index_endpoint_returns_expected_shelf()
+ public function test_index_endpoint_returns_expected_user()
{
$this->actingAsApiAdmin();
/** @var User $firstUser */
{
$permissionRepo = app(PermissionsRepo::class);
$roleData = Role::factory()->make()->toArray();
- $roleData['permissions'] = array_flip($rolePermissions);
+ $roleData['permissions'] = $rolePermissions;
return $permissionRepo->saveNewRole($roleData);
}
$this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [
'display_name' => $viewerRole->display_name,
'description' => $viewerRole->description,
- 'permission' => [],
+ 'permissions' => [],
])->assertStatus(302);
$this->actingAs($viewer)->get($page->getUrl())->assertStatus(404);
projects / bookstack / commitdiff