bookstack/tests/Permissions/ExportPermissionsTest.php

<?php namespace Tests\Permissions;

use BookStack\Entities\Book;
use BookStack\Entities\Chapter;
use Illuminate\Support\Str;
use Tests\TestCase;

class ExportPermissionsTest extends TestCase
{

    public function test_page_content_without_view_access_hidden_on_chapter_export()
    {
        $chapter = Chapter::query()->first();
        $page = $chapter->pages()->firstOrFail();
        $pageContent = Str::random(48);
        $page->html = '<p>' . $pageContent . '</p>';
        $page->save();
        $viewer = $this->getViewer();
        $this->actingAs($viewer);
        $formats = ['html', 'plaintext'];

        foreach ($formats as $format) {
            $resp = $this->get($chapter->getUrl("export/{$format}"));
            $resp->assertStatus(200);
            $resp->assertSee($page->name);
            $resp->assertSee($pageContent);
        }

        $this->setEntityRestrictions($page, []);

        foreach ($formats as $format) {
            $resp = $this->get($chapter->getUrl("export/{$format}"));
            $resp->assertStatus(200);
            $resp->assertDontSee($page->name);
            $resp->assertDontSee($pageContent);
        }
    }

    public function test_page_content_without_view_access_hidden_on_book_export()
    {
        $book = Book::query()->first();
        $page = $book->pages()->firstOrFail();
        $pageContent = Str::random(48);
        $page->html = '<p>' . $pageContent . '</p>';
        $page->save();
        $viewer = $this->getViewer();
        $this->actingAs($viewer);
        $formats = ['html', 'plaintext'];

        foreach ($formats as $format) {
            $resp = $this->get($book->getUrl("export/{$format}"));
            $resp->assertStatus(200);
            $resp->assertSee($page->name);
            $resp->assertSee($pageContent);
        }

        $this->setEntityRestrictions($page, []);

        foreach ($formats as $format) {
            $resp = $this->get($book->getUrl("export/{$format}"));
            $resp->assertStatus(200);
            $resp->assertDontSee($page->name);
            $resp->assertDontSee($pageContent);
        }
    }

}
Fixed issue where restricted page content in plaintext export The content of pages made non-viewable to a user via permissions, within a visible parent, could be seen via the plaintext export option. Before v0.30.6 this would have applied only to scenarios where all pages within the chapter were made non-visible. In v0.30.6 this would make all pages within the chapter visible. As per #2414 2020-12-18 21:56:00 +08:00			`<?php namespace Tests\Permissions;`

			`use BookStack\Entities\Book;`
			`use BookStack\Entities\Chapter;`
			`use Illuminate\Support\Str;`
			`use Tests\TestCase;`

			`class ExportPermissionsTest extends TestCase`
			`{`

			`public function test_page_content_without_view_access_hidden_on_chapter_export()`
			`{`
			`$chapter = Chapter::query()->first();`
			`$page = $chapter->pages()->firstOrFail();`
			`$pageContent = Str::random(48);`
			`$page->html = '<p>' . $pageContent . '</p>';`
			`$page->save();`
			`$viewer = $this->getViewer();`
			`$this->actingAs($viewer);`
			`$formats = ['html', 'plaintext'];`

			`foreach ($formats as $format) {`
			`$resp = $this->get($chapter->getUrl("export/{$format}"));`
			`$resp->assertStatus(200);`
			`$resp->assertSee($page->name);`
			`$resp->assertSee($pageContent);`
			`}`

			`$this->setEntityRestrictions($page, []);`

			`foreach ($formats as $format) {`
			`$resp = $this->get($chapter->getUrl("export/{$format}"));`
			`$resp->assertStatus(200);`
			`$resp->assertDontSee($page->name);`
			`$resp->assertDontSee($pageContent);`
			`}`
			`}`

			`public function test_page_content_without_view_access_hidden_on_book_export()`
			`{`
			`$book = Book::query()->first();`
			`$page = $book->pages()->firstOrFail();`
			`$pageContent = Str::random(48);`
			`$page->html = '<p>' . $pageContent . '</p>';`
			`$page->save();`
			`$viewer = $this->getViewer();`
			`$this->actingAs($viewer);`
			`$formats = ['html', 'plaintext'];`

			`foreach ($formats as $format) {`
			`$resp = $this->get($book->getUrl("export/{$format}"));`
			`$resp->assertStatus(200);`
			`$resp->assertSee($page->name);`
			`$resp->assertSee($pageContent);`
			`}`

			`$this->setEntityRestrictions($page, []);`

			`foreach ($formats as $format) {`
			`$resp = $this->get($book->getUrl("export/{$format}"));`
			`$resp->assertStatus(200);`
			`$resp->assertDontSee($page->name);`
			`$resp->assertDontSee($pageContent);`
			`}`
			`}`

			`}`