colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added phpunit tests to cover image API endpoints

This commit is contained in:
Dan Brown 2023-03-14 19:29:08 +00:00
parent d9eec6d82c
commit 3a808fd768
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
4 changed files with 375 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/Http/Controllers/Api/ImageGalleryApiController.php
View File

@ -2,6 +2,7 @@
namespace BookStack\Http\Controllers\Api; namespace BookStack\Http\Controllers\Api;
use BookStack\Entities\Models\Page;
use BookStack\Uploads\Image; use BookStack\Uploads\Image;
use BookStack\Uploads\ImageRepo; use BookStack\Uploads\ImageRepo;
use Illuminate\Http\Request; use Illuminate\Http\Request;
@ -22,7 +23,7 @@ class ImageGalleryApiController extends ApiController
return [ return [
'create' => [ 'create' => [
'type' => ['required', 'string', 'in:gallery,drawio'], 'type' => ['required', 'string', 'in:gallery,drawio'],
'uploaded_to' => ['required', 'integer', 'exists:pages,id'], 'uploaded_to' => ['required', 'integer'],
'image' => ['required', 'file', ...$this->getImageValidationRules()], 'image' => ['required', 'file', ...$this->getImageValidationRules()],
'name' => ['string', 'max:180'], 'name' => ['string', 'max:180'],
], ],
@ -52,10 +53,17 @@ class ImageGalleryApiController extends ApiController
*/ */
public function create(Request $request) public function create(Request $request)
{ {
$this->checkPermission('image-create-all');
$data = $this->validate($request, $this->rules()['create']); $data = $this->validate($request, $this->rules()['create']);
Page::visible()->findOrFail($data['uploaded_to']);
$image = $this->imageRepo->saveNew($data['image'], $data['type'], $data['uploaded_to']); $image = $this->imageRepo->saveNew($data['image'], $data['type'], $data['uploaded_to']);
if (isset($data['name'])) {
$image->refresh();
$image->update(['name' => $data['name']]);
}
return response()->json($this->formatForSingleResponse($image)); return response()->json($this->formatForSingleResponse($image));
} }
@ -64,8 +72,7 @@ class ImageGalleryApiController extends ApiController
*/ */
public function read(string $id) public function read(string $id)
{ {
$image = $this->imageRepo->getById($id); $image = Image::query()->scopes(['visible'])->findOrFail($id);
$this->checkOwnablePermission('page-view', $image->getPage());
return response()->json($this->formatForSingleResponse($image)); return response()->json($this->formatForSingleResponse($image));
} }

2
app/Uploads/Image.php
View File

@ -49,7 +49,7 @@ class Image extends Model
* *
* @throws \Exception * @throws \Exception
*/ */
public function getThumb(int $width, int $height, bool $keepRatio = false): string public function getThumb(?int $width, ?int $height, bool $keepRatio = false): string
{ {
return app()->make(ImageService::class)->getThumbnail($this, $width, $height, $keepRatio); return app()->make(ImageService::class)->getThumbnail($this, $width, $height, $keepRatio);
} }

347
tests/Api/ImageGalleryApiTest.php Normal file
View File

@ -0,0 +1,347 @@
<?php
namespace Tests\Api;
use BookStack\Entities\Models\Page;
use BookStack\Uploads\Image;
use Tests\TestCase;
class ImageGalleryApiTest extends TestCase
{
use TestsApi;
protected string $baseEndpoint = '/api/image-gallery';
public function test_index_endpoint_returns_expected_image_and_count()
{
$this->actingAsApiAdmin();
$imagePage = $this->entities->page();
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
$resp->assertJson(['data' => [
[
'id' => $image->id,
'name' => $image->name,
'url' => $image->url,
'path' => $image->path,
'type' => 'gallery',
'uploaded_to' => $imagePage->id,
'created_by' => $this->users->admin()->id,
'updated_by' => $this->users->admin()->id,
],
]]);
$resp->assertJson(['total' => Image::query()->count()]);
}
public function test_index_endpoint_doesnt_show_images_for_those_uploaded_to_non_visible_pages()
{
$this->actingAsApiEditor();
$imagePage = $this->entities->page();
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$resp = $this->getJson($this->baseEndpoint . '?filter[id]=' . $image->id);
$resp->assertJsonCount(1, 'data');
$resp->assertJson(['total' => 1]);
$this->permissions->disableEntityInheritedPermissions($imagePage);
$resp = $this->getJson($this->baseEndpoint . '?filter[id]=' . $image->id);
$resp->assertJsonCount(0, 'data');
$resp->assertJson(['total' => 0]);
}
public function test_index_endpoint_doesnt_show_other_image_types()
{
$this->actingAsApiEditor();
$imagePage = $this->entities->page();
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$typesByCountExpectation = [
'cover_book' => 0,
'drawio' => 1,
'gallery' => 1,
'user' => 0,
'system' => 0,
];
foreach ($typesByCountExpectation as $type => $count) {
$image->type = $type;
$image->save();
$resp = $this->getJson($this->baseEndpoint . '?filter[id]=' . $image->id);
$resp->assertJsonCount($count, 'data');
$resp->assertJson(['total' => $count]);
}
}
public function test_create_endpoint()
{
$this->actingAsApiAdmin();
$imagePage = $this->entities->page();
$resp = $this->call('POST', $this->baseEndpoint, [
'type' => 'gallery',
'uploaded_to' => $imagePage->id,
'name' => 'My awesome image!',
], [], [
'image' => $this->files->uploadedImage('my-cool-image.png'),
]);
$resp->assertStatus(200);
$image = Image::query()->where('uploaded_to', '=', $imagePage->id)->first();
$expectedUser = [
'id' => $this->users->admin()->id,
'name' => $this->users->admin()->name,
'slug' => $this->users->admin()->slug,
];
$resp->assertJson([
'id' => $image->id,
'name' => 'My awesome image!',
'url' => $image->url,
'path' => $image->path,
'type' => 'gallery',
'uploaded_to' => $imagePage->id,
'created_by' => $expectedUser,
'updated_by' => $expectedUser,
]);
}
public function test_create_endpoint_requires_image_create_permissions()
{
$user = $this->users->editor();
$this->actingAsForApi($user);
$this->permissions->removeUserRolePermissions($user, ['image-create-all']);
$makeRequest = function () {
return $this->call('POST', $this->baseEndpoint, []);
};
$resp = $makeRequest();
$resp->assertStatus(403);
$this->permissions->grantUserRolePermissions($user, ['image-create-all']);
$resp = $makeRequest();
$resp->assertStatus(422);
}
public function test_create_fails_if_uploaded_to_not_visible_or_not_exists()
{
$this->actingAsApiEditor();
$makeRequest = function (int $uploadedTo) {
return $this->call('POST', $this->baseEndpoint, [
'type' => 'gallery',
'uploaded_to' => $uploadedTo,
'name' => 'My awesome image!',
], [], [
'image' => $this->files->uploadedImage('my-cool-image.png'),
]);
};
$page = $this->entities->page();
$this->permissions->disableEntityInheritedPermissions($page);
$resp = $makeRequest($page->id);
$resp->assertStatus(404);
$resp = $makeRequest(Page::query()->max('id') + 55);
$resp->assertStatus(404);
}
public function test_create_has_restricted_types()
{
$this->actingAsApiEditor();
$typesByStatusExpectation = [
'cover_book' => 422,
'drawio' => 200,
'gallery' => 200,
'user' => 422,
'system' => 422,
];
$makeRequest = function (string $type) {
return $this->call('POST', $this->baseEndpoint, [
'type' => $type,
'uploaded_to' => $this->entities->page()->id,
'name' => 'My awesome image!',
], [], [
'image' => $this->files->uploadedImage('my-cool-image.png'),
]);
};
foreach ($typesByStatusExpectation as $type => $status) {
$resp = $makeRequest($type);
$resp->assertStatus($status);
}
}
public function test_create_will_use_file_name_if_no_name_provided_in_request()
{
$this->actingAsApiEditor();
$imagePage = $this->entities->page();
$resp = $this->call('POST', $this->baseEndpoint, [
'type' => 'gallery',
'uploaded_to' => $imagePage->id,
], [], [
'image' => $this->files->uploadedImage('my-cool-image.png'),
]);
$resp->assertStatus(200);
$this->assertDatabaseHas('images', [
'type' => 'gallery',
'uploaded_to' => $imagePage->id,
'name' => 'my-cool-image.png',
]);
}
public function test_read_endpoint()
{
$this->actingAsApiAdmin();
$imagePage = $this->entities->page();
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$resp = $this->getJson($this->baseEndpoint . "/{$image->id}");
$resp->assertStatus(200);
$expectedUser = [
'id' => $this->users->admin()->id,
'name' => $this->users->admin()->name,
'slug' => $this->users->admin()->slug,
];
$displayUrl = $image->getThumb(1680, null, true);
$resp->assertJson([
'id' => $image->id,
'name' => $image->name,
'url' => $image->url,
'path' => $image->path,
'type' => 'gallery',
'uploaded_to' => $imagePage->id,
'created_by' => $expectedUser,
'updated_by' => $expectedUser,
'content' => [
'html' => "<a href=\"{$image->url}\" target=\"_blank\"><img src=\"{$displayUrl}\" alt=\"{$image->name}\"></a>",
'markdown' => "![{$image->name}]({$displayUrl})",
],
]);
$this->assertStringStartsWith('http://', $resp->json('thumbs.gallery'));
$this->assertStringStartsWith('http://', $resp->json('thumbs.display'));
}
public function test_read_endpoint_provides_different_content_for_drawings()
{
$this->actingAsApiAdmin();
$imagePage = $this->entities->page();
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$image->type = 'drawio';
$image->save();
$resp = $this->getJson($this->baseEndpoint . "/{$image->id}");
$resp->assertStatus(200);
$drawing = "<div drawio-diagram=\"{$image->id}\"><img src=\"{$image->url}\"></div>";
$resp->assertJson([
'id' => $image->id,
'content' => [
'html' => $drawing,
'markdown' => $drawing,
],
]);
}
public function test_read_endpoint_does_not_show_if_no_permissions_for_related_page()
{
$this->actingAsApiEditor();
$imagePage = $this->entities->page();
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$this->permissions->disableEntityInheritedPermissions($imagePage);
$resp = $this->getJson($this->baseEndpoint . "/{$image->id}");
$resp->assertStatus(404);
}
public function test_update_endpoint()
{
$this->actingAsApiAdmin();
$imagePage = $this->entities->page();
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$resp = $this->putJson($this->baseEndpoint . "/{$image->id}", [
'name' => 'My updated image name!',
]);
$resp->assertStatus(200);
$resp->assertJson([
'id' => $image->id,
'name' => 'My updated image name!',
]);
$this->assertDatabaseHas('images', [
'id' => $image->id,
'name' => 'My updated image name!',
]);
}
public function test_update_endpoint_requires_image_delete_permission()
{
$user = $this->users->editor();
$this->actingAsForApi($user);
$imagePage = $this->entities->page();
$this->permissions->removeUserRolePermissions($user, ['image-update-all', 'image-update-own']);
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$resp = $this->putJson($this->baseEndpoint . "/{$image->id}", ['name' => 'My new name']);
$resp->assertStatus(403);
$resp->assertJson($this->permissionErrorResponse());
$this->permissions->grantUserRolePermissions($user, ['image-update-all']);
$resp = $this->putJson($this->baseEndpoint . "/{$image->id}", ['name' => 'My new name']);
$resp->assertStatus(200);
}
public function test_delete_endpoint()
{
$this->actingAsApiAdmin();
$imagePage = $this->entities->page();
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$this->assertDatabaseHas('images', ['id' => $image->id]);
$resp = $this->deleteJson($this->baseEndpoint . "/{$image->id}");
$resp->assertStatus(204);
$this->assertDatabaseMissing('images', ['id' => $image->id]);
}
public function test_delete_endpoint_requires_image_delete_permission()
{
$user = $this->users->editor();
$this->actingAsForApi($user);
$imagePage = $this->entities->page();
$this->permissions->removeUserRolePermissions($user, ['image-delete-all', 'image-delete-own']);
$data = $this->files->uploadGalleryImageToPage($this, $imagePage);
$image = Image::findOrFail($data['response']->id);
$resp = $this->deleteJson($this->baseEndpoint . "/{$image->id}");
$resp->assertStatus(403);
$resp->assertJson($this->permissionErrorResponse());
$this->permissions->grantUserRolePermissions($user, ['image-delete-all']);
$resp = $this->deleteJson($this->baseEndpoint . "/{$image->id}");
$resp->assertStatus(204);
}
}

21
tests/Api/TestsApi.php
View File

@ -2,15 +2,28 @@
namespace Tests\Api; namespace Tests\Api;
use BookStack\Auth\User;
trait TestsApi trait TestsApi
{ {
protected $apiTokenId = 'apitoken'; protected string $apiTokenId = 'apitoken';
protected $apiTokenSecret = 'password'; protected string $apiTokenSecret = 'password';
/**
* Set the given user as the current logged-in user via the API driver.
* This does not ensure API access. The user may still lack required role permissions.
*/
protected function actingAsForApi(User $user): static
{
parent::actingAs($user, 'api');
return $this;
}
/** /**
* Set the API editor role as the current user via the API driver. * Set the API editor role as the current user via the API driver.
*/ */
protected function actingAsApiEditor() protected function actingAsApiEditor(): static
{ {
$this->actingAs($this->users->editor(), 'api'); $this->actingAs($this->users->editor(), 'api');
@ -20,7 +33,7 @@ trait TestsApi
/** /**
* Set the API admin role as the current user via the API driver. * Set the API admin role as the current user via the API driver.
*/ */
protected function actingAsApiAdmin() protected function actingAsApiAdmin(): static
{ {
$this->actingAs($this->users->admin(), 'api'); $this->actingAs($this->users->admin(), 'api');