colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added permission visiblity control to image-delete button 

Includes test to cover.
For #3697
This commit is contained in:
Dan Brown 2022-09-05 15:52:12 +01:00
parent b698bb0e07
commit fbef0d06f2
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
3 changed files with 32 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Http/Controllers/Images/ImageController.php
View File

@ -14,12 +14,9 @@ use Illuminate\Validation\ValidationException;
class ImageController extends Controller class ImageController extends Controller
{ {
protected $imageRepo; protected ImageRepo $imageRepo;
protected $imageService; protected ImageService $imageService;
/**
* ImageController constructor.
*/
public function __construct(ImageRepo $imageRepo, ImageService $imageService) public function __construct(ImageRepo $imageRepo, ImageService $imageService)
{ {
$this->imageRepo = $imageRepo; $this->imageRepo = $imageRepo;

2
resources/views/pages/parts/image-manager-form.blade.php
View File

@ -20,10 +20,12 @@
</div> </div>
<div class="grid half"> <div class="grid half">
<div> <div>
@if(userCan('image-delete', $image))
<button type="button" <button type="button"
id="image-manager-delete" id="image-manager-delete"
title="{{ trans('common.delete') }}" title="{{ trans('common.delete') }}"
class="button icon outline">@icon('delete')</button> class="button icon outline">@icon('delete')</button>
@endif
</div> </div>
<div class="text-right"> <div class="text-right">
<button type="submit" <button type="submit"

26
tests/Uploads/ImageTest.php
View File

@ -457,6 +457,32 @@ class ImageTest extends TestCase
$this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected'); $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected');
} }
public function test_image_manager_delete_button_only_shows_with_permission()
{
$page = Page::query()->first();
$this->asAdmin();
$imageName = 'first-image.png';
$relPath = $this->getTestImagePath('gallery', $imageName);
$this->deleteImage($relPath);
$viewer = $this->getViewer();
$this->uploadImage($imageName, $page->id);
$image = Image::first();
$resp = $this->get("/images/edit/{$image->id}");
$this->withHtml($resp)->assertElementExists('button#image-manager-delete[title="Delete"]');
$resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}");
$this->withHtml($resp)->assertElementNotExists('button#image-manager-delete[title="Delete"]');
$this->giveUserPermissions($viewer, ['image-delete-all']);
$resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}");
$this->withHtml($resp)->assertElementExists('button#image-manager-delete[title="Delete"]');
$this->deleteImage($relPath);
}
protected function getTestProfileImage() protected function getTestProfileImage()
{ {
$imageName = 'profile.png'; $imageName = 'profile.png';