webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-30 04:23:11 +03:00
Code Activity

Fixed issue where books titles could be leaked via shelf home view

Browse Source 
- Also added test to cover
Fixes #1425
This commit is contained in:
Dan Brown
2019-05-07 22:42:12 +01:00
parent 7ef059e254
commit 97ffbaa740
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
tests/HomepageTest.php
View File

@ -1,5 +1,7 @@
<?php namespace Tests;
use BookStack\Entities\Bookshelf;
class HomepageTest extends TestCase
{
@ -89,4 +91,33 @@ class HomepageTest extends TestCase
$this->setSettings(['app-homepage-type' => false]);
$this->test_default_homepage_visible();
}
public function test_shelves_list_homepage_adheres_to_book_visibility_permissions()
{
$editor = $this->getEditor();
setting()->putUser($editor, 'bookshelves_view_type', 'list');
$this->setSettings(['app-homepage-type' => 'bookshelves']);
$this->asEditor();
$shelf = Bookshelf::query()->first();
$book = $shelf->books()->first();
// Ensure initially visible
$homeVisit = $this->get('/');
$homeVisit->assertElementContains('.content-wrap', $shelf->name);
$homeVisit->assertElementContains('.content-wrap', $book->name);
// Ensure book no longer visible without view permission
$editor->roles()->detach();
$this->giveUserPermissions($editor, ['bookshelf-view-all']);
$homeVisit = $this->get('/');
$homeVisit->assertElementContains('.content-wrap', $shelf->name);
$homeVisit->assertElementNotContains('.content-wrap', $book->name);
// Ensure is visible again with entity-level view permission
$this->setEntityRestrictions($book, ['view'], [$editor->roles()->first()]);
$homeVisit = $this->get('/');
$homeVisit->assertElementContains('.content-wrap', $shelf->name);
$homeVisit->assertElementContains('.content-wrap', $book->name);
}
}