Prevent empty-state actions visible without permission.

Fixes #411

tests/BrowserKitTest.php

@@ -1,5 +1,6 @@
 <?php namespace Tests;
 
+use BookStack\Entity;
 use BookStack\Role;
 use BookStack\Services\PermissionService;
 use Illuminate\Contracts\Console\Kernel;
@@ -117,6 +118,16 @@ abstract class BrowserKitTest extends TestCase
         ];
     }
 
+    /**
+     * Helper for updating entity permissions.
+     * @param Entity $entity
+     */
+    protected function updateEntityPermissions(Entity $entity)
+    {
+        $restrictionService = $this->app[PermissionService::class];
+        $restrictionService->buildJointPermissionsForEntity($entity);
+    }
+
     /**
      * Quick way to create a new user
      * @param array $attributes

tests/Permissions/RolesTest.php

@@ -639,4 +639,22 @@ class RolesTest extends BrowserKitTest
         $this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(404);
     }
 
+    public function test_empty_state_actions_not_visible_without_permission()
+    {
+        $admin = $this->getAdmin();
+        // Book links
+        $book = factory(\BookStack\Book::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id]);
+        $this->updateEntityPermissions($book);
+        $this->actingAs($this->getViewer())->visit($book->getUrl())
+            ->dontSee('Create a new page')
+            ->dontSee('Add a chapter');
+
+        // Chapter links
+        $chapter = factory(\BookStack\Chapter::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id, 'book_id' => $book->id]);
+        $this->updateEntityPermissions($chapter);
+        $this->actingAs($this->getViewer())->visit($chapter->getUrl())
+            ->dontSee('Create a new page')
+            ->dontSee('Sort the current book');
+    }
+
 }