mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-07-31 15:24:31 +03:00
Copied over work from user_permissions branch
Only that relevant to the additional testing work.
This commit is contained in:
Dan Brown
@ -16,12 +16,12 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_tokens_section_not_visible_without_access_api_permission()
|
||||
{
|
||||
$user = $this->getViewer();
|
||||
$user = $this->users->viewer();
|
||||
|
||||
$resp = $this->actingAs($user)->get($user->getEditUrl());
|
||||
$resp->assertDontSeeText('API Tokens');
|
||||
|
||||
$this->giveUserPermissions($user, ['access-api']);
|
||||
$this->permissions->grantUserRolePermissions($user, ['access-api']);
|
||||
|
||||
$resp = $this->actingAs($user)->get($user->getEditUrl());
|
||||
$resp->assertSeeText('API Tokens');
|
||||
@ -30,9 +30,9 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_those_with_manage_users_can_view_other_user_tokens_but_not_create()
|
||||
{
|
||||
$viewer = $this->getViewer();
|
||||
$editor = $this->getEditor();
|
||||
$this->giveUserPermissions($viewer, ['users-manage']);
|
||||
$viewer = $this->users->viewer();
|
||||
$editor = $this->users->editor();
|
||||
$this->permissions->grantUserRolePermissions($viewer, ['users-manage']);
|
||||
|
||||
$resp = $this->actingAs($viewer)->get($editor->getEditUrl());
|
||||
$resp->assertSeeText('API Tokens');
|
||||
@ -41,7 +41,7 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_create_api_token()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
|
||||
$resp = $this->asAdmin()->get($editor->getEditUrl('/create-api-token'));
|
||||
$resp->assertStatus(200);
|
||||
@ -74,7 +74,7 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_create_with_no_expiry_sets_expiry_hundred_years_away()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token', 'expires_at' => '']);
|
||||
$token = ApiToken::query()->latest()->first();
|
||||
|
||||
@ -88,7 +88,7 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_created_token_displays_on_profile_page()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
|
||||
$token = ApiToken::query()->latest()->first();
|
||||
|
||||
@ -101,7 +101,7 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_secret_shown_once_after_creation()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$resp = $this->asAdmin()->followingRedirects()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
|
||||
$resp->assertSeeText('Token Secret');
|
||||
|
||||
@ -114,7 +114,7 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_token_update()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
|
||||
$token = ApiToken::query()->latest()->first();
|
||||
$updateData = [
|
||||
@ -132,7 +132,7 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_token_update_with_blank_expiry_sets_to_hundred_years_away()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
|
||||
$token = ApiToken::query()->latest()->first();
|
||||
|
||||
@ -152,7 +152,7 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_token_delete()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
|
||||
$token = ApiToken::query()->latest()->first();
|
||||
|
||||
@ -171,9 +171,9 @@ class UserApiTokenTest extends TestCase
|
||||
|
||||
public function test_user_manage_can_delete_token_without_api_permission_themselves()
|
||||
{
|
||||
$viewer = $this->getViewer();
|
||||
$editor = $this->getEditor();
|
||||
$this->giveUserPermissions($editor, ['users-manage']);
|
||||
$viewer = $this->users->viewer();
|
||||
$editor = $this->users->editor();
|
||||
$this->permissions->grantUserRolePermissions($editor, ['users-manage']);
|
||||
|
||||
$this->asAdmin()->post($viewer->getEditUrl('/create-api-token'), $this->testTokenData);
|
||||
$token = ApiToken::query()->latest()->first();
|
||||
|
||||
@ -46,7 +46,7 @@ class UserManagementTest extends TestCase
|
||||
|
||||
public function test_user_updating()
|
||||
{
|
||||
$user = $this->getNormalUser();
|
||||
$user = $this->users->viewer();
|
||||
$password = $user->password;
|
||||
|
||||
$resp = $this->asAdmin()->get('/settings/users/' . $user->id);
|
||||
@ -65,7 +65,7 @@ class UserManagementTest extends TestCase
|
||||
|
||||
public function test_user_password_update()
|
||||
{
|
||||
$user = $this->getNormalUser();
|
||||
$user = $this->users->viewer();
|
||||
$userProfilePage = '/settings/users/' . $user->id;
|
||||
|
||||
$this->asAdmin()->get($userProfilePage);
|
||||
@ -113,7 +113,7 @@ class UserManagementTest extends TestCase
|
||||
|
||||
public function test_delete()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$resp = $this->asAdmin()->delete("settings/users/{$editor->id}");
|
||||
$resp->assertRedirect('/settings/users');
|
||||
$resp = $this->followRedirects($resp);
|
||||
@ -126,7 +126,7 @@ class UserManagementTest extends TestCase
|
||||
|
||||
public function test_delete_offers_migrate_option()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$resp = $this->asAdmin()->get("settings/users/{$editor->id}/delete");
|
||||
$resp->assertSee('Migrate Ownership');
|
||||
$resp->assertSee('new_owner_id');
|
||||
@ -134,13 +134,13 @@ class UserManagementTest extends TestCase
|
||||
|
||||
public function test_migrate_option_hidden_if_user_cannot_manage_users()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
|
||||
$resp = $this->asEditor()->get("settings/users/{$editor->id}/delete");
|
||||
$resp->assertDontSee('Migrate Ownership');
|
||||
$resp->assertDontSee('new_owner_id');
|
||||
|
||||
$this->giveUserPermissions($editor, ['users-manage']);
|
||||
$this->permissions->grantUserRolePermissions($editor, ['users-manage']);
|
||||
|
||||
$resp = $this->asEditor()->get("settings/users/{$editor->id}/delete");
|
||||
$resp->assertSee('Migrate Ownership');
|
||||
@ -162,7 +162,7 @@ class UserManagementTest extends TestCase
|
||||
|
||||
public function test_delete_removes_user_preferences()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
setting()->putUser($editor, 'dark-mode-enabled', 'true');
|
||||
|
||||
$this->assertDatabaseHas('settings', [
|
||||
@ -253,7 +253,7 @@ class UserManagementTest extends TestCase
|
||||
|
||||
public function test_user_create_update_fails_if_locale_is_invalid()
|
||||
{
|
||||
$user = $this->getEditor();
|
||||
$user = $this->users->editor();
|
||||
|
||||
// Too long
|
||||
$resp = $this->asAdmin()->put($user->getEditUrl(), ['language' => 'this_is_too_long']);
|
||||
@ -274,34 +274,4 @@ class UserManagementTest extends TestCase
|
||||
$resp->assertSessionHasErrors(['language' => 'The language may not be greater than 15 characters.']);
|
||||
$resp->assertSessionHasErrors(['language' => 'The language may only contain letters, numbers, dashes and underscores.']);
|
||||
}
|
||||
|
||||
public function test_role_removal_on_user_edit_removes_all_role_assignments()
|
||||
{
|
||||
$user = $this->getEditor();
|
||||
|
||||
$this->assertEquals(1, $user->roles()->count());
|
||||
|
||||
// A roles[0] hidden fields is used to indicate the existence of role selection in the submission
|
||||
// of the user edit form. We check that field is used and emulate its submission.
|
||||
$resp = $this->asAdmin()->get("/settings/users/{$user->id}");
|
||||
$this->withHtml($resp)->assertElementExists('input[type="hidden"][name="roles[0]"][value="0"]');
|
||||
|
||||
$resp = $this->asAdmin()->put("/settings/users/{$user->id}", [
|
||||
'name' => $user->name,
|
||||
'email' => $user->email,
|
||||
'roles' => ['0' => '0'],
|
||||
]);
|
||||
$resp->assertRedirect("/settings/users");
|
||||
|
||||
$this->assertEquals(0, $user->roles()->count());
|
||||
}
|
||||
|
||||
public function test_role_form_hidden_indicator_field_does_not_exist_where_roles_cannot_be_managed()
|
||||
{
|
||||
$user = $this->getEditor();
|
||||
$resp = $this->actingAs($user)->get("/settings/users/{$user->id}");
|
||||
$html = $this->withHtml($resp);
|
||||
$html->assertElementExists('input[name="email"]');
|
||||
$html->assertElementNotExists('input[type="hidden"][name="roles[0]"]');
|
||||
}
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@ class UserPreferencesTest extends TestCase
|
||||
|
||||
public function test_body_has_shortcuts_component_when_active()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->actingAs($editor);
|
||||
|
||||
$this->withHtml($this->get('/'))->assertElementNotExists('body[component="shortcuts"]');
|
||||
@ -47,7 +47,7 @@ class UserPreferencesTest extends TestCase
|
||||
|
||||
public function test_update_sort_preference()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->actingAs($editor);
|
||||
|
||||
$updateRequest = $this->patch('/preferences/change-sort/books', [
|
||||
@ -70,7 +70,7 @@ class UserPreferencesTest extends TestCase
|
||||
|
||||
public function test_update_sort_bad_entity_type_handled()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->actingAs($editor);
|
||||
|
||||
$updateRequest = $this->patch('/preferences/change-sort/dogs', [
|
||||
@ -85,7 +85,7 @@ class UserPreferencesTest extends TestCase
|
||||
|
||||
public function test_update_expansion_preference()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$this->actingAs($editor);
|
||||
|
||||
$updateRequest = $this->patch('/preferences/change-expansion/home-details', ['expand' => 'true']);
|
||||
@ -103,7 +103,7 @@ class UserPreferencesTest extends TestCase
|
||||
|
||||
public function test_toggle_dark_mode()
|
||||
{
|
||||
$home = $this->actingAs($this->getEditor())->get('/');
|
||||
$home = $this->actingAs($this->users->editor())->get('/');
|
||||
$home->assertSee('Dark Mode');
|
||||
$this->withHtml($home)->assertElementNotExists('.dark-mode');
|
||||
|
||||
@ -112,7 +112,7 @@ class UserPreferencesTest extends TestCase
|
||||
$prefChange->assertRedirect();
|
||||
$this->assertEquals(true, setting()->getForCurrentUser('dark-mode-enabled'));
|
||||
|
||||
$home = $this->actingAs($this->getEditor())->get('/');
|
||||
$home = $this->actingAs($this->users->editor())->get('/');
|
||||
$this->withHtml($home)->assertElementExists('.dark-mode');
|
||||
$home->assertDontSee('Dark Mode');
|
||||
$home->assertSee('Light Mode');
|
||||
@ -133,7 +133,7 @@ class UserPreferencesTest extends TestCase
|
||||
|
||||
public function test_books_view_type_preferences_when_list()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
setting()->putUser($editor, 'books_view_type', 'list');
|
||||
|
||||
$resp = $this->actingAs($editor)->get('/books');
|
||||
@ -144,7 +144,7 @@ class UserPreferencesTest extends TestCase
|
||||
|
||||
public function test_books_view_type_preferences_when_grid()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
setting()->putUser($editor, 'books_view_type', 'grid');
|
||||
|
||||
$resp = $this->actingAs($editor)->get('/books');
|
||||
@ -153,7 +153,7 @@ class UserPreferencesTest extends TestCase
|
||||
|
||||
public function test_shelf_view_type_change()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$shelf = $this->entities->shelf();
|
||||
setting()->putUser($editor, 'bookshelf_view_type', 'list');
|
||||
|
||||
@ -175,7 +175,7 @@ class UserPreferencesTest extends TestCase
|
||||
|
||||
public function test_update_code_language_favourite()
|
||||
{
|
||||
$editor = $this->getEditor();
|
||||
$editor = $this->users->editor();
|
||||
$page = $this->entities->page();
|
||||
$this->actingAs($editor);
|
||||
|
||||
|
||||
@ -88,8 +88,8 @@ class UserProfileTest extends TestCase
|
||||
|
||||
public function test_profile_has_search_links_in_created_entity_lists()
|
||||
{
|
||||
$user = $this->getEditor();
|
||||
$resp = $this->actingAs($this->getAdmin())->get('/user/' . $user->slug);
|
||||
$user = $this->users->editor();
|
||||
$resp = $this->actingAs($this->users->admin())->get('/user/' . $user->slug);
|
||||
|
||||
$expectedLinks = [
|
||||
'/search?term=%7Bcreated_by%3A' . $user->slug . '%7D+%7Btype%3Apage%7D',
|
||||
|
||||
@ -9,8 +9,8 @@ class UserSearchTest extends TestCase
|
||||
{
|
||||
public function test_select_search_matches_by_name()
|
||||
{
|
||||
$viewer = $this->getViewer();
|
||||
$admin = $this->getAdmin();
|
||||
$viewer = $this->users->viewer();
|
||||
$admin = $this->users->admin();
|
||||
$resp = $this->actingAs($admin)->get('/search/users/select?search=' . urlencode($viewer->name));
|
||||
|
||||
$resp->assertOk();
|
||||
@ -30,8 +30,8 @@ class UserSearchTest extends TestCase
|
||||
|
||||
public function test_select_search_does_not_match_by_email()
|
||||
{
|
||||
$viewer = $this->getViewer();
|
||||
$editor = $this->getEditor();
|
||||
$viewer = $this->users->viewer();
|
||||
$editor = $this->users->editor();
|
||||
$resp = $this->actingAs($editor)->get('/search/users/select?search=' . urlencode($viewer->email));
|
||||
|
||||
$resp->assertDontSee($viewer->name);
|
||||
@ -40,13 +40,13 @@ class UserSearchTest extends TestCase
|
||||
public function test_select_requires_right_permission()
|
||||
{
|
||||
$permissions = ['users-manage', 'restrictions-manage-own', 'restrictions-manage-all'];
|
||||
$user = $this->getViewer();
|
||||
$user = $this->users->viewer();
|
||||
|
||||
foreach ($permissions as $permission) {
|
||||
$resp = $this->actingAs($user)->get('/search/users/select?search=a');
|
||||
$this->assertPermissionError($resp);
|
||||
|
||||
$this->giveUserPermissions($user, [$permission]);
|
||||
$this->permissions->grantUserRolePermissions($user, [$permission]);
|
||||
$resp = $this->actingAs($user)->get('/search/users/select?search=a');
|
||||
$resp->assertOk();
|
||||
$user->roles()->delete();
|
||||
@ -58,7 +58,7 @@ class UserSearchTest extends TestCase
|
||||
{
|
||||
$this->setSettings(['app-public' => true]);
|
||||
$defaultUser = User::getDefault();
|
||||
$this->giveUserPermissions($defaultUser, ['users-manage']);
|
||||
$this->permissions->grantUserRolePermissions($defaultUser, ['users-manage']);
|
||||
|
||||
$resp = $this->get('/search/users/select?search=a');
|
||||
$this->assertPermissionError($resp);
|
||||
|
||||
Reference in New Issue
Block a user