| 
									
										
										
										
											2020-04-04 08:16:05 +08:00
										 |  |  | <?php namespace Tests\Permissions; | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-11-22 08:17:45 +08:00
										 |  |  | use BookStack\Entities\Models\Book; | 
					
						
							|  |  |  | use BookStack\Entities\Models\Bookshelf; | 
					
						
							|  |  |  | use BookStack\Entities\Models\Chapter; | 
					
						
							|  |  |  | use BookStack\Entities\Models\Entity; | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  | use BookStack\Auth\User; | 
					
						
							| 
									
										
										
										
											2020-11-22 08:17:45 +08:00
										 |  |  | use BookStack\Entities\Models\Page; | 
					
						
							| 
									
										
										
										
											2020-12-19 05:42:43 +08:00
										 |  |  | use Illuminate\Support\Str; | 
					
						
							| 
									
										
										
										
											2020-04-04 08:16:05 +08:00
										 |  |  | use Tests\BrowserKitTest; | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-12-19 05:42:43 +08:00
										 |  |  | class EntityPermissionsTest extends BrowserKitTest | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							| 
									
										
										
										
											2019-10-05 19:55:01 +08:00
										 |  |  |      * @var User | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |     protected $user; | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var User | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |     protected $viewer; | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |     public function setUp(): void | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |     { | 
					
						
							|  |  |  |         parent::setUp(); | 
					
						
							| 
									
										
										
										
											2016-05-07 21:29:43 +08:00
										 |  |  |         $this->user = $this->getEditor(); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |         $this->viewer = $this->getViewer(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |     protected function setRestrictionsForTestRoles(Entity $entity, array $actions = []) | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-04-15 01:47:13 +08:00
										 |  |  |         $roles = [ | 
					
						
							|  |  |  |             $this->user->roles->first(), | 
					
						
							|  |  |  |             $this->viewer->roles->first(), | 
					
						
							|  |  |  |         ]; | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setEntityRestrictions($entity, $actions, $roles); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  |     public function test_bookshelf_view_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $shelf = Bookshelf::first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($shelf->getUrl()) | 
					
						
							|  |  |  |             ->seePageIs($shelf->getUrl()); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, []); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($shelf->getUrl()) | 
					
						
							|  |  |  |             ->see('Bookshelf not found'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, ['view']); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($shelf->getUrl()) | 
					
						
							|  |  |  |             ->see($shelf->name); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_bookshelf_update_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2020-10-16 07:27:36 +08:00
										 |  |  |         $shelf = Bookshelf::first(); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($shelf->getUrl('/edit')) | 
					
						
							|  |  |  |             ->see('Edit Book'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($shelf->getUrl('/edit')) | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($shelf->getUrl('/edit')) | 
					
						
							|  |  |  |             ->seePageIs($shelf->getUrl('/edit')); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_bookshelf_delete_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $shelf = Book::first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($shelf->getUrl('/delete')) | 
					
						
							|  |  |  |             ->see('Delete Book'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($shelf->getUrl('/delete')) | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($shelf->getUrl('/delete')) | 
					
						
							|  |  |  |             ->seePageIs($shelf->getUrl('/delete'))->see('Delete Book'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |     public function test_book_view_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |         $book = Book::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $bookPage = $book->pages->first(); | 
					
						
							|  |  |  |         $bookChapter = $book->chapters->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $bookUrl = $book->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($bookUrl) | 
					
						
							|  |  |  |             ->seePageIs($bookUrl); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, []); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($bookUrl) | 
					
						
							|  |  |  |             ->see('Book not found'); | 
					
						
							|  |  |  |         $this->forceVisit($bookPage->getUrl()) | 
					
						
							| 
									
										
										
										
											2017-01-02 00:05:44 +08:00
										 |  |  |             ->see('Page not found'); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $this->forceVisit($bookChapter->getUrl()) | 
					
						
							| 
									
										
										
										
											2017-01-02 00:05:44 +08:00
										 |  |  |             ->see('Chapter not found'); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($bookUrl) | 
					
						
							|  |  |  |             ->see($book->name); | 
					
						
							|  |  |  |         $this->visit($bookPage->getUrl()) | 
					
						
							|  |  |  |             ->see($bookPage->name); | 
					
						
							|  |  |  |         $this->visit($bookChapter->getUrl()) | 
					
						
							|  |  |  |             ->see($bookChapter->name); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_book_create_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |         $book = Book::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $bookUrl = $book->getUrl(); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |         $this->actingAs($this->viewer) | 
					
						
							|  |  |  |             ->visit($bookUrl) | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |             ->dontSeeInElement('.actions', 'New Page') | 
					
						
							|  |  |  |             ->dontSeeInElement('.actions', 'New Chapter'); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($bookUrl) | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |             ->seeInElement('.actions', 'New Page') | 
					
						
							|  |  |  |             ->seeInElement('.actions', 'New Chapter'); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'delete', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-25 18:34:42 +08:00
										 |  |  |         $this->forceVisit($bookUrl . '/create-chapter') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							| 
									
										
										
										
											2018-03-25 18:34:42 +08:00
										 |  |  |         $this->forceVisit($bookUrl . '/create-page') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |         $this->visit($bookUrl)->dontSeeInElement('.actions', 'New Page') | 
					
						
							|  |  |  |             ->dontSeeInElement('.actions', 'New Chapter'); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'create']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-25 18:34:42 +08:00
										 |  |  |         $this->visit($bookUrl . '/create-chapter') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->type('test chapter', 'name') | 
					
						
							|  |  |  |             ->type('test description for chapter', 'description') | 
					
						
							|  |  |  |             ->press('Save Chapter') | 
					
						
							|  |  |  |             ->seePageIs($bookUrl . '/chapter/test-chapter'); | 
					
						
							| 
									
										
										
										
											2018-03-25 18:34:42 +08:00
										 |  |  |         $this->visit($bookUrl . '/create-page') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->type('test page', 'name') | 
					
						
							|  |  |  |             ->type('test content', 'html') | 
					
						
							|  |  |  |             ->press('Save Page') | 
					
						
							|  |  |  |             ->seePageIs($bookUrl . '/page/test-page'); | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |         $this->visit($bookUrl)->seeInElement('.actions', 'New Page') | 
					
						
							|  |  |  |             ->seeInElement('.actions', 'New Chapter'); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_book_update_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |         $book = Book::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $bookPage = $book->pages->first(); | 
					
						
							|  |  |  |         $bookChapter = $book->chapters->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $bookUrl = $book->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($bookUrl . '/edit') | 
					
						
							|  |  |  |             ->see('Edit Book'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($bookUrl . '/edit') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($bookPage->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($bookChapter->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($bookUrl . '/edit') | 
					
						
							|  |  |  |             ->seePageIs($bookUrl . '/edit'); | 
					
						
							|  |  |  |         $this->visit($bookPage->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->seePageIs($bookPage->getUrl() . '/edit'); | 
					
						
							|  |  |  |         $this->visit($bookChapter->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->see('Edit Chapter'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_book_delete_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |         $book = Book::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $bookPage = $book->pages->first(); | 
					
						
							|  |  |  |         $bookChapter = $book->chapters->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $bookUrl = $book->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($bookUrl . '/delete') | 
					
						
							|  |  |  |             ->see('Delete Book'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($bookUrl . '/delete') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($bookPage->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($bookChapter->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($bookUrl . '/delete') | 
					
						
							|  |  |  |             ->seePageIs($bookUrl . '/delete')->see('Delete Book'); | 
					
						
							|  |  |  |         $this->visit($bookPage->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page'); | 
					
						
							|  |  |  |         $this->visit($bookChapter->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->see('Delete Chapter'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_chapter_view_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $chapter = Chapter::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $chapterPage = $chapter->pages->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $chapterUrl = $chapter->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($chapterUrl) | 
					
						
							|  |  |  |             ->seePageIs($chapterUrl); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($chapter, []); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($chapterUrl) | 
					
						
							|  |  |  |             ->see('Chapter not found'); | 
					
						
							|  |  |  |         $this->forceVisit($chapterPage->getUrl()) | 
					
						
							|  |  |  |             ->see('Page not found'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($chapter, ['view']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($chapterUrl) | 
					
						
							|  |  |  |             ->see($chapter->name); | 
					
						
							|  |  |  |         $this->visit($chapterPage->getUrl()) | 
					
						
							|  |  |  |             ->see($chapterPage->name); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_chapter_create_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $chapter = Chapter::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $chapterUrl = $chapter->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($chapterUrl) | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |             ->seeInElement('.actions', 'New Page'); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($chapter, ['view', 'delete', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($chapterUrl . '/create-page') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |         $this->visit($chapterUrl)->dontSeeInElement('.actions', 'New Page'); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($chapter, ['view', 'create']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($chapterUrl . '/create-page') | 
					
						
							|  |  |  |             ->type('test page', 'name') | 
					
						
							|  |  |  |             ->type('test content', 'html') | 
					
						
							|  |  |  |             ->press('Save Page') | 
					
						
							|  |  |  |             ->seePageIs($chapter->book->getUrl() . '/page/test-page'); | 
					
						
							| 
									
										
										
										
											2017-04-30 05:01:43 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |         $this->visit($chapterUrl)->seeInElement('.actions', 'New Page'); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_chapter_update_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $chapter = Chapter::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $chapterPage = $chapter->pages->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $chapterUrl = $chapter->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($chapterUrl . '/edit') | 
					
						
							|  |  |  |             ->see('Edit Chapter'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($chapter, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($chapterUrl . '/edit') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($chapterPage->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($chapter, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($chapterUrl . '/edit') | 
					
						
							|  |  |  |             ->seePageIs($chapterUrl . '/edit')->see('Edit Chapter'); | 
					
						
							|  |  |  |         $this->visit($chapterPage->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->seePageIs($chapterPage->getUrl() . '/edit'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_chapter_delete_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $chapter = Chapter::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $chapterPage = $chapter->pages->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $chapterUrl = $chapter->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($chapterUrl . '/delete') | 
					
						
							|  |  |  |             ->see('Delete Chapter'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($chapter, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($chapterUrl . '/delete') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($chapterPage->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($chapter, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($chapterUrl . '/delete') | 
					
						
							|  |  |  |             ->seePageIs($chapterUrl . '/delete')->see('Delete Chapter'); | 
					
						
							|  |  |  |         $this->visit($chapterPage->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->seePageIs($chapterPage->getUrl() . '/delete')->see('Delete Page'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_page_view_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-10-05 19:55:01 +08:00
										 |  |  |         $page = Page::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $pageUrl = $page->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($pageUrl) | 
					
						
							|  |  |  |             ->seePageIs($pageUrl); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($page, ['update', 'delete']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($pageUrl) | 
					
						
							|  |  |  |             ->see('Page not found'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($page, ['view']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($pageUrl) | 
					
						
							|  |  |  |             ->see($page->name); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_page_update_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $page = Chapter::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $pageUrl = $page->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($pageUrl . '/edit') | 
					
						
							|  |  |  |             ->seeInField('name', $page->name); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($page, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($pageUrl . '/edit') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($page, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($pageUrl . '/edit') | 
					
						
							|  |  |  |             ->seePageIs($pageUrl . '/edit')->seeInField('name', $page->name); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_page_delete_restriction() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-10-05 19:55:01 +08:00
										 |  |  |         $page = Page::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $pageUrl = $page->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($pageUrl . '/delete') | 
					
						
							|  |  |  |             ->see('Delete Page'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($page, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($pageUrl . '/delete') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($page, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($pageUrl . '/delete') | 
					
						
							|  |  |  |             ->seePageIs($pageUrl . '/delete')->see('Delete Page'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  |     public function test_bookshelf_restriction_form() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $shelf = Bookshelf::first(); | 
					
						
							|  |  |  |         $this->asAdmin()->visit($shelf->getUrl('/permissions')) | 
					
						
							|  |  |  |             ->see('Bookshelf Permissions') | 
					
						
							|  |  |  |             ->check('restricted') | 
					
						
							|  |  |  |             ->check('restrictions[2][view]') | 
					
						
							|  |  |  |             ->press('Save Permissions') | 
					
						
							|  |  |  |             ->seeInDatabase('bookshelves', ['id' => $shelf->id, 'restricted' => true]) | 
					
						
							|  |  |  |             ->seeInDatabase('entity_permissions', [ | 
					
						
							|  |  |  |                 'restrictable_id' => $shelf->id, | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |                 'restrictable_type' => Bookshelf::newModelInstance()->getMorphClass(), | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  |                 'role_id' => '2', | 
					
						
							|  |  |  |                 'action' => 'view' | 
					
						
							|  |  |  |             ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |     public function test_book_restriction_form() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |         $book = Book::first(); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |         $this->asAdmin()->visit($book->getUrl() . '/permissions') | 
					
						
							|  |  |  |             ->see('Book Permissions') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->check('restricted') | 
					
						
							|  |  |  |             ->check('restrictions[2][view]') | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |             ->press('Save Permissions') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->seeInDatabase('books', ['id' => $book->id, 'restricted' => true]) | 
					
						
							| 
									
										
										
										
											2016-05-02 04:20:50 +08:00
										 |  |  |             ->seeInDatabase('entity_permissions', [ | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |                 'restrictable_id' => $book->id, | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |                 'restrictable_type' => Book::newModelInstance()->getMorphClass(), | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |                 'role_id' => '2', | 
					
						
							|  |  |  |                 'action' => 'view' | 
					
						
							|  |  |  |             ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_chapter_restriction_form() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $chapter = Chapter::first(); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |         $this->asAdmin()->visit($chapter->getUrl() . '/permissions') | 
					
						
							|  |  |  |             ->see('Chapter Permissions') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->check('restricted') | 
					
						
							|  |  |  |             ->check('restrictions[2][update]') | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |             ->press('Save Permissions') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true]) | 
					
						
							| 
									
										
										
										
											2016-05-02 04:20:50 +08:00
										 |  |  |             ->seeInDatabase('entity_permissions', [ | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |                 'restrictable_id' => $chapter->id, | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |                 'restrictable_type' => Chapter::newModelInstance()->getMorphClass(), | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |                 'role_id' => '2', | 
					
						
							|  |  |  |                 'action' => 'update' | 
					
						
							|  |  |  |             ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_page_restriction_form() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-10-05 19:55:01 +08:00
										 |  |  |         $page = Page::first(); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |         $this->asAdmin()->visit($page->getUrl() . '/permissions') | 
					
						
							|  |  |  |             ->see('Page Permissions') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->check('restricted') | 
					
						
							|  |  |  |             ->check('restrictions[2][delete]') | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |             ->press('Save Permissions') | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |             ->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true]) | 
					
						
							| 
									
										
										
										
											2016-05-02 04:20:50 +08:00
										 |  |  |             ->seeInDatabase('entity_permissions', [ | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |                 'restrictable_id' => $page->id, | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |                 'restrictable_type' => Page::newModelInstance()->getMorphClass(), | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |                 'role_id' => '2', | 
					
						
							|  |  |  |                 'action' => 'delete' | 
					
						
							|  |  |  |             ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_restricted_pages_not_visible_in_book_navigation_on_pages() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $chapter = Chapter::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $page = $chapter->pages->first(); | 
					
						
							|  |  |  |         $page2 = $chapter->pages[2]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($page, []); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($page2->getUrl()) | 
					
						
							|  |  |  |             ->dontSeeInElement('.sidebar-page-list', $page->name); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_restricted_pages_not_visible_in_book_navigation_on_chapters() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $chapter = Chapter::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $page = $chapter->pages->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($page, []); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($chapter->getUrl()) | 
					
						
							|  |  |  |             ->dontSeeInElement('.sidebar-page-list', $page->name); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_restricted_pages_not_visible_on_chapter_pages() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-09-25 19:30:50 +08:00
										 |  |  |         $chapter = Chapter::first(); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  |         $page = $chapter->pages->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($page, []); | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($chapter->getUrl()) | 
					
						
							|  |  |  |             ->dontSee($page->name); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-12-18 01:31:18 +08:00
										 |  |  |     public function test_restricted_chapter_pages_not_visible_on_book_page() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $chapter = Chapter::query()->first(); | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($chapter->book->getUrl()) | 
					
						
							|  |  |  |             ->see($chapter->pages->first()->name); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         foreach ($chapter->pages as $page) { | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |             $this->setRestrictionsForTestRoles($page, []); | 
					
						
							| 
									
										
										
										
											2020-12-18 01:31:18 +08:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->user) | 
					
						
							|  |  |  |             ->visit($chapter->book->getUrl()) | 
					
						
							|  |  |  |             ->dontSee($chapter->pages->first()->name); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  |     public function test_bookshelf_update_restriction_override() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $shelf = Bookshelf::first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->viewer) | 
					
						
							|  |  |  |             ->visit($shelf->getUrl('/edit')) | 
					
						
							|  |  |  |             ->dontSee('Edit Book'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($shelf->getUrl('/edit')) | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($shelf->getUrl('/edit')) | 
					
						
							|  |  |  |             ->seePageIs($shelf->getUrl('/edit')); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_bookshelf_delete_restriction_override() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $shelf = Bookshelf::first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->viewer) | 
					
						
							|  |  |  |             ->visit($shelf->getUrl('/delete')) | 
					
						
							|  |  |  |             ->dontSee('Delete Book'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($shelf->getUrl('/delete')) | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($shelf, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2018-09-21 22:15:16 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($shelf->getUrl('/delete')) | 
					
						
							|  |  |  |             ->seePageIs($shelf->getUrl('/delete'))->see('Delete Book'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |     public function test_book_create_restriction_override() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |         $book = Book::first(); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $bookUrl = $book->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->viewer) | 
					
						
							|  |  |  |             ->visit($bookUrl) | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |             ->dontSeeInElement('.actions', 'New Page') | 
					
						
							|  |  |  |             ->dontSeeInElement('.actions', 'New Chapter'); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'delete', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-25 18:34:42 +08:00
										 |  |  |         $this->forceVisit($bookUrl . '/create-chapter') | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							| 
									
										
										
										
											2018-03-25 18:34:42 +08:00
										 |  |  |         $this->forceVisit($bookUrl . '/create-page') | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |         $this->visit($bookUrl)->dontSeeInElement('.actions', 'New Page') | 
					
						
							|  |  |  |             ->dontSeeInElement('.actions', 'New Chapter'); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'create']); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-25 18:34:42 +08:00
										 |  |  |         $this->visit($bookUrl . '/create-chapter') | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |             ->type('test chapter', 'name') | 
					
						
							|  |  |  |             ->type('test description for chapter', 'description') | 
					
						
							|  |  |  |             ->press('Save Chapter') | 
					
						
							|  |  |  |             ->seePageIs($bookUrl . '/chapter/test-chapter'); | 
					
						
							| 
									
										
										
										
											2018-03-25 18:34:42 +08:00
										 |  |  |         $this->visit($bookUrl . '/create-page') | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |             ->type('test page', 'name') | 
					
						
							|  |  |  |             ->type('test content', 'html') | 
					
						
							|  |  |  |             ->press('Save Page') | 
					
						
							|  |  |  |             ->seePageIs($bookUrl . '/page/test-page'); | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |         $this->visit($bookUrl)->seeInElement('.actions', 'New Page') | 
					
						
							|  |  |  |             ->seeInElement('.actions', 'New Chapter'); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_book_update_restriction_override() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |         $book = Book::first(); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |         $bookPage = $book->pages->first(); | 
					
						
							|  |  |  |         $bookChapter = $book->chapters->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $bookUrl = $book->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->viewer) | 
					
						
							|  |  |  |             ->visit($bookUrl . '/edit') | 
					
						
							|  |  |  |             ->dontSee('Edit Book'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($bookUrl . '/edit') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($bookPage->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($bookChapter->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($bookUrl . '/edit') | 
					
						
							|  |  |  |             ->seePageIs($bookUrl . '/edit'); | 
					
						
							|  |  |  |         $this->visit($bookPage->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->seePageIs($bookPage->getUrl() . '/edit'); | 
					
						
							|  |  |  |         $this->visit($bookChapter->getUrl() . '/edit') | 
					
						
							|  |  |  |             ->see('Edit Chapter'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_book_delete_restriction_override() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |         $book = Book::first(); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  |         $bookPage = $book->pages->first(); | 
					
						
							|  |  |  |         $bookChapter = $book->chapters->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $bookUrl = $book->getUrl(); | 
					
						
							|  |  |  |         $this->actingAs($this->viewer) | 
					
						
							|  |  |  |             ->visit($bookUrl . '/delete') | 
					
						
							|  |  |  |             ->dontSee('Delete Book'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'update']); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->forceVisit($bookUrl . '/delete') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($bookPage->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  |         $this->forceVisit($bookChapter->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->see('You do not have permission')->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, ['view', 'delete']); | 
					
						
							| 
									
										
										
										
											2016-03-31 03:15:44 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->visit($bookUrl . '/delete') | 
					
						
							|  |  |  |             ->seePageIs($bookUrl . '/delete')->see('Delete Book'); | 
					
						
							|  |  |  |         $this->visit($bookPage->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page'); | 
					
						
							|  |  |  |         $this->visit($bookChapter->getUrl() . '/delete') | 
					
						
							|  |  |  |             ->see('Delete Chapter'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-22 20:39:34 +08:00
										 |  |  |     public function test_page_visible_if_has_permissions_when_book_not_visible() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-19 23:56:06 +08:00
										 |  |  |         $book = Book::first(); | 
					
						
							|  |  |  |         $bookChapter = $book->chapters->first(); | 
					
						
							|  |  |  |         $bookPage = $bookChapter->pages->first(); | 
					
						
							| 
									
										
										
										
											2020-12-19 05:42:43 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         foreach ([$book, $bookChapter, $bookPage] as $entity) { | 
					
						
							|  |  |  |             $entity->name = Str::random(24); | 
					
						
							|  |  |  |             $entity->save(); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, []); | 
					
						
							|  |  |  |         $this->setRestrictionsForTestRoles($bookPage, ['view']); | 
					
						
							| 
									
										
										
										
											2017-04-22 20:39:34 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->viewer); | 
					
						
							|  |  |  |         $this->get($bookPage->getUrl()); | 
					
						
							|  |  |  |         $this->assertResponseOk(); | 
					
						
							|  |  |  |         $this->see($bookPage->name); | 
					
						
							|  |  |  |         $this->dontSee(substr($book->name, 0, 15)); | 
					
						
							|  |  |  |         $this->dontSee(substr($bookChapter->name, 0, 15)); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-31 22:47:08 +08:00
										 |  |  |     public function test_book_sort_view_permission() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $firstBook = Book::first(); | 
					
						
							|  |  |  |         $secondBook = Book::find(2); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($firstBook, ['view', 'update']); | 
					
						
							|  |  |  |         $this->setRestrictionsForTestRoles($secondBook, ['view']); | 
					
						
							| 
									
										
										
										
											2017-12-31 22:47:08 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // Test sort page visibility
 | 
					
						
							|  |  |  |         $this->actingAs($this->user)->visit($secondBook->getUrl() . '/sort') | 
					
						
							|  |  |  |                 ->see('You do not have permission') | 
					
						
							|  |  |  |                 ->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Check sort page on first book
 | 
					
						
							| 
									
										
										
										
											2019-04-07 01:36:17 +08:00
										 |  |  |         $this->actingAs($this->user)->visit($firstBook->getUrl() . '/sort'); | 
					
						
							| 
									
										
										
										
											2017-12-31 22:47:08 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_book_sort_permission() { | 
					
						
							|  |  |  |         $firstBook = Book::first(); | 
					
						
							|  |  |  |         $secondBook = Book::find(2); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($firstBook, ['view', 'update']); | 
					
						
							|  |  |  |         $this->setRestrictionsForTestRoles($secondBook, ['view']); | 
					
						
							| 
									
										
										
										
											2017-12-31 22:47:08 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-10-05 19:55:01 +08:00
										 |  |  |         $firstBookChapter = $this->newChapter(['name' => 'first book chapter'], $firstBook); | 
					
						
							|  |  |  |         $secondBookChapter = $this->newChapter(['name' => 'second book chapter'], $secondBook); | 
					
						
							| 
									
										
										
										
											2017-12-31 22:47:08 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // Create request data
 | 
					
						
							|  |  |  |         $reqData = [ | 
					
						
							|  |  |  |             [ | 
					
						
							|  |  |  |                 'id' => $firstBookChapter->id, | 
					
						
							|  |  |  |                 'sort' => 0, | 
					
						
							|  |  |  |                 'parentChapter' => false, | 
					
						
							|  |  |  |                 'type' => 'chapter', | 
					
						
							|  |  |  |                 'book' => $secondBook->id | 
					
						
							|  |  |  |             ] | 
					
						
							|  |  |  |         ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Move chapter from first book to a second book
 | 
					
						
							|  |  |  |         $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)]) | 
					
						
							|  |  |  |                 ->followRedirects() | 
					
						
							|  |  |  |                 ->see('You do not have permission') | 
					
						
							|  |  |  |                 ->seePageIs('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $reqData = [ | 
					
						
							|  |  |  |             [ | 
					
						
							|  |  |  |                 'id' => $secondBookChapter->id, | 
					
						
							|  |  |  |                 'sort' => 0, | 
					
						
							|  |  |  |                 'parentChapter' => false, | 
					
						
							|  |  |  |                 'type' => 'chapter', | 
					
						
							|  |  |  |                 'book' => $firstBook->id | 
					
						
							|  |  |  |             ] | 
					
						
							|  |  |  |         ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Move chapter from second book to first book
 | 
					
						
							|  |  |  |         $this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)]) | 
					
						
							|  |  |  |                 ->followRedirects() | 
					
						
							|  |  |  |                 ->see('You do not have permission') | 
					
						
							|  |  |  |                 ->seePageIs('/'); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-07-14 21:12:29 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     public function test_can_create_page_if_chapter_has_permissions_when_book_not_visible() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $book = Book::first(); | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($book, []); | 
					
						
							| 
									
										
										
										
											2018-07-14 21:12:29 +08:00
										 |  |  |         $bookChapter = $book->chapters->first(); | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($bookChapter, ['view']); | 
					
						
							| 
									
										
										
										
											2018-07-14 21:12:29 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->user)->visit($bookChapter->getUrl()) | 
					
						
							|  |  |  |             ->dontSee('New Page'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $this->setRestrictionsForTestRoles($bookChapter, ['view', 'create']); | 
					
						
							| 
									
										
										
										
											2018-07-14 21:12:29 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->actingAs($this->user)->visit($bookChapter->getUrl()) | 
					
						
							|  |  |  |             ->click('New Page') | 
					
						
							|  |  |  |             ->seeStatusCode(200) | 
					
						
							|  |  |  |             ->type('test page', 'name') | 
					
						
							|  |  |  |             ->type('test content', 'html') | 
					
						
							|  |  |  |             ->press('Save Page') | 
					
						
							|  |  |  |             ->seePageIs($book->getUrl('/page/test-page')) | 
					
						
							|  |  |  |             ->seeStatusCode(200); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2016-03-06 02:09:21 +08:00
										 |  |  | } |