From: Dan Brown Date: Tue, 1 Aug 2017 18:24:33 +0000 (+0100) Subject: Merge branch 'master' of git://github.com/Abijeet/BookStack into Abijeet-master X-Git-Tag: v0.18.0~1^2~45^2 X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/e9831a75073dca2358cc94d9cbf1c61c46110ace Merge branch 'master' of git://github.com/Abijeet/BookStack into Abijeet-master --- e9831a75073dca2358cc94d9cbf1c61c46110ace diff --cc resources/lang/fr/entities.php index 17b4ea913,c618bab08..0d89993e9 --- a/resources/lang/fr/entities.php +++ b/resources/lang/fr/entities.php @@@ -210,7 -210,29 +210,29 @@@ return */ 'profile_user_for_x' => 'Utilisateur depuis :time', 'profile_created_content' => 'Contenu créé', - 'profile_not_created_pages' => ':userName n\'a pas créé de pages', - 'profile_not_created_chapters' => ':userName n\'a pas créé de chapitres', - 'profile_not_created_books' => ':userName n\'a pas créé de livres', + 'profile_not_created_pages' => ':userName n\'a pas créé de page', + 'profile_not_created_chapters' => ':userName n\'a pas créé de chapitre', + 'profile_not_created_books' => ':userName n\'a pas créé de livre', + + /** + * Comments + */ + 'comment' => 'Commentaire', + 'comments' => 'Commentaires', + 'comment_placeholder' => 'Entrez vos commentaires ici, merci supporté ...', + 'no_comments' => 'No Comments', + 'x_comments' => ':numComments Commentaires', + 'one_comment' => '1 Commentaire', + 'comments_loading' => 'Loading ...', + 'comment_save' => 'Enregistrer le commentaire', + 'comment_reply' => 'Répondre', + 'comment_edit' => 'Modifier', + 'comment_delete' => 'Supprimer', + 'comment_cancel' => 'Annuler', + 'comment_created' => 'Commentaire ajouté', + 'comment_updated' => 'Commentaire mis à jour', + 'comment_deleted' => 'Commentaire supprimé', + 'comment_updated_text' => 'Mis à jour il y a :updateDiff par', + 'comment_delete_confirm' => 'Cela supprime le contenu du commentaire. Êtes-vous sûr de vouloir supprimer ce commentaire?', + 'comment_create' => 'Créé' ]; diff --cc tests/Permissions/RolesTest.php index eda5d092a,0e9f691e0..f131ed885 --- a/tests/Permissions/RolesTest.php +++ b/tests/Permissions/RolesTest.php @@@ -621,40 -620,112 +621,148 @@@ class RolesTest extends BrowserKitTes ->dontSeeInDatabase('images', ['id' => $image->id]); } + public function test_role_permission_removal() + { + // To cover issue fixed in f99c8ff99aee9beb8c692f36d4b84dc6e651e50a. + $page = Page::first(); + $viewerRole = \BookStack\Role::getRole('viewer'); + $viewer = $this->getViewer(); + $this->actingAs($viewer)->visit($page->getUrl())->assertResponseOk(); + + $this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [ + 'display_name' => $viewerRole->display_name, + 'description' => $viewerRole->description, + 'permission' => [] + ])->assertResponseStatus(302); + + $this->expectException(HttpException::class); + $this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(404); + } + + public function test_empty_state_actions_not_visible_without_permission() + { + $admin = $this->getAdmin(); + // Book links + $book = factory(\BookStack\Book::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id]); + $this->updateEntityPermissions($book); + $this->actingAs($this->getViewer())->visit($book->getUrl()) + ->dontSee('Create a new page') + ->dontSee('Add a chapter'); + + // Chapter links + $chapter = factory(\BookStack\Chapter::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id, 'book_id' => $book->id]); + $this->updateEntityPermissions($chapter); + $this->actingAs($this->getViewer())->visit($chapter->getUrl()) + ->dontSee('Create a new page') + ->dontSee('Sort the current book'); + } + + public function test_comment_create_permission () { + $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; + + $this->actingAs($this->user)->addComment($ownPage); + + $this->assertResponseStatus(403); + + $this->giveUserPermissions($this->user, ['comment-create-all']); + + $this->actingAs($this->user)->addComment($ownPage); + $this->assertResponseOk(200)->seeJsonContains(['status' => 'success']); + } + + + public function test_comment_update_own_permission () { + $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; + $this->giveUserPermissions($this->user, ['comment-create-all']); + $comment = $this->actingAs($this->user)->addComment($ownPage); + + // no comment-update-own + $this->actingAs($this->user)->updateComment($ownPage, $comment['id']); + $this->assertResponseStatus(403); + + $this->giveUserPermissions($this->user, ['comment-update-own']); + + // now has comment-update-own + $this->actingAs($this->user)->updateComment($ownPage, $comment['id']); + $this->assertResponseOk()->seeJsonContains(['status' => 'success']); + } + + public function test_comment_update_all_permission () { + $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; + $comment = $this->asAdmin()->addComment($ownPage); + + // no comment-update-all + $this->actingAs($this->user)->updateComment($ownPage, $comment['id']); + $this->assertResponseStatus(403); + + $this->giveUserPermissions($this->user, ['comment-update-all']); + + // now has comment-update-all + $this->actingAs($this->user)->updateComment($ownPage, $comment['id']); + $this->assertResponseOk()->seeJsonContains(['status' => 'success']); + } + + public function test_comment_delete_own_permission () { + $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; + $this->giveUserPermissions($this->user, ['comment-create-all']); + $comment = $this->actingAs($this->user)->addComment($ownPage); + + // no comment-delete-own + $this->actingAs($this->user)->deleteComment($comment['id']); + $this->assertResponseStatus(403); + + $this->giveUserPermissions($this->user, ['comment-delete-own']); + + // now has comment-update-own + $this->actingAs($this->user)->deleteComment($comment['id']); + $this->assertResponseOk()->seeJsonContains(['status' => 'success']); + } + + public function test_comment_delete_all_permission () { + $ownPage = $this->createEntityChainBelongingToUser($this->user)['page']; + $comment = $this->asAdmin()->addComment($ownPage); + + // no comment-delete-all + $this->actingAs($this->user)->deleteComment($comment['id']); + $this->assertResponseStatus(403); + + $this->giveUserPermissions($this->user, ['comment-delete-all']); + + // now has comment-delete-all + $this->actingAs($this->user)->deleteComment($comment['id']); + $this->assertResponseOk()->seeJsonContains(['status' => 'success']); + } + + private function addComment($page) { + $comment = factory(\BookStack\Comment::class)->make(); + $url = "/ajax/page/$page->id/comment/"; + $request = [ + 'text' => $comment->text, + 'html' => $comment->html + ]; + + $this->json('POST', $url, $request); + $resp = $this->decodeResponseJson(); + if (isset($resp['comment'])) { + return $resp['comment']; + } + return null; + } + + private function updateComment($page, $commentId) { + $comment = factory(\BookStack\Comment::class)->make(); + $url = "/ajax/page/$page->id/comment/$commentId"; + $request = [ + 'text' => $comment->text, + 'html' => $comment->html + ]; + + return $this->json('PUT', $url, $request); + } + + private function deleteComment($commentId) { + $url = '/ajax/comment/' . $commentId; + return $this->json('DELETE', $url); + } + }