colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bookstack/tests/Permissions/RolesTest.php

766 lines
27 KiB
PHP
Raw Normal View History

Namespaced tests to align with new laravel default
2017-02-04 19:58:42 +08:00
<?php namespace Tests;
Finished initial implementation of custom role system
2016-02-28 03:24:42 +08:00
Added test to cover f99c8ff. Closes #409
2017-07-02 22:40:42 +08:00
use BookStack\Page;
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
use BookStack\Repos\PermissionsRepo;
use BookStack\Role;
Added test to cover f99c8ff. Closes #409
2017-07-02 22:40:42 +08:00
use Laravel\BrowserKitTesting\HttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
Upgraded to Laravel 5.4
2017-01-26 03:35:40 +08:00
class RolesTest extends BrowserKitTest
Finished initial implementation of custom role system
2016-02-28 03:24:42 +08:00
{
protected $user;
public function setUp()
{
parent::setUp();
Rolled out new permissions system throughout application
2016-04-24 23:54:20 +08:00
$this->user = $this->getViewer();
}
protected function getViewer()
{
$role = \BookStack\Role::getRole('viewer');
$viewer = $this->getNewBlankUser();
$viewer->attachRole($role);;
return $viewer;
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
}
/**
* Give the given user some permissions.
* @param \BookStack\User $user
* @param array $permissions
*/
protected function giveUserPermissions(\BookStack\User $user, $permissions = [])
{
$newRole = $this->createNewRole($permissions);
$user->attachRole($newRole);
$user->load('roles');
$user->permissions(false);
Finished initial implementation of custom role system
2016-02-28 03:24:42 +08:00
}
Refactored some permission controls and increased testing for roles system
2016-03-03 06:35:01 +08:00
/**
* Create a new basic role for testing purposes.
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
* @param array $permissions
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
* @return Role
Refactored some permission controls and increased testing for roles system
2016-03-03 06:35:01 +08:00
*/
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
protected function createNewRole($permissions = [])
Finished initial implementation of custom role system
2016-02-28 03:24:42 +08:00
{
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$permissionRepo = app(PermissionsRepo::class);
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
$roleData = factory(\BookStack\Role::class)->make()->toArray();
$roleData['permissions'] = array_flip($permissions);
return $permissionRepo->saveNewRole($roleData);
Finished initial implementation of custom role system
2016-02-28 03:24:42 +08:00
}
public function test_admin_can_see_settings()
{
$this->asAdmin()->visit('/settings')->see('Settings');
}
public function test_cannot_delete_admin_role()
{
$adminRole = \BookStack\Role::getRole('admin');
$deletePageUrl = '/settings/roles/delete/' . $adminRole->id;
$this->asAdmin()->visit($deletePageUrl)
->press('Confirm')
->seePageIs($deletePageUrl)
->see('cannot be deleted');
}
public function test_role_cannot_be_deleted_if_default()
{
$newRole = $this->createNewRole();
$this->setSettings(['registration-role' => $newRole->id]);
$deletePageUrl = '/settings/roles/delete/' . $newRole->id;
$this->asAdmin()->visit($deletePageUrl)
->press('Confirm')
->seePageIs($deletePageUrl)
->see('cannot be deleted');
}
Refactored some permission controls and increased testing for roles system
2016-03-03 06:35:01 +08:00
public function test_role_create_update_delete_flow()
{
$testRoleName = 'Test Role';
$testRoleDesc = 'a little test description';
$testRoleUpdateName = 'An Super Updated role';
// Creation
$this->asAdmin()->visit('/settings')
->click('Roles')
->seePageIs('/settings/roles')
Extracted text for remaining views
2016-12-04 22:08:04 +08:00
->click('Create New Role')
Refactored some permission controls and increased testing for roles system
2016-03-03 06:35:01 +08:00
->type('Test Role', 'display_name')
->type('A little test description', 'description')
->press('Save Role')
->seeInDatabase('roles', ['display_name' => $testRoleName, 'name' => 'test-role', 'description' => $testRoleDesc])
->seePageIs('/settings/roles');
// Updating
$this->asAdmin()->visit('/settings/roles')
->see($testRoleDesc)
->click($testRoleName)
->type($testRoleUpdateName, '#display_name')
->press('Save Role')
->seeInDatabase('roles', ['display_name' => $testRoleUpdateName, 'name' => 'test-role', 'description' => $testRoleDesc])
->seePageIs('/settings/roles');
// Deleting
$this->asAdmin()->visit('/settings/roles')
->click($testRoleUpdateName)
->click('Delete Role')
->see($testRoleUpdateName)
->press('Confirm')
->seePageIs('/settings/roles')
->dontSee($testRoleUpdateName);
}
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
public function test_manage_user_permission()
{
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit('/settings/users')
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/');
$this->giveUserPermissions($this->user, ['users-manage']);
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit('/settings/users')
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/settings/users');
}
public function test_user_roles_manage_permission()
{
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit('/settings/roles')
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/')->visit('/settings/roles/1')->seePageIs('/');
$this->giveUserPermissions($this->user, ['user-roles-manage']);
$this->actingAs($this->user)->visit('/settings/roles')
->seePageIs('/settings/roles')->click('Admin')
->see('Edit Role');
}
public function test_settings_manage_permission()
{
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit('/settings')
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/');
$this->giveUserPermissions($this->user, ['settings-manage']);
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit('/settings')
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/settings')->press('Save Settings')->see('Settings Saved');
}
public function test_restrictions_manage_all_permission()
{
$page = \BookStack\Page::take(1)->get()->first();
$this->actingAs($this->user)->visit($page->getUrl())
Updated entity restrictions to allow permissions, Not just restrict Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do. Referenced in issue #89.
2016-03-31 03:15:44 +08:00
->dontSee('Permissions')
->visit($page->getUrl() . '/permissions')
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/');
$this->giveUserPermissions($this->user, ['restrictions-manage-all']);
$this->actingAs($this->user)->visit($page->getUrl())
Updated entity restrictions to allow permissions, Not just restrict Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do. Referenced in issue #89.
2016-03-31 03:15:44 +08:00
->see('Permissions')
->click('Permissions')
->see('Page Permissions')->seePageIs($page->getUrl() . '/permissions');
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
}
public function test_restrictions_manage_own_permission()
{
Rolled out new permissions system throughout application
2016-04-24 23:54:20 +08:00
$otherUsersPage = \BookStack\Page::first();
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
$content = $this->createEntityChainBelongingToUser($this->user);
// Check can't restrict other's content
$this->actingAs($this->user)->visit($otherUsersPage->getUrl())
Updated entity restrictions to allow permissions, Not just restrict Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do. Referenced in issue #89.
2016-03-31 03:15:44 +08:00
->dontSee('Permissions')
->visit($otherUsersPage->getUrl() . '/permissions')
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/');
// Check can't restrict own content
$this->actingAs($this->user)->visit($content['page']->getUrl())
Updated entity restrictions to allow permissions, Not just restrict Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do. Referenced in issue #89.
2016-03-31 03:15:44 +08:00
->dontSee('Permissions')
->visit($content['page']->getUrl() . '/permissions')
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/');
$this->giveUserPermissions($this->user, ['restrictions-manage-own']);
// Check can't restrict other's content
$this->actingAs($this->user)->visit($otherUsersPage->getUrl())
Updated entity restrictions to allow permissions, Not just restrict Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do. Referenced in issue #89.
2016-03-31 03:15:44 +08:00
->dontSee('Permissions')
->visit($otherUsersPage->getUrl() . '/permissions')
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/');
// Check can restrict own content
$this->actingAs($this->user)->visit($content['page']->getUrl())
Updated entity restrictions to allow permissions, Not just restrict Also changed wording from 'Restrictions' to 'Permissions' to keep things more familiar and to better reflect what they do. Referenced in issue #89.
2016-03-31 03:15:44 +08:00
->see('Permissions')
->click('Permissions')
->seePageIs($content['page']->getUrl() . '/permissions');
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
}
/**
* Check a standard entity access permission
* @param string $permission
* @param array $accessUrls Urls that are only accessible after having the permission
* @param array $visibles Check this text, In the buttons toolbar, is only visible with the permission
*/
private function checkAccessPermission($permission, $accessUrls = [], $visibles = [])
{
foreach ($accessUrls as $url) {
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit($url)
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs('/');
}
foreach ($visibles as $url => $text) {
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit($url)
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->dontSeeInElement('.action-buttons',$text);
}
$this->giveUserPermissions($this->user, [$permission]);
foreach ($accessUrls as $url) {
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit($url)
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->seePageIs($url);
}
foreach ($visibles as $url => $text) {
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit($url)
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
->see($text);
}
}
public function test_books_create_all_permissions()
{
$this->checkAccessPermission('book-create-all', [
'/books/create'
], [
Extracted text from book & chapter views
2016-11-17 21:33:07 +08:00
'/books' => 'Create New Book'
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
]);
$this->visit('/books/create')
->type('test book', 'name')
->type('book desc', 'description')
->press('Save Book')
->seePageIs('/books/test-book');
}
public function test_books_edit_own_permission()
{
$otherBook = \BookStack\Book::take(1)->get()->first();
$ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];
$this->checkAccessPermission('book-update-own', [
$ownBook->getUrl() . '/edit'
], [
$ownBook->getUrl() => 'Edit'
]);
$this->visit($otherBook->getUrl())
->dontSeeInElement('.action-buttons', 'Edit')
->visit($otherBook->getUrl() . '/edit')
->seePageIs('/');
}
public function test_books_edit_all_permission()
{
$otherBook = \BookStack\Book::take(1)->get()->first();
$this->checkAccessPermission('book-update-all', [
$otherBook->getUrl() . '/edit'
], [
$otherBook->getUrl() => 'Edit'
]);
}
public function test_books_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['book-update-all']);
$otherBook = \BookStack\Book::take(1)->get()->first();
$ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];
$this->checkAccessPermission('book-delete-own', [
$ownBook->getUrl() . '/delete'
], [
$ownBook->getUrl() => 'Delete'
]);
$this->visit($otherBook->getUrl())
->dontSeeInElement('.action-buttons', 'Delete')
->visit($otherBook->getUrl() . '/delete')
->seePageIs('/');
$this->visit($ownBook->getUrl())->visit($ownBook->getUrl() . '/delete')
->press('Confirm')
->seePageIs('/books')
->dontSee($ownBook->name);
}
public function test_books_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['book-update-all']);
$otherBook = \BookStack\Book::take(1)->get()->first();
$this->checkAccessPermission('book-delete-all', [
$otherBook->getUrl() . '/delete'
], [
$otherBook->getUrl() => 'Delete'
]);
$this->visit($otherBook->getUrl())->visit($otherBook->getUrl() . '/delete')
->press('Confirm')
->seePageIs('/books')
->dontSee($otherBook->name);
}
public function test_chapter_create_own_permissions()
{
$book = \BookStack\Book::take(1)->get()->first();
$ownBook = $this->createEntityChainBelongingToUser($this->user)['book'];
$baseUrl = $ownBook->getUrl() . '/chapter';
$this->checkAccessPermission('chapter-create-own', [
$baseUrl . '/create'
], [
$ownBook->getUrl() => 'New Chapter'
]);
$this->visit($baseUrl . '/create')
->type('test chapter', 'name')
->type('chapter desc', 'description')
->press('Save Chapter')
->seePageIs($baseUrl . '/test-chapter');
$this->visit($book->getUrl())
->dontSeeInElement('.action-buttons', 'New Chapter')
->visit($book->getUrl() . '/chapter/create')
->seePageIs('/');
}
public function test_chapter_create_all_permissions()
{
$book = \BookStack\Book::take(1)->get()->first();
$baseUrl = $book->getUrl() . '/chapter';
$this->checkAccessPermission('chapter-create-all', [
$baseUrl . '/create'
], [
$book->getUrl() => 'New Chapter'
]);
$this->visit($baseUrl . '/create')
->type('test chapter', 'name')
->type('chapter desc', 'description')
->press('Save Chapter')
->seePageIs($baseUrl . '/test-chapter');
}
public function test_chapter_edit_own_permission()
{
$otherChapter = \BookStack\Chapter::take(1)->get()->first();
$ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter'];
$this->checkAccessPermission('chapter-update-own', [
$ownChapter->getUrl() . '/edit'
], [
$ownChapter->getUrl() => 'Edit'
]);
$this->visit($otherChapter->getUrl())
->dontSeeInElement('.action-buttons', 'Edit')
->visit($otherChapter->getUrl() . '/edit')
->seePageIs('/');
}
public function test_chapter_edit_all_permission()
{
$otherChapter = \BookStack\Chapter::take(1)->get()->first();
$this->checkAccessPermission('chapter-update-all', [
$otherChapter->getUrl() . '/edit'
], [
$otherChapter->getUrl() => 'Edit'
]);
}
public function test_chapter_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['chapter-update-all']);
$otherChapter = \BookStack\Chapter::take(1)->get()->first();
$ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter'];
$this->checkAccessPermission('chapter-delete-own', [
$ownChapter->getUrl() . '/delete'
], [
$ownChapter->getUrl() => 'Delete'
]);
$bookUrl = $ownChapter->book->getUrl();
$this->visit($otherChapter->getUrl())
->dontSeeInElement('.action-buttons', 'Delete')
->visit($otherChapter->getUrl() . '/delete')
->seePageIs('/');
$this->visit($ownChapter->getUrl())->visit($ownChapter->getUrl() . '/delete')
->press('Confirm')
->seePageIs($bookUrl)
->dontSeeInElement('.book-content', $ownChapter->name);
}
public function test_chapter_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['chapter-update-all']);
$otherChapter = \BookStack\Chapter::take(1)->get()->first();
$this->checkAccessPermission('chapter-delete-all', [
$otherChapter->getUrl() . '/delete'
], [
$otherChapter->getUrl() => 'Delete'
]);
$bookUrl = $otherChapter->book->getUrl();
$this->visit($otherChapter->getUrl())->visit($otherChapter->getUrl() . '/delete')
->press('Confirm')
->seePageIs($bookUrl)
->dontSeeInElement('.book-content', $otherChapter->name);
}
public function test_page_create_own_permissions()
{
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$book = \BookStack\Book::first();
$chapter = \BookStack\Chapter::first();
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
$entities = $this->createEntityChainBelongingToUser($this->user);
$ownBook = $entities['book'];
$ownChapter = $entities['chapter'];
$baseUrl = $ownBook->getUrl() . '/page';
Added new page drafts and started image entity attaching Closes #80.
2016-03-13 20:04:08 +08:00
$createUrl = $baseUrl . '/create';
$createUrlChapter = $ownChapter->getUrl() . '/create-page';
$accessUrls = [$createUrl, $createUrlChapter];
foreach ($accessUrls as $url) {
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit($url)
Added new page drafts and started image entity attaching Closes #80.
2016-03-13 20:04:08 +08:00
->seePageIs('/');
}
$this->checkAccessPermission('page-create-own', [], [
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
$ownBook->getUrl() => 'New Page',
$ownChapter->getUrl() => 'New Page'
]);
Added new page drafts and started image entity attaching Closes #80.
2016-03-13 20:04:08 +08:00
$this->giveUserPermissions($this->user, ['page-create-own']);
foreach ($accessUrls as $index => $url) {
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit($url);
Added new page drafts and started image entity attaching Closes #80.
2016-03-13 20:04:08 +08:00
$expectedUrl = \BookStack\Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl();
$this->seePageIs($expectedUrl);
}
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
$this->visit($baseUrl . '/create')
->type('test page', 'name')
->type('page desc', 'html')
->press('Save Page')
->seePageIs($baseUrl . '/test-page');
$this->visit($book->getUrl())
->dontSeeInElement('.action-buttons', 'New Page')
->visit($book->getUrl() . '/page/create')
->seePageIs('/');
$this->visit($chapter->getUrl())
->dontSeeInElement('.action-buttons', 'New Page')
->visit($chapter->getUrl() . '/create-page')
->seePageIs('/');
}
public function test_page_create_all_permissions()
{
$book = \BookStack\Book::take(1)->get()->first();
$chapter = \BookStack\Chapter::take(1)->get()->first();
$baseUrl = $book->getUrl() . '/page';
Added new page drafts and started image entity attaching Closes #80.
2016-03-13 20:04:08 +08:00
$createUrl = $baseUrl . '/create';
$createUrlChapter = $chapter->getUrl() . '/create-page';
$accessUrls = [$createUrl, $createUrlChapter];
foreach ($accessUrls as $url) {
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit($url)
Added new page drafts and started image entity attaching Closes #80.
2016-03-13 20:04:08 +08:00
->seePageIs('/');
}
$this->checkAccessPermission('page-create-all', [], [
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
$book->getUrl() => 'New Page',
$chapter->getUrl() => 'New Page'
]);
Added new page drafts and started image entity attaching Closes #80.
2016-03-13 20:04:08 +08:00
$this->giveUserPermissions($this->user, ['page-create-all']);
foreach ($accessUrls as $index => $url) {
Made more efficiency improvements to permission system
2017-04-30 18:38:58 +08:00
$this->actingAs($this->user)->visit($url);
Added new page drafts and started image entity attaching Closes #80.
2016-03-13 20:04:08 +08:00
$expectedUrl = \BookStack\Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl();
$this->seePageIs($expectedUrl);
}
Added a whole load of permission & role tests
2016-03-05 20:09:09 +08:00
$this->visit($baseUrl . '/create')
->type('test page', 'name')
->type('page desc', 'html')
->press('Save Page')
->seePageIs($baseUrl . '/test-page');
$this->visit($chapter->getUrl() . '/create-page')
->type('new test page', 'name')
->type('page desc', 'html')
->press('Save Page')
->seePageIs($baseUrl . '/new-test-page');
}
public function test_page_edit_own_permission()
{
$otherPage = \BookStack\Page::take(1)->get()->first();
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->checkAccessPermission('page-update-own', [
$ownPage->getUrl() . '/edit'
], [
$ownPage->getUrl() => 'Edit'
]);
$this->visit($otherPage->getUrl())
->dontSeeInElement('.action-buttons', 'Edit')
->visit($otherPage->getUrl() . '/edit')
->seePageIs('/');
}
public function test_page_edit_all_permission()
{
$otherPage = \BookStack\Page::take(1)->get()->first();
$this->checkAccessPermission('page-update-all', [
$otherPage->getUrl() . '/edit'
], [
$otherPage->getUrl() => 'Edit'
]);
}
public function test_page_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['page-update-all']);
$otherPage = \BookStack\Page::take(1)->get()->first();
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->checkAccessPermission('page-delete-own', [
$ownPage->getUrl() . '/delete'
], [
$ownPage->getUrl() => 'Delete'
]);
$bookUrl = $ownPage->book->getUrl();
$this->visit($otherPage->getUrl())
->dontSeeInElement('.action-buttons', 'Delete')
->visit($otherPage->getUrl() . '/delete')
->seePageIs('/');
$this->visit($ownPage->getUrl())->visit($ownPage->getUrl() . '/delete')
->press('Confirm')
->seePageIs($bookUrl)
->dontSeeInElement('.book-content', $ownPage->name);
}
public function test_page_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['page-update-all']);
$otherPage = \BookStack\Page::take(1)->get()->first();
$this->checkAccessPermission('page-delete-all', [
$otherPage->getUrl() . '/delete'
], [
$otherPage->getUrl() => 'Delete'
]);
$bookUrl = $otherPage->book->getUrl();
$this->visit($otherPage->getUrl())->visit($otherPage->getUrl() . '/delete')
->press('Confirm')
->seePageIs($bookUrl)
->dontSeeInElement('.book-content', $otherPage->name);
}
Updated and added tests for new default user system Closes #138
2016-09-30 00:07:58 +08:00
public function test_public_role_visible_in_user_edit_screen()
Added hidden public role to fit with new permissions system
2016-05-02 02:36:53 +08:00
{
$user = \BookStack\User::first();
$this->asAdmin()->visit('/settings/users/' . $user->id)
->seeElement('#roles-admin')
Updated and added tests for new default user system Closes #138
2016-09-30 00:07:58 +08:00
->seeElement('#roles-public');
Added hidden public role to fit with new permissions system
2016-05-02 02:36:53 +08:00
}
Updated and added tests for new default user system Closes #138
2016-09-30 00:07:58 +08:00
public function test_public_role_visible_in_role_listing()
Added hidden public role to fit with new permissions system
2016-05-02 02:36:53 +08:00
{
$this->asAdmin()->visit('/settings/roles')
->see('Admin')
Updated and added tests for new default user system Closes #138
2016-09-30 00:07:58 +08:00
->see('Public');
Added hidden public role to fit with new permissions system
2016-05-02 02:36:53 +08:00
}
Updated and added tests for new default user system Closes #138
2016-09-30 00:07:58 +08:00
public function test_public_role_visible_in_default_role_setting()
Added hidden public role to fit with new permissions system
2016-05-02 02:36:53 +08:00
{
$this->asAdmin()->visit('/settings')
->seeElement('[data-role-name="admin"]')
Updated and added tests for new default user system Closes #138
2016-09-30 00:07:58 +08:00
->seeElement('[data-role-name="public"]');
Added hidden public role to fit with new permissions system
2016-05-02 02:36:53 +08:00
}
Updated and added tests for new default user system Closes #138
2016-09-30 00:07:58 +08:00
public function test_public_role_not_deleteable()
{
$this->asAdmin()->visit('/settings/roles')
->click('Public')
->see('Edit Role')
->click('Delete Role')
->press('Confirm')
->see('Delete Role')
->see('Cannot be deleted');
}
Fixed image delete permission issue Also fixed missing translations and wrote tests to cover issue. Fixes #258
2017-01-09 03:19:30 +08:00
public function test_image_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['image-update-all']);
$page = \BookStack\Page::first();
$image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(403);
$this->giveUserPermissions($this->user, ['image-delete-own']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(200)
->dontSeeInDatabase('images', ['id' => $image->id]);
}
public function test_image_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['image-update-all']);
$admin = $this->getAdmin();
$page = \BookStack\Page::first();
$image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(403);
$this->giveUserPermissions($this->user, ['image-delete-own']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(403);
$this->giveUserPermissions($this->user, ['image-delete-all']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(200)
->dontSeeInDatabase('images', ['id' => $image->id]);
}
Added test to cover f99c8ff. Closes #409
2017-07-02 22:40:42 +08:00
public function test_role_permission_removal()
{
// To cover issue fixed in f99c8ff99aee9beb8c692f36d4b84dc6e651e50a.
$page = Page::first();
$viewerRole = \BookStack\Role::getRole('viewer');
$viewer = $this->getViewer();
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(200);
Added test to cover f99c8ff. Closes #409
2017-07-02 22:40:42 +08:00
$this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [
'display_name' => $viewerRole->display_name,
'description' => $viewerRole->description,
'permission' => []
])->assertResponseStatus(302);
$this->expectException(HttpException::class);
$this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(404);
}
Prevent empty-state actions visible without permission. Fixes #411
2017-07-02 22:59:40 +08:00
public function test_empty_state_actions_not_visible_without_permission()
{
$admin = $this->getAdmin();
// Book links
$book = factory(\BookStack\Book::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id]);
$this->updateEntityPermissions($book);
$this->actingAs($this->getViewer())->visit($book->getUrl())
->dontSee('Create a new page')
->dontSee('Add a chapter');
// Chapter links
$chapter = factory(\BookStack\Chapter::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id, 'book_id' => $book->id]);
$this->updateEntityPermissions($chapter);
$this->actingAs($this->getViewer())->visit($chapter->getUrl())
->dontSee('Create a new page')
->dontSee('Sort the current book');
}
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
public function test_comment_create_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->actingAs($this->user)->addComment($ownPage);
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-create-all']);
$this->actingAs($this->user)->addComment($ownPage);
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->assertResponseStatus(200);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
}
public function test_comment_update_own_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->giveUserPermissions($this->user, ['comment-create-all']);
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$commentId = $this->actingAs($this->user)->addComment($ownPage);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
// no comment-update-own
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->actingAs($this->user)->updateComment($commentId);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-update-own']);
// now has comment-update-own
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->actingAs($this->user)->updateComment($commentId);
$this->assertResponseStatus(200);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
}
public function test_comment_update_all_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$commentId = $this->asAdmin()->addComment($ownPage);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
// no comment-update-all
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->actingAs($this->user)->updateComment($commentId);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-update-all']);
// now has comment-update-all
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->actingAs($this->user)->updateComment($commentId);
$this->assertResponseStatus(200);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
}
public function test_comment_delete_own_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->giveUserPermissions($this->user, ['comment-create-all']);
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$commentId = $this->actingAs($this->user)->addComment($ownPage);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
// no comment-delete-own
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->actingAs($this->user)->deleteComment($commentId);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-delete-own']);
// now has comment-update-own
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->actingAs($this->user)->deleteComment($commentId);
$this->assertResponseStatus(200);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
}
public function test_comment_delete_all_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$commentId = $this->asAdmin()->addComment($ownPage);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
// no comment-delete-all
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->actingAs($this->user)->deleteComment($commentId);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-delete-all']);
// now has comment-delete-all
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->actingAs($this->user)->deleteComment($commentId);
$this->assertResponseStatus(200);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
}
private function addComment($page) {
$comment = factory(\BookStack\Comment::class)->make();
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$url = "/ajax/page/$page->id/comment";
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
$request = [
'text' => $comment->text,
'html' => $comment->html
];
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$this->postJson($url, $request);
$comment = $page->comments()->first();
return $comment === null ? null : $comment->id;
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
}
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
private function updateComment($commentId) {
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
$comment = factory(\BookStack\Comment::class)->make();
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
$url = "/ajax/comment/$commentId";
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
$request = [
'text' => $comment->text,
'html' => $comment->html
];
Removed outdated translations and updated tests
2017-09-10 01:41:59 +08:00
return $this->putJson($url, $request);
#47 - Added more test cases to test the APIs and permission for comments.
2017-06-13 05:01:17 +08:00
}
private function deleteComment($commentId) {
$url = '/ajax/comment/' . $commentId;
return $this->json('DELETE', $url);
}
Finished initial implementation of custom role system
2016-02-28 03:24:42 +08:00
}