webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-30 04:23:11 +03:00
Code Activity

Merge branch 'master' of git://github.com/Abijeet/BookStack into Abijeet-master

Browse Source
This commit is contained in:
Dan Brown
2017-08-01 19:24:33 +01:00
parent 9126da6299 574ee820a9
commit e9831a7507
42 changed files with 1420 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
tests/Permissions/RolesTest.php
View File

@ -657,4 +657,112 @@ class RolesTest extends BrowserKitTest
->dontSee('Sort the current book');
}
public function test_comment_create_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->actingAs($this->user)->addComment($ownPage);
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-create-all']);
$this->actingAs($this->user)->addComment($ownPage);
$this->assertResponseOk(200)->seeJsonContains(['status' => 'success']);
}
public function test_comment_update_own_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->giveUserPermissions($this->user, ['comment-create-all']);
$comment = $this->actingAs($this->user)->addComment($ownPage);
// no comment-update-own
$this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-update-own']);
// now has comment-update-own
$this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
$this->assertResponseOk()->seeJsonContains(['status' => 'success']);
}
public function test_comment_update_all_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$comment = $this->asAdmin()->addComment($ownPage);
// no comment-update-all
$this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-update-all']);
// now has comment-update-all
$this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
$this->assertResponseOk()->seeJsonContains(['status' => 'success']);
}
public function test_comment_delete_own_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$this->giveUserPermissions($this->user, ['comment-create-all']);
$comment = $this->actingAs($this->user)->addComment($ownPage);
// no comment-delete-own
$this->actingAs($this->user)->deleteComment($comment['id']);
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-delete-own']);
// now has comment-update-own
$this->actingAs($this->user)->deleteComment($comment['id']);
$this->assertResponseOk()->seeJsonContains(['status' => 'success']);
}
public function test_comment_delete_all_permission () {
$ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
$comment = $this->asAdmin()->addComment($ownPage);
// no comment-delete-all
$this->actingAs($this->user)->deleteComment($comment['id']);
$this->assertResponseStatus(403);
$this->giveUserPermissions($this->user, ['comment-delete-all']);
// now has comment-delete-all
$this->actingAs($this->user)->deleteComment($comment['id']);
$this->assertResponseOk()->seeJsonContains(['status' => 'success']);
}
private function addComment($page) {
$comment = factory(\BookStack\Comment::class)->make();
$url = "/ajax/page/$page->id/comment/";
$request = [
'text' => $comment->text,
'html' => $comment->html
];
$this->json('POST', $url, $request);
$resp = $this->decodeResponseJson();
if (isset($resp['comment'])) {
return $resp['comment'];
}
return null;
}
private function updateComment($page, $commentId) {
$comment = factory(\BookStack\Comment::class)->make();
$url = "/ajax/page/$page->id/comment/$commentId";
$request = [
'text' => $comment->text,
'html' => $comment->html
];
return $this->json('PUT', $url, $request);
}
private function deleteComment($commentId) {
$url = '/ajax/comment/' . $commentId;
return $this->json('DELETE', $url);
}
}