mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-07-31 15:24:31 +03:00
Merge bugfixes from branch 'v0.8'
This commit is contained in:
Dan Brown
@ -3,11 +3,21 @@
|
||||
class RestrictionsTest extends TestCase
|
||||
{
|
||||
protected $user;
|
||||
protected $viewer;
|
||||
|
||||
public function setUp()
|
||||
{
|
||||
parent::setUp();
|
||||
$this->user = $this->getNewUser();
|
||||
$this->viewer = $this->getViewer();
|
||||
}
|
||||
|
||||
protected function getViewer()
|
||||
{
|
||||
$role = \BookStack\Role::getRole('viewer');
|
||||
$viewer = $this->getNewBlankUser();
|
||||
$viewer->attachRole($role);;
|
||||
return $viewer;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -20,11 +30,16 @@ class RestrictionsTest extends TestCase
|
||||
$entity->restricted = true;
|
||||
$entity->restrictions()->delete();
|
||||
$role = $this->user->roles->first();
|
||||
$viewerRole = $this->viewer->roles->first();
|
||||
foreach ($actions as $action) {
|
||||
$entity->restrictions()->create([
|
||||
'role_id' => $role->id,
|
||||
'action' => strtolower($action)
|
||||
]);
|
||||
$entity->restrictions()->create([
|
||||
'role_id' => $viewerRole->id,
|
||||
'action' => strtolower($action)
|
||||
]);
|
||||
}
|
||||
$entity->save();
|
||||
$entity->load('restrictions');
|
||||
@ -65,6 +80,10 @@ class RestrictionsTest extends TestCase
|
||||
$book = \BookStack\Book::first();
|
||||
|
||||
$bookUrl = $book->getUrl();
|
||||
$this->actingAs($this->viewer)
|
||||
->visit($bookUrl)
|
||||
->dontSeeInElement('.action-buttons', 'New Page')
|
||||
->dontSeeInElement('.action-buttons', 'New Chapter');
|
||||
$this->actingAs($this->user)
|
||||
->visit($bookUrl)
|
||||
->seeInElement('.action-buttons', 'New Page')
|
||||
@ -319,11 +338,11 @@ class RestrictionsTest extends TestCase
|
||||
public function test_book_restriction_form()
|
||||
{
|
||||
$book = \BookStack\Book::first();
|
||||
$this->asAdmin()->visit($book->getUrl() . '/restrict')
|
||||
->see('Book Restrictions')
|
||||
$this->asAdmin()->visit($book->getUrl() . '/permissions')
|
||||
->see('Book Permissions')
|
||||
->check('restricted')
|
||||
->check('restrictions[2][view]')
|
||||
->press('Save Restrictions')
|
||||
->press('Save Permissions')
|
||||
->seeInDatabase('books', ['id' => $book->id, 'restricted' => true])
|
||||
->seeInDatabase('restrictions', [
|
||||
'restrictable_id' => $book->id,
|
||||
@ -336,11 +355,11 @@ class RestrictionsTest extends TestCase
|
||||
public function test_chapter_restriction_form()
|
||||
{
|
||||
$chapter = \BookStack\Chapter::first();
|
||||
$this->asAdmin()->visit($chapter->getUrl() . '/restrict')
|
||||
->see('Chapter Restrictions')
|
||||
$this->asAdmin()->visit($chapter->getUrl() . '/permissions')
|
||||
->see('Chapter Permissions')
|
||||
->check('restricted')
|
||||
->check('restrictions[2][update]')
|
||||
->press('Save Restrictions')
|
||||
->press('Save Permissions')
|
||||
->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true])
|
||||
->seeInDatabase('restrictions', [
|
||||
'restrictable_id' => $chapter->id,
|
||||
@ -353,11 +372,11 @@ class RestrictionsTest extends TestCase
|
||||
public function test_page_restriction_form()
|
||||
{
|
||||
$page = \BookStack\Page::first();
|
||||
$this->asAdmin()->visit($page->getUrl() . '/restrict')
|
||||
->see('Page Restrictions')
|
||||
$this->asAdmin()->visit($page->getUrl() . '/permissions')
|
||||
->see('Page Permissions')
|
||||
->check('restricted')
|
||||
->check('restrictions[2][delete]')
|
||||
->press('Save Restrictions')
|
||||
->press('Save Permissions')
|
||||
->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true])
|
||||
->seeInDatabase('restrictions', [
|
||||
'restrictable_id' => $page->id,
|
||||
@ -404,4 +423,99 @@ class RestrictionsTest extends TestCase
|
||||
->dontSee($page->name);
|
||||
}
|
||||
|
||||
public function test_book_create_restriction_override()
|
||||
{
|
||||
$book = \BookStack\Book::first();
|
||||
|
||||
$bookUrl = $book->getUrl();
|
||||
$this->actingAs($this->viewer)
|
||||
->visit($bookUrl)
|
||||
->dontSeeInElement('.action-buttons', 'New Page')
|
||||
->dontSeeInElement('.action-buttons', 'New Chapter');
|
||||
|
||||
$this->setEntityRestrictions($book, ['view', 'delete', 'update']);
|
||||
|
||||
$this->forceVisit($bookUrl . '/chapter/create')
|
||||
->see('You do not have permission')->seePageIs('/');
|
||||
$this->forceVisit($bookUrl . '/page/create')
|
||||
->see('You do not have permission')->seePageIs('/');
|
||||
$this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
|
||||
->dontSeeInElement('.action-buttons', 'New Chapter');
|
||||
|
||||
$this->setEntityRestrictions($book, ['view', 'create']);
|
||||
|
||||
$this->visit($bookUrl . '/chapter/create')
|
||||
->type('test chapter', 'name')
|
||||
->type('test description for chapter', 'description')
|
||||
->press('Save Chapter')
|
||||
->seePageIs($bookUrl . '/chapter/test-chapter');
|
||||
$this->visit($bookUrl . '/page/create')
|
||||
->type('test page', 'name')
|
||||
->type('test content', 'html')
|
||||
->press('Save Page')
|
||||
->seePageIs($bookUrl . '/page/test-page');
|
||||
$this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')
|
||||
->seeInElement('.action-buttons', 'New Chapter');
|
||||
}
|
||||
|
||||
public function test_book_update_restriction_override()
|
||||
{
|
||||
$book = \BookStack\Book::first();
|
||||
$bookPage = $book->pages->first();
|
||||
$bookChapter = $book->chapters->first();
|
||||
|
||||
$bookUrl = $book->getUrl();
|
||||
$this->actingAs($this->viewer)
|
||||
->visit($bookUrl . '/edit')
|
||||
->dontSee('Edit Book');
|
||||
|
||||
$this->setEntityRestrictions($book, ['view', 'delete']);
|
||||
|
||||
$this->forceVisit($bookUrl . '/edit')
|
||||
->see('You do not have permission')->seePageIs('/');
|
||||
$this->forceVisit($bookPage->getUrl() . '/edit')
|
||||
->see('You do not have permission')->seePageIs('/');
|
||||
$this->forceVisit($bookChapter->getUrl() . '/edit')
|
||||
->see('You do not have permission')->seePageIs('/');
|
||||
|
||||
$this->setEntityRestrictions($book, ['view', 'update']);
|
||||
|
||||
$this->visit($bookUrl . '/edit')
|
||||
->seePageIs($bookUrl . '/edit');
|
||||
$this->visit($bookPage->getUrl() . '/edit')
|
||||
->seePageIs($bookPage->getUrl() . '/edit');
|
||||
$this->visit($bookChapter->getUrl() . '/edit')
|
||||
->see('Edit Chapter');
|
||||
}
|
||||
|
||||
public function test_book_delete_restriction_override()
|
||||
{
|
||||
$book = \BookStack\Book::first();
|
||||
$bookPage = $book->pages->first();
|
||||
$bookChapter = $book->chapters->first();
|
||||
|
||||
$bookUrl = $book->getUrl();
|
||||
$this->actingAs($this->viewer)
|
||||
->visit($bookUrl . '/delete')
|
||||
->dontSee('Delete Book');
|
||||
|
||||
$this->setEntityRestrictions($book, ['view', 'update']);
|
||||
|
||||
$this->forceVisit($bookUrl . '/delete')
|
||||
->see('You do not have permission')->seePageIs('/');
|
||||
$this->forceVisit($bookPage->getUrl() . '/delete')
|
||||
->see('You do not have permission')->seePageIs('/');
|
||||
$this->forceVisit($bookChapter->getUrl() . '/delete')
|
||||
->see('You do not have permission')->seePageIs('/');
|
||||
|
||||
$this->setEntityRestrictions($book, ['view', 'delete']);
|
||||
|
||||
$this->visit($bookUrl . '/delete')
|
||||
->seePageIs($bookUrl . '/delete')->see('Delete Book');
|
||||
$this->visit($bookPage->getUrl() . '/delete')
|
||||
->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');
|
||||
$this->visit($bookChapter->getUrl() . '/delete')
|
||||
->see('Delete Chapter');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -129,14 +129,14 @@ class RolesTest extends TestCase
|
||||
{
|
||||
$page = \BookStack\Page::take(1)->get()->first();
|
||||
$this->actingAs($this->user)->visit($page->getUrl())
|
||||
->dontSee('Restrict')
|
||||
->visit($page->getUrl() . '/restrict')
|
||||
->dontSee('Permissions')
|
||||
->visit($page->getUrl() . '/permissions')
|
||||
->seePageIs('/');
|
||||
$this->giveUserPermissions($this->user, ['restrictions-manage-all']);
|
||||
$this->actingAs($this->user)->visit($page->getUrl())
|
||||
->see('Restrict')
|
||||
->click('Restrict')
|
||||
->see('Page Restrictions')->seePageIs($page->getUrl() . '/restrict');
|
||||
->see('Permissions')
|
||||
->click('Permissions')
|
||||
->see('Page Permissions')->seePageIs($page->getUrl() . '/permissions');
|
||||
}
|
||||
|
||||
public function test_restrictions_manage_own_permission()
|
||||
@ -145,27 +145,27 @@ class RolesTest extends TestCase
|
||||
$content = $this->createEntityChainBelongingToUser($this->user);
|
||||
// Check can't restrict other's content
|
||||
$this->actingAs($this->user)->visit($otherUsersPage->getUrl())
|
||||
->dontSee('Restrict')
|
||||
->visit($otherUsersPage->getUrl() . '/restrict')
|
||||
->dontSee('Permissions')
|
||||
->visit($otherUsersPage->getUrl() . '/permissions')
|
||||
->seePageIs('/');
|
||||
// Check can't restrict own content
|
||||
$this->actingAs($this->user)->visit($content['page']->getUrl())
|
||||
->dontSee('Restrict')
|
||||
->visit($content['page']->getUrl() . '/restrict')
|
||||
->dontSee('Permissions')
|
||||
->visit($content['page']->getUrl() . '/permissions')
|
||||
->seePageIs('/');
|
||||
|
||||
$this->giveUserPermissions($this->user, ['restrictions-manage-own']);
|
||||
|
||||
// Check can't restrict other's content
|
||||
$this->actingAs($this->user)->visit($otherUsersPage->getUrl())
|
||||
->dontSee('Restrict')
|
||||
->visit($otherUsersPage->getUrl() . '/restrict')
|
||||
->dontSee('Permissions')
|
||||
->visit($otherUsersPage->getUrl() . '/permissions')
|
||||
->seePageIs('/');
|
||||
// Check can restrict own content
|
||||
$this->actingAs($this->user)->visit($content['page']->getUrl())
|
||||
->see('Restrict')
|
||||
->click('Restrict')
|
||||
->seePageIs($content['page']->getUrl() . '/restrict');
|
||||
->see('Permissions')
|
||||
->click('Permissions')
|
||||
->seePageIs($content['page']->getUrl() . '/permissions');
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user