webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-30 04:23:11 +03:00
Code Activity

Prevented normal users from changing own email

Browse Source 
To address #1542

Updates to only allow email changes by users with the users-manage role
permission.
This commit is contained in:
Dan Brown
2019-08-06 21:29:42 +01:00
parent 2955f414dd
commit f417675b1d
4 changed files with 45 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
tests/Permissions/RolesTest.php
View File

@ -119,6 +119,43 @@ class RolesTest extends BrowserKitTest
$this->actingAs($this->user)->visit('/')->dontSee($usersLink);
}
public function test_user_cannot_change_email_unless_they_have_manage_users_permission()
{
$userProfileUrl = '/settings/users/' . $this->user->id;
$originalEmail = $this->user->email;
$this->actingAs($this->user);
$this->visit($userProfileUrl)
->assertResponseOk()
->seeElement('input[name=email][disabled]');
$this->put($userProfileUrl, [
'name' => 'my_new_name',
'email' => 'new_email@example.com',
]);
$this->seeInDatabase('users', [
'id' => $this->user->id,
'email' => $originalEmail,
'name' => 'my_new_name',
]);
$this->giveUserPermissions($this->user, ['users-manage']);
$this->visit($userProfileUrl)
->assertResponseOk()
->dontSeeElement('input[name=email][disabled]')
->seeElement('input[name=email]');
$this->put($userProfileUrl, [
'name' => 'my_new_name_2',
'email' => 'new_email@example.com',
]);
$this->seeInDatabase('users', [
'id' => $this->user->id,
'email' => 'new_email@example.com',
'name' => 'my_new_name_2',
]);
}
public function test_user_roles_manage_permission()
{
$this->actingAs($this->user)->visit('/settings/roles')