webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Watching: Prevent issues when watchable or user is deleted

Browse Source 
- Adds filtering to the watched items list in notification preferences
  so that deleted (recycle bin) items are removed via query.
- Adds relations and logic to properly remove watches upon user and
  entity delete events, to old watches in database do not linger.
- Adds testing to cover the above.

Did not add migration for existing data, since patch will be close to
introduction, and lingering DB entries don't open a security concern,
just some potential confusion in specific potential scenarios.
Probably not work extra migration risk, although could add in future if
concerns/issues are found.

Related to #4499
This commit is contained in:
Dan Brown
2023-09-03 14:19:43 +01:00
parent 1cd19c76ba
commit 817581aa0c
10 changed files with 123 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
tests/Activity/WatchTest.php
View File

@ -12,6 +12,7 @@ use BookStack\Activity\Tools\ActivityLogger;
use BookStack\Activity\Tools\UserEntityWatchOptions;
use BookStack\Activity\WatchLevels;
use BookStack\Entities\Models\Entity;
use BookStack\Entities\Tools\TrashCan;
use BookStack\Settings\UserNotificationPreferences;
use Illuminate\Support\Facades\Notification;
use Tests\TestCase;
@ -370,4 +371,32 @@ class WatchTest extends TestCase
$notifications->assertNothingSentTo($editor);
}
public function test_watches_deleted_on_user_delete()
{
$editor = $this->users->editor();
$page = $this->entities->page();
$watches = new UserEntityWatchOptions($editor, $page);
$watches->updateLevelByValue(WatchLevels::COMMENTS);
$this->assertDatabaseHas('watches', ['user_id' => $editor->id]);
$this->asAdmin()->delete($editor->getEditUrl());
$this->assertDatabaseMissing('watches', ['user_id' => $editor->id]);
}
public function test_watches_deleted_on_item_delete()
{
$editor = $this->users->editor();
$page = $this->entities->page();
$watches = new UserEntityWatchOptions($editor, $page);
$watches->updateLevelByValue(WatchLevels::COMMENTS);
$this->assertDatabaseHas('watches', ['watchable_type' => 'page', 'watchable_id' => $page->id]);
$this->entities->destroy($page);
$this->assertDatabaseMissing('watches', ['watchable_type' => 'page', 'watchable_id' => $page->id]);
}
}