mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-01-03 23:42:28 +03:00
Copied over work from user_permissions branch
Only that relevant to the additional testing work.
This commit is contained in:
Dan Brown
@@ -16,8 +16,8 @@ class ApiAuthTest extends TestCase
|
||||
|
||||
public function test_requests_succeed_with_default_auth()
|
||||
{
|
||||
$viewer = $this->getViewer();
|
||||
$this->giveUserPermissions($viewer, ['access-api']);
|
||||
$viewer = $this->users->viewer();
|
||||
$this->permissions->grantUserRolePermissions($viewer, ['access-api']);
|
||||
|
||||
$resp = $this->get($this->endpoint);
|
||||
$resp->assertStatus(401);
|
||||
@@ -63,7 +63,7 @@ class ApiAuthTest extends TestCase
|
||||
auth()->logout();
|
||||
|
||||
$accessApiPermission = RolePermission::getByName('access-api');
|
||||
$editorRole = $this->getEditor()->roles()->first();
|
||||
$editorRole = $this->users->editor()->roles()->first();
|
||||
$editorRole->detachPermission($accessApiPermission);
|
||||
|
||||
$resp = $this->get($this->endpoint, $this->apiAuthHeader());
|
||||
@@ -73,7 +73,7 @@ class ApiAuthTest extends TestCase
|
||||
|
||||
public function test_api_access_permission_required_to_access_api_with_session_auth()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->actingAs($editor, 'standard');
|
||||
|
||||
$resp = $this->get($this->endpoint);
|
||||
@@ -81,7 +81,7 @@ class ApiAuthTest extends TestCase
|
||||
auth('standard')->logout();
|
||||
|
||||
$accessApiPermission = RolePermission::getByName('access-api');
|
||||
$editorRole = $this->getEditor()->roles()->first();
|
||||
$editorRole = $this->users->editor()->roles()->first();
|
||||
$editorRole->detachPermission($accessApiPermission);
|
||||
|
||||
$editor = User::query()->where('id', '=', $editor->id)->first();
|
||||
@@ -114,7 +114,7 @@ class ApiAuthTest extends TestCase
|
||||
|
||||
public function test_token_expiry_checked()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$token = $editor->apiTokens()->first();
|
||||
|
||||
$resp = $this->get($this->endpoint, $this->apiAuthHeader());
|
||||
@@ -130,7 +130,7 @@ class ApiAuthTest extends TestCase
|
||||
|
||||
public function test_email_confirmation_checked_using_api_auth()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$editor->email_confirmed = false;
|
||||
$editor->save();
|
||||
|
||||
|
||||
@@ -50,7 +50,7 @@ class AttachmentsApiTest extends TestCase
|
||||
],
|
||||
]]);
|
||||
|
||||
$this->entities->setPermissions($page, [], []);
|
||||
$this->permissions->setEntityPermissions($page, [], []);
|
||||
|
||||
$resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
|
||||
$resp->assertJsonMissing(['data' => [
|
||||
@@ -246,13 +246,13 @@ class AttachmentsApiTest extends TestCase
|
||||
public function test_attachment_not_visible_on_other_users_draft()
|
||||
{
|
||||
$this->actingAsApiAdmin();
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
|
||||
$page = $this->entities->page();
|
||||
$page->draft = true;
|
||||
$page->owned_by = $editor->id;
|
||||
$page->save();
|
||||
$this->entities->regenPermissions($page);
|
||||
$this->permissions->regenerateForEntity($page);
|
||||
|
||||
$attachment = $this->createAttachmentForPage($page, [
|
||||
'name' => 'my attachment',
|
||||
@@ -342,7 +342,7 @@ class AttachmentsApiTest extends TestCase
|
||||
|
||||
protected function createAttachmentForPage(Page $page, $attributes = []): Attachment
|
||||
{
|
||||
$admin = $this->getAdmin();
|
||||
$admin = $this->users->admin();
|
||||
/** @var Attachment $attachment */
|
||||
$attachment = $page->attachments()->forceCreate(array_merge([
|
||||
'uploaded_to' => $page->id,
|
||||
|
||||
@@ -246,7 +246,7 @@ class BooksApiTest extends TestCase
|
||||
{
|
||||
$types = ['html', 'plaintext', 'pdf', 'markdown'];
|
||||
$this->actingAsApiEditor();
|
||||
$this->removePermissionFromUser($this->getEditor(), 'content-export');
|
||||
$this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);
|
||||
|
||||
$book = $this->entities->book();
|
||||
foreach ($types as $type) {
|
||||
|
||||
@@ -221,7 +221,7 @@ class ChaptersApiTest extends TestCase
|
||||
{
|
||||
$types = ['html', 'plaintext', 'pdf', 'markdown'];
|
||||
$this->actingAsApiEditor();
|
||||
$this->removePermissionFromUser($this->getEditor(), 'content-export');
|
||||
$this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);
|
||||
|
||||
$chapter = Chapter::visible()->has('pages')->first();
|
||||
foreach ($types as $type) {
|
||||
|
||||
@@ -209,7 +209,7 @@ class PagesApiTest extends TestCase
|
||||
$this->actingAsApiEditor();
|
||||
$page = $this->entities->page();
|
||||
$chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
|
||||
$this->entities->setPermissions($chapter, ['view'], [$this->getEditor()->roles()->first()]);
|
||||
$this->permissions->setEntityPermissions($chapter, ['view'], [$this->users->editor()->roles()->first()]);
|
||||
$details = [
|
||||
'name' => 'My updated API page',
|
||||
'chapter_id' => $chapter->id,
|
||||
@@ -315,7 +315,7 @@ class PagesApiTest extends TestCase
|
||||
{
|
||||
$types = ['html', 'plaintext', 'pdf', 'markdown'];
|
||||
$this->actingAsApiEditor();
|
||||
$this->removePermissionFromUser($this->getEditor(), 'content-export');
|
||||
$this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);
|
||||
|
||||
$page = $this->entities->page();
|
||||
foreach ($types as $type) {
|
||||
|
||||
@@ -21,8 +21,8 @@ class RecycleBinApiTest extends TestCase
|
||||
|
||||
public function test_settings_manage_permission_needed_for_all_endpoints()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$this->giveUserPermissions($editor, ['settings-manage']);
|
||||
$editor = $this->users->editor();
|
||||
$this->permissions->grantUserRolePermissions($editor, ['settings-manage']);
|
||||
$this->actingAs($editor);
|
||||
|
||||
foreach ($this->endpointMap as [$method, $uri]) {
|
||||
@@ -34,8 +34,8 @@ class RecycleBinApiTest extends TestCase
|
||||
|
||||
public function test_restrictions_manage_all_permission_needed_for_all_endpoints()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$this->giveUserPermissions($editor, ['restrictions-manage-all']);
|
||||
$editor = $this->users->editor();
|
||||
$this->permissions->grantUserRolePermissions($editor, ['restrictions-manage-all']);
|
||||
$this->actingAs($editor);
|
||||
|
||||
foreach ($this->endpointMap as [$method, $uri]) {
|
||||
@@ -47,7 +47,7 @@ class RecycleBinApiTest extends TestCase
|
||||
|
||||
public function test_index_endpoint_returns_expected_page()
|
||||
{
|
||||
$admin = $this->getAdmin();
|
||||
$admin = $this->users->admin();
|
||||
|
||||
$page = $this->entities->page();
|
||||
$book = $this->entities->book();
|
||||
@@ -82,7 +82,7 @@ class RecycleBinApiTest extends TestCase
|
||||
|
||||
public function test_index_endpoint_returns_children_count()
|
||||
{
|
||||
$admin = $this->getAdmin();
|
||||
$admin = $this->users->admin();
|
||||
|
||||
$book = Book::query()->whereHas('pages')->whereHas('chapters')->withCount(['pages', 'chapters'])->first();
|
||||
$this->actingAs($admin)->delete($book->getUrl());
|
||||
@@ -109,7 +109,7 @@ class RecycleBinApiTest extends TestCase
|
||||
|
||||
public function test_index_endpoint_returns_parent()
|
||||
{
|
||||
$admin = $this->getAdmin();
|
||||
$admin = $this->users->admin();
|
||||
$page = $this->entities->pageWithinChapter();
|
||||
|
||||
$this->actingAs($admin)->delete($page->getUrl());
|
||||
|
||||
@@ -12,7 +12,7 @@ trait TestsApi
|
||||
*/
|
||||
protected function actingAsApiEditor()
|
||||
{
|
||||
$this->actingAs($this->getEditor(), 'api');
|
||||
$this->actingAs($this->users->editor(), 'api');
|
||||
|
||||
return $this;
|
||||
}
|
||||
@@ -22,7 +22,7 @@ trait TestsApi
|
||||
*/
|
||||
protected function actingAsApiAdmin()
|
||||
{
|
||||
$this->actingAs($this->getAdmin(), 'api');
|
||||
$this->actingAs($this->users->admin(), 'api');
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
@@ -175,7 +175,7 @@ class UsersApiTest extends TestCase
|
||||
{
|
||||
$this->actingAsApiAdmin();
|
||||
/** @var User $user */
|
||||
$user = $this->getAdmin();
|
||||
$user = $this->users->admin();
|
||||
$roles = Role::query()->pluck('id');
|
||||
$resp = $this->putJson($this->baseEndpoint . "/{$user->id}", [
|
||||
'name' => 'My updated user',
|
||||
@@ -204,7 +204,7 @@ class UsersApiTest extends TestCase
|
||||
{
|
||||
$this->actingAsApiAdmin();
|
||||
/** @var User $user */
|
||||
$user = $this->getAdmin();
|
||||
$user = $this->users->admin();
|
||||
$roleCount = $user->roles()->count();
|
||||
$resp = $this->putJson($this->baseEndpoint . "/{$user->id}", []);
|
||||
|
||||
@@ -222,7 +222,7 @@ class UsersApiTest extends TestCase
|
||||
{
|
||||
$this->actingAsApiAdmin();
|
||||
/** @var User $user */
|
||||
$user = User::query()->where('id', '!=', $this->getAdmin()->id)
|
||||
$user = User::query()->where('id', '!=', $this->users->admin()->id)
|
||||
->whereNull('system_name')
|
||||
->first();
|
||||
|
||||
@@ -236,7 +236,7 @@ class UsersApiTest extends TestCase
|
||||
{
|
||||
$this->actingAsApiAdmin();
|
||||
/** @var User $user */
|
||||
$user = User::query()->where('id', '!=', $this->getAdmin()->id)
|
||||
$user = User::query()->where('id', '!=', $this->users->admin()->id)
|
||||
->whereNull('system_name')
|
||||
->first();
|
||||
$entityChain = $this->entities->createChainBelongingToUser($user);
|
||||
|
||||
Reference in New Issue
Block a user