Added and addressed multi-role/own-role-perm/inheretance scenario

Found during manual testing.
Have checked against relation queries manually too.

diff --git a/app/Auth/Permissions/PermissionApplicator.php b/app/Auth/Permissions/PermissionApplicator.php
index 437ddb0fba33ff3274aec763bbcf00ae3fc36d4b..20cc87e48a65177d3d1eea9b48dc2eff60fd20f5 100644 (file)
--- a/app/Auth/Permissions/PermissionApplicator.php
+++ b/app/Auth/Permissions/PermissionApplicator.php
@@ -99,7 +99,7 @@ class PermissionApplicator
                     ->selectRaw('max(status) as status')
                     ->whereIn('role_id', $this->getCurrentUserRoleIds())
                     ->groupBy(['entity_type', 'entity_id'])
-                    ->havingRaw('(status IN (1, 3) or owner_id = ?)', [$this->currentUser()->id]);
+                    ->havingRaw('(status IN (1, 3) or (owner_id = ? and status != 2))', [$this->currentUser()->id]);
             });
         });
     }

diff --git a/dev/docs/permission-scenario-testing.md b/dev/docs/permission-scenario-testing.md
index 7a9cc1126685369f3f75c0aa924b68dd86ca4c7f..0a910d2033666db9c8324d8c287e436dbb03f1a0 100644 (file)
--- a/dev/docs/permission-scenario-testing.md
+++ b/dev/docs/permission-scenario-testing.md
@@ -229,6 +229,16 @@ User denied page permission.
 
 User denied page permission.
 
+#### test_71_multi_role_inheriting_deny_on_own
+
+- Page permissions have inherit enabled.
+- Role A has own page role permission.
+- Role B has entity denied page permission.
+- User has Role A and B.
+- Use owns Page.
+
+User denied page permission.
+
 #### test_75_multi_role_inherited_deny_via_parent
 
 - Page permissions have inherit enabled.
@@ -239,6 +249,16 @@ User denied page permission.
 
 User denied page permission.
 
+#### test_76_multi_role_inherited_deny_via_parent_on_own
+
+- Page permissions have inherit enabled.
+- Chapter permissions have inherit enabled.
+- Role A has own page role permission.
+- Role B has entity denied chapter permission.
+- User has Role A & B.
+
+User denied page permission.
+
 #### test_80_fallback_override_allow
 
 - Page permissions have inherit disabled.

diff --git a/tests/Permissions/Scenarios/EntityRolePermissionsTest.php b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php
index bd5b31fdc35113bf1f8bc0feaf7c54e3c6971c84..55761e08c580976d49a3a09daeaa23ce06c7f891 100644 (file)
--- a/tests/Permissions/Scenarios/EntityRolePermissionsTest.php
+++ b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php
@@ -187,6 +187,19 @@ class EntityRolePermissionsTest extends PermissionScenarioTestCase
         $this->assertNotVisibleToUser($page, $user);
     }
 
+    public function test_71_multi_role_inheriting_deny_on_own()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
+        $roleB = $this->users->attachNewRole($user);
+        $page = $this->entities->page();
+        $this->permissions->changeEntityOwner($page, $user);
+
+        $this->permissions->addEntityPermission($page, [], $roleB);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
+
     public function test_75_multi_role_inherited_deny_via_parent()
     {
         [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
@@ -199,6 +212,19 @@ class EntityRolePermissionsTest extends PermissionScenarioTestCase
         $this->assertNotVisibleToUser($page, $user);
     }
 
+    public function test_76_multi_role_inherited_deny_via_parent_on_own()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
+        $roleB = $this->users->attachNewRole($user);
+        $page = $this->entities->pageWithinChapter();
+        $chapter = $page->chapter;
+        $this->permissions->changeEntityOwner($page, $user);
+
+        $this->permissions->addEntityPermission($chapter, [], $roleB);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
     public function test_80_fallback_override_allow()
     {
         [$user, $roleA] = $this->users->newUserWithRole();