diff --git a/app/Entity.php b/app/Entity.php index 3d1c4ad58..705444959 100644 --- a/app/Entity.php +++ b/app/Entity.php @@ -31,11 +31,7 @@ abstract class Entity extends Model if ($matches) return true; - if ($entity->isA('chapter') && $this->isA('book')) { - return $entity->book_id === $this->id; - } - - if ($entity->isA('page') && $this->isA('book')) { + if (($entity->isA('chapter') || $entity->isA('page')) && $this->isA('book')) { return $entity->book_id === $this->id; } @@ -64,15 +60,6 @@ abstract class Entity extends Model return $this->morphMany('BookStack\View', 'viewable'); } - /** - * Get just the views for the current user. - * @return mixed - */ - public function userViews() - { - return $this->views()->where('user_id', '=', auth()->user()->id); - } - /** * Allows checking of the exact class, Used to check entity type. * Cleaner method for is_a. diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index 5dc79eb02..ca022f7ca 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -42,6 +42,15 @@ abstract class Controller extends BaseController $this->signedIn = auth()->check(); } + /** + * Stops the application and shows a permission error if + * the application is in demo mode. + */ + protected function preventAccessForDemoUsers() + { + if (env('APP_ENV', 'production') === 'demo') $this->showPermissionError(); + } + /** * Adds the page title into the view. * @param $title @@ -51,6 +60,18 @@ abstract class Controller extends BaseController view()->share('pageTitle', $title); } + /** + * On a permission error redirect to home and display + * the error as a notification. + */ + protected function showPermissionError() + { + Session::flash('error', trans('errors.permission')); + throw new HttpResponseException( + redirect('/') + ); + } + /** * Checks for a permission. * @@ -60,15 +81,18 @@ abstract class Controller extends BaseController protected function checkPermission($permissionName) { if (!$this->currentUser || !$this->currentUser->can($permissionName)) { - Session::flash('error', trans('errors.permission')); - throw new HttpResponseException( - redirect('/') - ); + $this->showPermissionError(); } return true; } + /** + * Check if a user has a permission or bypass if the callback is true. + * @param $permissionName + * @param $callback + * @return bool + */ protected function checkPermissionOr($permissionName, $callback) { $callbackResult = $callback(); diff --git a/app/Http/Controllers/SearchController.php b/app/Http/Controllers/SearchController.php index c9ca1f09f..035de9fe6 100644 --- a/app/Http/Controllers/SearchController.php +++ b/app/Http/Controllers/SearchController.php @@ -62,9 +62,9 @@ class SearchController extends Controller return redirect()->back(); } $searchTerm = $request->get('term'); - $whereTerm = [['book_id', '=', $bookId]]; - $pages = $this->pageRepo->getBySearch($searchTerm, $whereTerm); - $chapters = $this->chapterRepo->getBySearch($searchTerm, $whereTerm); + $searchWhereTerms = [['book_id', '=', $bookId]]; + $pages = $this->pageRepo->getBySearch($searchTerm, $searchWhereTerms); + $chapters = $this->chapterRepo->getBySearch($searchTerm, $searchWhereTerms); return view('search/book', ['pages' => $pages, 'chapters' => $chapters, 'searchTerm' => $searchTerm]); } diff --git a/app/Http/Controllers/SettingController.php b/app/Http/Controllers/SettingController.php index bca48807f..1739e0b53 100644 --- a/app/Http/Controllers/SettingController.php +++ b/app/Http/Controllers/SettingController.php @@ -31,13 +31,16 @@ class SettingController extends Controller */ public function update(Request $request) { + $this->preventAccessForDemoUsers(); $this->checkPermission('settings-update'); + // Cycles through posted settings and update them foreach($request->all() as $name => $value) { if(strpos($name, 'setting-') !== 0) continue; $key = str_replace('setting-', '', trim($name)); Setting::put($key, $value); } + session()->flash('success', 'Settings Saved'); return redirect('/settings'); } diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 3f41b2d0e..b81be16f6 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -108,15 +108,19 @@ class UserController extends Controller */ public function update(Request $request, $id) { + $this->preventAccessForDemoUsers(); $this->checkPermissionOr('user-update', function () use ($id) { return $this->currentUser->id == $id; }); + $this->validate($request, [ 'name' => 'required', 'email' => 'required|email|unique:users,email,' . $id, - 'password' => 'min:5', - 'password-confirm' => 'same:password', + 'password' => 'min:5|required_with:password_confirm', + 'password-confirm' => 'same:password|required_with:password', 'role' => 'exists:roles,id' + ], [ + 'password-confirm.required_with' => 'Password confirmation required' ]); $user = $this->user->findOrFail($id); @@ -130,6 +134,7 @@ class UserController extends Controller $password = $request->get('password'); $user->password = bcrypt($password); } + $user->save(); return redirect('/users'); } @@ -144,6 +149,7 @@ class UserController extends Controller $this->checkPermissionOr('user-delete', function () use ($id) { return $this->currentUser->id == $id; }); + $user = $this->user->findOrFail($id); $this->setPageTitle('Delete User ' . $user->name); return view('users/delete', ['user' => $user]); @@ -156,6 +162,7 @@ class UserController extends Controller */ public function destroy($id) { + $this->preventAccessForDemoUsers(); $this->checkPermissionOr('user-delete', function () use ($id) { return $this->currentUser->id == $id; }); diff --git a/app/Role.php b/app/Role.php index 3e58164c5..c698a1cf6 100644 --- a/app/Role.php +++ b/app/Role.php @@ -43,6 +43,16 @@ class Role extends Model */ public static function getDefault() { - return static::where('name', '=', static::$default)->first(); + return static::getRole(static::$default); + } + + /** + * Get the role object for the specified role. + * @param $roleName + * @return mixed + */ + public static function getRole($roleName) + { + return static::where('name', '=', $roleName)->first(); } } diff --git a/app/Services/ActivityService.php b/app/Services/ActivityService.php index 4da928fad..2ef5f9cfe 100644 --- a/app/Services/ActivityService.php +++ b/app/Services/ActivityService.php @@ -107,7 +107,7 @@ class ActivityService } /** - * Filters out similar acitivity. + * Filters out similar activity. * @param Activity[] $activity * @return array */ diff --git a/database/seeds/DummyContentSeeder.php b/database/seeds/DummyContentSeeder.php index d2ccc7960..aa70eaa0a 100644 --- a/database/seeds/DummyContentSeeder.php +++ b/database/seeds/DummyContentSeeder.php @@ -12,7 +12,7 @@ class DummyContentSeeder extends Seeder public function run() { $user = factory(BookStack\User::class, 1)->create(); - $role = \BookStack\Role::where('name', '=', 'admin')->first(); + $role = \BookStack\Role::getDefault(); $user->attachRole($role); diff --git a/phpunit.xml b/phpunit.xml index d86aacd00..1704159e2 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -26,6 +26,6 @@ - + diff --git a/public/build/.gitignore b/public/build/.gitignore new file mode 100644 index 000000000..d6b7ef32c --- /dev/null +++ b/public/build/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/readme.md b/readme.md index 2d4c84b3b..b1570a1f4 100644 --- a/readme.md +++ b/readme.md @@ -82,7 +82,7 @@ BookStack is provided under the MIT License. These are the great projects used to help build BookStack: * [Laravel](http://laravel.com/) -* [VueJS](http://vuejs.org/) +* [AngularJS](https://angularjs.org/) * [jQuery](https://jquery.com/) * [TinyMCE](https://www.tinymce.com/) * [highlight.js](https://highlightjs.org/) diff --git a/resources/assets/js/controllers.js b/resources/assets/js/controllers.js index 5cf71579a..5d8990754 100644 --- a/resources/assets/js/controllers.js +++ b/resources/assets/js/controllers.js @@ -127,7 +127,7 @@ module.exports = function (ngApp) { }]); - ngApp.controller('BookShowController', ['$scope', '$http', '$attrs', function ($scope, $http, $attrs) { + ngApp.controller('BookShowController', ['$scope', '$http', '$attrs', '$sce', function ($scope, $http, $attrs, $sce) { $scope.searching = false; $scope.searchTerm = ''; $scope.searchResults = ''; @@ -141,7 +141,7 @@ module.exports = function (ngApp) { var searchUrl = '/search/book/' + $attrs.bookId; searchUrl += '?term=' + encodeURIComponent(term); $http.get(searchUrl).then((response) => { - $scope.searchResults = response.data; + $scope.searchResults = $sce.trustAsHtml(response.data); }); }; diff --git a/resources/views/base.blade.php b/resources/views/base.blade.php index 25559bd40..a2979f858 100644 --- a/resources/views/base.blade.php +++ b/resources/views/base.blade.php @@ -43,14 +43,14 @@
Books - @if($currentUser->can('settings-update')) + @if(isset($currentUser) && $currentUser->can('settings-update')) Settings @endif - @if(!$signedIn) + @if(!isset($signedIn) || !$signedIn) Sign In @endif
- @if($signedIn) + @if(isset($signedIn) && $signedIn)
{{ $currentUser->name }} diff --git a/resources/views/errors/404.blade.php b/resources/views/errors/404.blade.php index 0062bb258..191cf758f 100644 --- a/resources/views/errors/404.blade.php +++ b/resources/views/errors/404.blade.php @@ -4,8 +4,9 @@
-

Page Not Found

-

The page you were looking for could not be found.

+

Page Not Found

+

Sorry, The page you were looking for could not be found.

+ Return To Home
@stop \ No newline at end of file diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index ca575731e..e7100bdb1 100644 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -9,7 +9,7 @@
- Delete user + Delete User
diff --git a/tests/AuthTest.php b/tests/AuthTest.php index befa0214d..3faae6506 100644 --- a/tests/AuthTest.php +++ b/tests/AuthTest.php @@ -102,10 +102,10 @@ class AuthTest extends TestCase ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => true]); } - public function testUserControl() + public function testUserCreation() { $user = factory(\BookStack\User::class)->make(); - // Test creation + $this->asAdmin() ->visit('/users') ->click('Add new user') @@ -118,9 +118,12 @@ class AuthTest extends TestCase ->seeInDatabase('users', $user->toArray()) ->seePageIs('/users') ->see($user->name); - $user = $user->where('email', '=', $user->email)->first(); + } - // Test editing + public function testUserUpdating() + { + $user = \BookStack\User::all()->last(); + $password = $user->password; $this->asAdmin() ->visit('/users') ->click($user->name) @@ -129,20 +132,58 @@ class AuthTest extends TestCase ->type('Barry Scott', '#name') ->press('Save') ->seePageIs('/users') - ->seeInDatabase('users', ['id' => $user->id, 'name' => 'Barry Scott']) + ->seeInDatabase('users', ['id' => $user->id, 'name' => 'Barry Scott', 'password' => $password]) ->notSeeInDatabase('users', ['name' => $user->name]); - $user = $user->find($user->id); + } + + public function testUserPasswordUpdate() + { + $user = \BookStack\User::all()->last(); + $userProfilePage = '/users/' . $user->id; + $this->asAdmin() + ->visit($userProfilePage) + ->type('newpassword', '#password') + ->press('Save') + ->seePageIs($userProfilePage) + ->see('Password confirmation required') + + ->type('newpassword', '#password') + ->type('newpassword', '#password-confirm') + ->press('Save') + ->seePageIs('/users'); + + $userPassword = \BookStack\User::find($user->id)->password; + $this->assertTrue(Hash::check('newpassword', $userPassword)); + } + + public function testUserDeletion() + { + $userDetails = factory(\BookStack\User::class)->make(); + $user = $this->getNewUser($userDetails->toArray()); - // Test Deletion $this->asAdmin() ->visit('/users/' . $user->id) - ->click('Delete user') + ->click('Delete User') ->see($user->name) ->press('Confirm') ->seePageIs('/users') ->notSeeInDatabase('users', ['name' => $user->name]); } + public function testUserCannotBeDeletedIfLastAdmin() + { + $adminRole = \BookStack\Role::getRole('admin'); + // Ensure we currently only have 1 admin user + $this->assertEquals(1, $adminRole->users()->count()); + $user = $adminRole->users->first(); + + $this->asAdmin()->visit('/users/' . $user->id) + ->click('Delete User') + ->press('Confirm') + ->seePageIs('/users/' . $user->id) + ->see('You cannot delete the only admin'); + } + public function testLogout() { $this->asAdmin() diff --git a/tests/EntityTest.php b/tests/EntityTest.php index b883e8543..1eda7c73c 100644 --- a/tests/EntityTest.php +++ b/tests/EntityTest.php @@ -180,6 +180,37 @@ class EntityTest extends TestCase ->seeStatusCode(200); } + public function testEmptySearchRedirectsBack() + { + $this->asAdmin() + ->visit('/') + ->visit('/search/all') + ->seePageIs('/'); + } + + public function testBookSearch() + { + $book = \BookStack\Book::all()->first(); + $page = $book->pages->last(); + $chapter = $book->chapters->last(); + + $this->asAdmin() + ->visit('/search/book/' . $book->id . '?term=' . urlencode($page->name)) + ->see($page->name) + + ->visit('/search/book/' . $book->id . '?term=' . urlencode($chapter->name)) + ->see($chapter->name); + } + + public function testEmptyBookSearchRedirectsBack() + { + $book = \BookStack\Book::all()->first(); + $this->asAdmin() + ->visit('/books') + ->visit('/search/book/' . $book->id . '?term=') + ->seePageIs('/books'); + } + public function testEntitiesViewableAfterCreatorDeletion() {