webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-31 15:24:31 +03:00
Code Activity

Removed browserkit testing from project

Browse Source 
Converted last bits of the roles tests and removed dependancies.
Updated other PHP dependancies at the same time.
This commit is contained in:
Dan Brown
2021-09-18 21:15:39 +01:00
parent d74255df5d
commit 6454e24657
4 changed files with 423 additions and 600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

490
tests/Permissions/RolesTest.php
View File

@ -2,12 +2,14 @@
namespace Tests\Permissions;
use BookStack\Actions\ActivityType;
use BookStack\Actions\Comment;
use BookStack\Auth\Role;
use BookStack\Auth\User;
use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Bookshelf;
use BookStack\Entities\Models\Chapter;
use BookStack\Entities\Models\Entity;
use BookStack\Entities\Models\Page;
use BookStack\Uploads\Image;
use Tests\TestCase;
@ -56,70 +58,104 @@ class RolesTest extends TestCase
$testRoleUpdateName = 'An Super Updated role';
// Creation
$this->asAdmin()->get('/settings')
->click('Roles')
->seePageIs('/settings/roles')
->click('Create New Role')
->type('Test Role', 'display_name')
->type('A little test description', 'description')
->press('Save Role')
->assertDatabaseHas('roles', ['display_name' => $testRoleName, 'description' => $testRoleDesc, 'mfa_enforced' => false])
->seePageIs('/settings/roles');
$resp = $this->asAdmin()->get('/settings');
$resp->assertElementContains('a[href="' . url('/settings/roles') . '"]', 'Roles');
$resp = $this->get('/settings/roles');
$resp->assertElementContains('a[href="' . url('/settings/roles/new') . '"]', 'Create New Role');
$resp = $this->get('/settings/roles/new');
$resp->assertElementContains('form[action="' . url('/settings/roles/new') . '"]', 'Save Role');
$resp = $this->post('/settings/roles/new', [
'display_name' => $testRoleName,
'description' => $testRoleDesc,
]);
$resp->assertRedirect('/settings/roles');
$resp = $this->get('/settings/roles');
$resp->assertSee($testRoleName);
$resp->assertSee($testRoleDesc);
$this->assertDatabaseHas('roles', [
'display_name' => $testRoleName,
'description' => $testRoleDesc,
'mfa_enforced' => false,
]);
/** @var Role $role */
$role = Role::query()->where('display_name', '=', $testRoleName)->first();
// Updating
$this->asAdmin()->get('/settings/roles')
->assertSee($testRoleDesc)
->click($testRoleName)
->type($testRoleUpdateName, '#display_name')
->check('#mfa_enforced')
->press('Save Role')
->assertDatabaseHas('roles', ['display_name' => $testRoleUpdateName, 'description' => $testRoleDesc, 'mfa_enforced' => true])
->seePageIs('/settings/roles');
$resp = $this->get('/settings/roles/' . $role->id);
$resp->assertSee($testRoleName);
$resp->assertSee($testRoleDesc);
$resp->assertElementContains('form[action="' . url('/settings/roles/' . $role->id) . '"]', 'Save Role');
$resp = $this->put('/settings/roles/' . $role->id, [
'display_name' => $testRoleUpdateName,
'description' => $testRoleDesc,
'mfa_enforced' => 'true',
]);
$resp->assertRedirect('/settings/roles');
$this->assertDatabaseHas('roles', [
'display_name' => $testRoleUpdateName,
'description' => $testRoleDesc,
'mfa_enforced' => true,
]);
// Deleting
$this->asAdmin()->get('/settings/roles')
->click($testRoleUpdateName)
->click('Delete Role')
->assertSee($testRoleUpdateName)
->press('Confirm')
->seePageIs('/settings/roles')
->assertDontSee($testRoleUpdateName);
$resp = $this->get('/settings/roles/' . $role->id);
$resp->assertElementContains('a[href="' . url("/settings/roles/delete/$role->id") . '"]', 'Delete Role');
$resp = $this->get("/settings/roles/delete/$role->id");
$resp->assertSee($testRoleUpdateName);
$resp->assertElementContains('form[action="' . url("/settings/roles/delete/$role->id") . '"]', 'Confirm');
$resp = $this->delete("/settings/roles/delete/$role->id");
$resp->assertRedirect('/settings/roles');
$this->get('/settings/roles')->assertSee('Role successfully deleted');
$this->assertActivityExists(ActivityType::ROLE_DELETE);
}
public function test_admin_role_cannot_be_removed_if_user_last_admin()
{
$adminRole = Role::where('system_name', '=', 'admin')->first();
/** @var Role $adminRole */
$adminRole = Role::query()->where('system_name', '=', 'admin')->first();
$adminUser = $this->getAdmin();
$adminRole->users()->where('id', '!=', $adminUser->id)->delete();
$this->assertEquals($adminRole->users()->count(), 1);
$this->assertEquals(1, $adminRole->users()->count());
$viewerRole = $this->getViewer()->roles()->first();
$editUrl = '/settings/users/' . $adminUser->id;
$this->actingAs($adminUser)->put($editUrl, [
$resp = $this->actingAs($adminUser)->put($editUrl, [
'name' => $adminUser->name,
'email' => $adminUser->email,
'roles' => [
'viewer' => strval($viewerRole->id),
],
])->followRedirects();
]);
$this->seePageIs($editUrl);
$this->assertSee('This user is the only user assigned to the administrator role');
$resp->assertRedirect($editUrl);
$resp = $this->get($editUrl);
$resp->assertSee('This user is the only user assigned to the administrator role');
}
public function test_migrate_users_on_delete_works()
{
/** @var Role $roleA */
$roleA = Role::query()->create(['display_name' => 'Delete Test A']);
/** @var Role $roleB */
$roleB = Role::query()->create(['display_name' => 'Delete Test B']);
$this->user->attachRole($roleB);
$this->assertCount(0, $roleA->users()->get());
$this->assertCount(1, $roleB->users()->get());
$deletePage = $this->asAdmin()->get("/settings/roles/delete/{$roleB->id}");
$deletePage = $this->asAdmin()->get("/settings/roles/delete/$roleB->id");
$deletePage->assertElementExists('select[name=migrate_role_id]');
$this->asAdmin()->delete("/settings/roles/delete/{$roleB->id}", [
$this->asAdmin()->delete("/settings/roles/delete/$roleB->id", [
'migrate_role_id' => $roleA->id,
]);
@ -129,11 +165,9 @@ class RolesTest extends TestCase
public function test_manage_user_permission()
{
$this->actingAs($this->user)->get('/settings/users')
->seePageIs('/');
$this->actingAs($this->user)->get('/settings/users')->assertRedirect('/');
$this->giveUserPermissions($this->user, ['users-manage']);
$this->actingAs($this->user)->get('/settings/users')
->seePageIs('/settings/users');
$this->actingAs($this->user)->get('/settings/users')->assertOk();
}
public function test_manage_users_permission_shows_link_in_header_if_does_not_have_settings_manage_permision()
@ -185,35 +219,41 @@ class RolesTest extends TestCase
public function test_user_roles_manage_permission()
{
$this->actingAs($this->user)->get('/settings/roles')
->seePageIs('/')->get('/settings/roles/1')->seePageIs('/');
$this->actingAs($this->user)->get('/settings/roles')->assertRedirect('/');
$this->get('/settings/roles/1')->assertRedirect('/');
$this->giveUserPermissions($this->user, ['user-roles-manage']);
$this->actingAs($this->user)->get('/settings/roles')
->seePageIs('/settings/roles')->click('Admin')
->assertSee('Edit Role');
$this->actingAs($this->user)->get('/settings/roles')->assertOk();
$this->get('/settings/roles/1')
->assertOk()
->assertSee('Admin');
}
public function test_settings_manage_permission()
{
$this->actingAs($this->user)->get('/settings')
->seePageIs('/');
$this->actingAs($this->user)->get('/settings')->assertRedirect('/');
$this->giveUserPermissions($this->user, ['settings-manage']);
$this->actingAs($this->user)->get('/settings')
->seePageIs('/settings')->press('Save Settings')->assertSee('Settings Saved');
$this->get('/settings')->assertOk();
$resp = $this->post('/settings', []);
$resp->assertRedirect('/settings');
$resp = $this->get('/settings');
$resp->assertSee('Settings saved');
}
public function test_restrictions_manage_all_permission()
{
$page = Page::take(1)->get()->first();
$this->actingAs($this->user)->get($page->getUrl())
->assertDontSee('Permissions')
->get($page->getUrl() . '/permissions')
->seePageIs('/');
$page = Page::query()->get()->first();
$this->actingAs($this->user)->get($page->getUrl())->assertDontSee('Permissions');
$this->get($page->getUrl('/permissions'))->assertRedirect('/');
$this->giveUserPermissions($this->user, ['restrictions-manage-all']);
$this->actingAs($this->user)->get($page->getUrl())
->assertSee('Permissions')
->click('Permissions')
->assertSee('Page Permissions')->seePageIs($page->getUrl() . '/permissions');
$this->actingAs($this->user)->get($page->getUrl())->assertSee('Permissions');
$this->get($page->getUrl('/permissions'))
->assertOk()
->assertSee('Page Permissions');
}
public function test_restrictions_manage_own_permission()
@ -230,43 +270,33 @@ class RolesTest extends TestCase
$page->save();
// Check can't restrict other's content
$this->actingAs($this->user)->get($otherUsersPage->getUrl())
->assertDontSee('Permissions')
->get($otherUsersPage->getUrl() . '/permissions')
->seePageIs('/');
$this->actingAs($this->user)->get($otherUsersPage->getUrl())->assertDontSee('Permissions');
$this->get($otherUsersPage->getUrl('/permissions'))->assertRedirect('/');
// Check can't restrict own content
$this->actingAs($this->user)->get($page->getUrl())
->assertDontSee('Permissions')
->get($page->getUrl() . '/permissions')
->seePageIs('/');
$this->actingAs($this->user)->get($page->getUrl())->assertDontSee('Permissions');
$this->get($page->getUrl('/permissions'))->assertRedirect('/');
$this->giveUserPermissions($this->user, ['restrictions-manage-own']);
// Check can't restrict other's content
$this->actingAs($this->user)->get($otherUsersPage->getUrl())
->assertDontSee('Permissions')
->get($otherUsersPage->getUrl() . '/permissions')
->seePageIs('/');
$this->actingAs($this->user)->get($otherUsersPage->getUrl())->assertDontSee('Permissions');
$this->get($otherUsersPage->getUrl('/permissions'))->assertRedirect();
// Check can restrict own content
$this->actingAs($this->user)->get($page->getUrl())
->assertSee('Permissions')
->click('Permissions')
->seePageIs($page->getUrl() . '/permissions');
$this->actingAs($this->user)->get($page->getUrl())->assertSee('Permissions');
$this->get($page->getUrl('/permissions'))->assertOk();
}
/**
* Check a standard entity access permission.
*
* @param string $permission
* @param array $accessUrls Urls that are only accessible after having the permission
* @param array $visibles Check this text, In the buttons toolbar, is only visible with the permission
*/
private function checkAccessPermission($permission, $accessUrls = [], $visibles = [])
private function checkAccessPermission(string $permission, array $accessUrls = [], array $visibles = [])
{
foreach ($accessUrls as $url) {
$this->actingAs($this->user)->get($url)
->seePageIs('/');
$this->actingAs($this->user)->get($url)->assertRedirect('/');
}
foreach ($visibles as $url => $text) {
$this->actingAs($this->user)->get($url)
->assertElementNotContains('.action-buttons', $text);
@ -275,12 +305,10 @@ class RolesTest extends TestCase
$this->giveUserPermissions($this->user, [$permission]);
foreach ($accessUrls as $url) {
$this->actingAs($this->user)->get($url)
->seePageIs($url);
$this->actingAs($this->user)->get($url)->assertOk();
}
foreach ($visibles as $url => $text) {
$this->actingAs($this->user)->get($url)
->assertSee($text);
$this->actingAs($this->user)->get($url)->assertSee($text);
}
}
@ -292,11 +320,10 @@ class RolesTest extends TestCase
'/shelves' => 'New Shelf',
]);
$this->get('/create-shelf')
->type('test shelf', 'name')
->type('shelf desc', 'description')
->press('Save Shelf')
->seePageIs('/shelves/test-shelf');
$this->post('/shelves', [
'name' => 'test shelf',
'description' => 'shelf desc',
])->assertRedirect('/shelves/test-shelf');
}
public function test_bookshelves_edit_own_permission()
@ -313,10 +340,8 @@ class RolesTest extends TestCase
$ownShelf->getUrl() => 'Edit',
]);
$this->get($otherShelf->getUrl())
->assertElementNotContains('.action-buttons', 'Edit')
->get($otherShelf->getUrl('/edit'))
->seePageIs('/');
$this->get($otherShelf->getUrl())->assertElementNotContains('.action-buttons', 'Edit');
$this->get($otherShelf->getUrl('/edit'))->assertRedirect('/');
}
public function test_bookshelves_edit_all_permission()
@ -345,14 +370,12 @@ class RolesTest extends TestCase
$ownShelf->getUrl() => 'Delete',
]);
$this->get($otherShelf->getUrl())
->assertElementNotContains('.action-buttons', 'Delete')
->get($otherShelf->getUrl('/delete'))
->seePageIs('/');
$this->get($ownShelf->getUrl())->get($ownShelf->getUrl('/delete'))
->press('Confirm')
->seePageIs('/shelves')
->assertDontSee($ownShelf->name);
$this->get($otherShelf->getUrl())->assertElementNotContains('.action-buttons', 'Delete');
$this->get($otherShelf->getUrl('/delete'))->assertRedirect('/');
$this->get($ownShelf->getUrl());
$this->delete($ownShelf->getUrl())->assertRedirect('/shelves');
$this->get('/shelves')->assertDontSee($ownShelf->name);
}
public function test_bookshelves_delete_all_permission()
@ -366,10 +389,8 @@ class RolesTest extends TestCase
$otherShelf->getUrl() => 'Delete',
]);
$this->get($otherShelf->getUrl())->get($otherShelf->getUrl('/delete'))
->press('Confirm')
->seePageIs('/shelves')
->assertDontSee($otherShelf->name);
$this->delete($otherShelf->getUrl())->assertRedirect('/shelves');
$this->get('/shelves')->assertDontSee($otherShelf->name);
}
public function test_books_create_all_permissions()
@ -380,11 +401,10 @@ class RolesTest extends TestCase
'/books' => 'Create New Book',
]);
$this->get('/create-book')
->type('test book', 'name')
->type('book desc', 'description')
->press('Save Book')
->seePageIs('/books/test-book');
$this->post('/books', [
'name' => 'test book',
'description' => 'book desc',
])->assertRedirect('/books/test-book');
}
public function test_books_edit_own_permission()
@ -398,10 +418,8 @@ class RolesTest extends TestCase
$ownBook->getUrl() => 'Edit',
]);
$this->get($otherBook->getUrl())
->assertElementNotContains('.action-buttons', 'Edit')
->get($otherBook->getUrl() . '/edit')
->seePageIs('/');
$this->get($otherBook->getUrl())->assertElementNotContains('.action-buttons', 'Edit');
$this->get($otherBook->getUrl('/edit'))->assertRedirect('/');
}
public function test_books_edit_all_permission()
@ -427,14 +445,11 @@ class RolesTest extends TestCase
$ownBook->getUrl() => 'Delete',
]);
$this->get($otherBook->getUrl())
->assertElementNotContains('.action-buttons', 'Delete')
->get($otherBook->getUrl() . '/delete')
->seePageIs('/');
$this->get($ownBook->getUrl())->get($ownBook->getUrl() . '/delete')
->press('Confirm')
->seePageIs('/books')
->assertDontSee($ownBook->name);
$this->get($otherBook->getUrl())->assertElementNotContains('.action-buttons', 'Delete');
$this->get($otherBook->getUrl('/delete'))->assertRedirect('/');
$this->get($ownBook->getUrl());
$this->delete($ownBook->getUrl())->assertRedirect('/books');
$this->get('/books')->assertDontSee($ownBook->name);
}
public function test_books_delete_all_permission()
@ -448,10 +463,9 @@ class RolesTest extends TestCase
$otherBook->getUrl() => 'Delete',
]);
$this->get($otherBook->getUrl())->get($otherBook->getUrl() . '/delete')
->press('Confirm')
->seePageIs('/books')
->assertDontSee($otherBook->name);
$this->get($otherBook->getUrl());
$this->delete($otherBook->getUrl())->assertRedirect('/books');
$this->get('/books')->assertDontSee($otherBook->name);
}
public function test_chapter_create_own_permissions()
@ -465,37 +479,35 @@ class RolesTest extends TestCase
$ownBook->getUrl() => 'New Chapter',
]);
$this->get($ownBook->getUrl('/create-chapter'))
->type('test chapter', 'name')
->type('chapter desc', 'description')
->press('Save Chapter')
->seePageIs($ownBook->getUrl('/chapter/test-chapter'));
$this->post($ownBook->getUrl('/create-chapter'), [
'name' => 'test chapter',
'description' => 'chapter desc',
])->assertRedirect($ownBook->getUrl('/chapter/test-chapter'));
$this->get($book->getUrl())
->assertElementNotContains('.action-buttons', 'New Chapter')
->get($book->getUrl('/create-chapter'))
->seePageIs('/');
$this->get($book->getUrl())->assertElementNotContains('.action-buttons', 'New Chapter');
$this->get($book->getUrl('/create-chapter'))->assertRedirect('/');
}
public function test_chapter_create_all_permissions()
{
$book = Book::take(1)->get()->first();
/** @var Book $book */
$book = Book::query()->first();
$this->checkAccessPermission('chapter-create-all', [
$book->getUrl('/create-chapter'),
], [
$book->getUrl() => 'New Chapter',
]);
$this->get($book->getUrl('/create-chapter'))
->type('test chapter', 'name')
->type('chapter desc', 'description')
->press('Save Chapter')
->seePageIs($book->getUrl('/chapter/test-chapter'));
$this->post($book->getUrl('/create-chapter'), [
'name' => 'test chapter',
'description' => 'chapter desc',
])->assertRedirect($book->getUrl('/chapter/test-chapter'));
}
public function test_chapter_edit_own_permission()
{
$otherChapter = Chapter::take(1)->get()->first();
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->first();
$ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter'];
$this->checkAccessPermission('chapter-update-own', [
$ownChapter->getUrl() . '/edit',
@ -503,10 +515,8 @@ class RolesTest extends TestCase
$ownChapter->getUrl() => 'Edit',
]);
$this->get($otherChapter->getUrl())
->assertElementNotContains('.action-buttons', 'Edit')
->get($otherChapter->getUrl() . '/edit')
->seePageIs('/');
$this->get($otherChapter->getUrl())->assertElementNotContains('.action-buttons', 'Edit');
$this->get($otherChapter->getUrl('/edit'))->assertRedirect('/');
}
public function test_chapter_edit_all_permission()
@ -524,7 +534,7 @@ class RolesTest extends TestCase
{
$this->giveUserPermissions($this->user, ['chapter-update-all']);
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->take(1)->get()->first();
$otherChapter = Chapter::query()->first();
$ownChapter = $this->createEntityChainBelongingToUser($this->user)['chapter'];
$this->checkAccessPermission('chapter-delete-own', [
$ownChapter->getUrl() . '/delete',
@ -533,20 +543,18 @@ class RolesTest extends TestCase
]);
$bookUrl = $ownChapter->book->getUrl();
$this->get($otherChapter->getUrl())
->assertElementNotContains('.action-buttons', 'Delete')
->get($otherChapter->getUrl() . '/delete')
->seePageIs('/');
$this->get($ownChapter->getUrl())->get($ownChapter->getUrl() . '/delete')
->press('Confirm')
->seePageIs($bookUrl)
->assertElementNotContains('.book-content', $ownChapter->name);
$this->get($otherChapter->getUrl())->assertElementNotContains('.action-buttons', 'Delete');
$this->get($otherChapter->getUrl('/delete'))->assertRedirect('/');
$this->get($ownChapter->getUrl());
$this->delete($ownChapter->getUrl())->assertRedirect($bookUrl);
$this->get($bookUrl)->assertElementNotContains('.book-content', $ownChapter->name);
}
public function test_chapter_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['chapter-update-all']);
$otherChapter = Chapter::take(1)->get()->first();
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->first();
$this->checkAccessPermission('chapter-delete-all', [
$otherChapter->getUrl() . '/delete',
], [
@ -554,10 +562,9 @@ class RolesTest extends TestCase
]);
$bookUrl = $otherChapter->book->getUrl();
$this->get($otherChapter->getUrl())->get($otherChapter->getUrl() . '/delete')
->press('Confirm')
->seePageIs($bookUrl)
->assertElementNotContains('.book-content', $otherChapter->name);
$this->get($otherChapter->getUrl());
$this->delete($otherChapter->getUrl())->assertRedirect($bookUrl);
$this->get($bookUrl)->assertElementNotContains('.book-content', $otherChapter->name);
}
public function test_page_create_own_permissions()
@ -576,8 +583,7 @@ class RolesTest extends TestCase
$accessUrls = [$createUrl, $createUrlChapter];
foreach ($accessUrls as $url) {
$this->actingAs($this->user)->get($url)
->seePageIs('/');
$this->actingAs($this->user)->get($url)->assertRedirect('/');
}
$this->checkAccessPermission('page-create-own', [], [
@ -588,39 +594,39 @@ class RolesTest extends TestCase
$this->giveUserPermissions($this->user, ['page-create-own']);
foreach ($accessUrls as $index => $url) {
$this->actingAs($this->user)->get($url);
$expectedUrl = Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl();
$this->seePageIs($expectedUrl);
$resp = $this->actingAs($this->user)->get($url);
$expectedUrl = Page::query()->where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl();
$resp->assertRedirect($expectedUrl);
}
$this->get($createUrl)
->type('test page', 'name')
->type('page desc', 'html')
->press('Save Page')
->seePageIs($ownBook->getUrl('/page/test-page'));
$this->get($createUrl);
/** @var Page $draft */
$draft = Page::query()->where('draft', '=', true)->orderBy('id', 'desc')->first();
$this->post($draft->getUrl(), [
'name' => 'test page',
'html' => 'page desc',
])->assertRedirect($ownBook->getUrl('/page/test-page'));
$this->get($book->getUrl())
->assertElementNotContains('.action-buttons', 'New Page')
->get($book->getUrl() . '/create-page')
->seePageIs('/');
$this->get($chapter->getUrl())
->assertElementNotContains('.action-buttons', 'New Page')
->get($chapter->getUrl() . '/create-page')
->seePageIs('/');
$this->get($book->getUrl())->assertElementNotContains('.action-buttons', 'New Page');
$this->get($book->getUrl('/create-page'))->assertRedirect('/');
$this->get($chapter->getUrl())->assertElementNotContains('.action-buttons', 'New Page');
$this->get($chapter->getUrl('/create-page'))->assertRedirect('/');
}
public function test_page_create_all_permissions()
{
$book = Book::take(1)->get()->first();
$chapter = Chapter::take(1)->get()->first();
/** @var Book $book */
$book = Book::query()->first();
/** @var Chapter $chapter */
$chapter = Chapter::query()->first();
$createUrl = $book->getUrl('/create-page');
$createUrlChapter = $chapter->getUrl('/create-page');
$accessUrls = [$createUrl, $createUrlChapter];
foreach ($accessUrls as $url) {
$this->actingAs($this->user)->get($url)
->seePageIs('/');
$this->actingAs($this->user)->get($url)->assertRedirect('/');
}
$this->checkAccessPermission('page-create-all', [], [
@ -631,27 +637,32 @@ class RolesTest extends TestCase
$this->giveUserPermissions($this->user, ['page-create-all']);
foreach ($accessUrls as $index => $url) {
$this->actingAs($this->user)->get($url);
$expectedUrl = Page::where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl();
$this->seePageIs($expectedUrl);
$resp = $this->actingAs($this->user)->get($url);
$expectedUrl = Page::query()->where('draft', '=', true)->orderBy('id', 'desc')->first()->getUrl();
$resp->assertRedirect($expectedUrl);
}
$this->get($createUrl)
->type('test page', 'name')
->type('page desc', 'html')
->press('Save Page')
->seePageIs($book->getUrl('/page/test-page'));
$this->get($createUrl);
/** @var Page $draft */
$draft = Page::query()->where('draft', '=', true)->orderByDesc('id')->first();
$this->post($draft->getUrl(), [
'name' => 'test page',
'html' => 'page desc',
])->assertRedirect($book->getUrl('/page/test-page'));
$this->get($chapter->getUrl('/create-page'))
->type('new test page', 'name')
->type('page desc', 'html')
->press('Save Page')
->seePageIs($book->getUrl('/page/new-test-page'));
$this->get($chapter->getUrl('/create-page'));
/** @var Page $draft */
$draft = Page::query()->where('draft', '=', true)->orderByDesc('id')->first();
$this->post($draft->getUrl(), [
'name' => 'new test page',
'html' => 'page desc',
])->assertRedirect($book->getUrl('/page/new-test-page'));
}
public function test_page_edit_own_permission()
{
$otherPage = Page::take(1)->get()->first();
/** @var Page $otherPage */
$otherPage = Page::query()->first();
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->checkAccessPermission('page-update-own', [
$ownPage->getUrl() . '/edit',
@ -659,17 +670,16 @@ class RolesTest extends TestCase
$ownPage->getUrl() => 'Edit',
]);
$this->get($otherPage->getUrl())
->assertElementNotContains('.action-buttons', 'Edit')
->get($otherPage->getUrl() . '/edit')
->seePageIs('/');
$this->get($otherPage->getUrl())->assertElementNotContains('.action-buttons', 'Edit');
$this->get($otherPage->getUrl() . '/edit')->assertRedirect('/');
}
public function test_page_edit_all_permission()
{
$otherPage = Page::take(1)->get()->first();
/** @var Page $otherPage */
$otherPage = Page::query()->first();
$this->checkAccessPermission('page-update-all', [
$otherPage->getUrl() . '/edit',
$otherPage->getUrl('/edit'),
], [
$otherPage->getUrl() => 'Edit',
]);
@ -678,7 +688,8 @@ class RolesTest extends TestCase
public function test_page_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['page-update-all']);
$otherPage = Page::take(1)->get()->first();
/** @var Page $otherPage */
$otherPage = Page::query()->first();
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->checkAccessPermission('page-delete-own', [
$ownPage->getUrl() . '/delete',
@ -687,36 +698,37 @@ class RolesTest extends TestCase
]);
$parent = $ownPage->chapter ?? $ownPage->book;
$this->get($otherPage->getUrl())
->assertElementNotContains('.action-buttons', 'Delete')
->get($otherPage->getUrl() . '/delete')
->seePageIs('/');
$this->get($ownPage->getUrl())->get($ownPage->getUrl() . '/delete')
->press('Confirm')
->seePageIs($parent->getUrl())
->assertElementNotContains('.book-content', $ownPage->name);
$this->get($otherPage->getUrl())->assertElementNotContains('.action-buttons', 'Delete');
$this->get($otherPage->getUrl('/delete'))->assertRedirect('/');
$this->get($ownPage->getUrl());
$this->delete($ownPage->getUrl())->assertRedirect($parent->getUrl());
$this->get($parent->getUrl())->assertElementNotContains('.book-content', $ownPage->name);
}
public function test_page_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['page-update-all']);
$otherPage = Page::take(1)->get()->first();
/** @var Page $otherPage */
$otherPage = Page::query()->first();
$this->checkAccessPermission('page-delete-all', [
$otherPage->getUrl() . '/delete',
], [
$otherPage->getUrl() => 'Delete',
]);
/** @var Entity $parent */
$parent = $otherPage->chapter ?? $otherPage->book;
$this->get($otherPage->getUrl())->get($otherPage->getUrl() . '/delete')
->press('Confirm')
->seePageIs($parent->getUrl())
->assertElementNotContains('.book-content', $otherPage->name);
$this->get($otherPage->getUrl());
$this->delete($otherPage->getUrl())->assertRedirect($parent->getUrl());
$this->get($parent->getUrl())->assertDontSee($otherPage->name);
}
public function test_public_role_visible_in_user_edit_screen()
{
$user = User::first();
/** @var User $user */
$user = User::query()->first();
$adminRole = Role::getSystemRole('admin');
$publicRole = Role::getSystemRole('public');
$this->asAdmin()->get('/settings/users/' . $user->id)
@ -738,53 +750,57 @@ class RolesTest extends TestCase
->assertElementExists('[data-system-role-name="public"]');
}
public function test_public_role_not_deleteable()
public function test_public_role_not_deletable()
{
$this->asAdmin()->get('/settings/roles')
->click('Public')
->assertSee('Edit Role')
->click('Delete Role')
->press('Confirm')
->assertSee('Delete Role')
->assertSee('Cannot be deleted');
/** @var Role $publicRole */
$publicRole = Role::getSystemRole('public');
$resp = $this->asAdmin()->delete('/settings/roles/delete/' . $publicRole->id);
$resp->assertRedirect('/');
$this->get('/settings/roles/delete/' . $publicRole->id);
$resp = $this->delete('/settings/roles/delete/' . $publicRole->id);
$resp->assertRedirect('/settings/roles/delete/' . $publicRole->id);
$resp = $this->get('/settings/roles/delete/' . $publicRole->id);
$resp->assertSee('This role is a system role and cannot be deleted');
}
public function test_image_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['image-update-all']);
$page = Page::first();
$image = factory(Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]);
/** @var Page $page */
$page = Page::query()->first();
$image = factory(Image::class)->create([
'uploaded_to' => $page->id,
'created_by' => $this->user->id,
'updated_by' => $this->user->id,
]);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->assertStatus(403);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertStatus(403);
$this->giveUserPermissions($this->user, ['image-delete-own']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->assertOk()
->assertDatabaseMissing('images', ['id' => $image->id]);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertOk();
$this->assertDatabaseMissing('images', ['id' => $image->id]);
}
public function test_image_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['image-update-all']);
$admin = $this->getAdmin();
$page = Page::first();
/** @var Page $page */
$page = Page::query()->first();
$image = factory(Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->assertStatus(403);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertStatus(403);
$this->giveUserPermissions($this->user, ['image-delete-own']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->assertStatus(403);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertStatus(403);
$this->giveUserPermissions($this->user, ['image-delete-all']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->assertOk()
->assertDatabaseMissing('images', ['id' => $image->id]);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertOk();
$this->assertDatabaseMissing('images', ['id' => $image->id]);
}
public function test_role_permission_removal()