BookStack/tests/Api/AttachmentsApiTest.php

<?php

namespace Tests\Api;

use BookStack\Entities\Models\Page;
use BookStack\Uploads\Attachment;
use Illuminate\Http\UploadedFile;
use Illuminate\Testing\AssertableJsonString;
use Tests\TestCase;

class AttachmentsApiTest extends TestCase
{
    use TestsApi;

    protected $baseEndpoint = '/api/attachments';

    public function test_index_endpoint_returns_expected_book()
    {
        $this->actingAsApiEditor();
        $page = Page::query()->first();
        $attachment = $this->createAttachmentForPage($page, [
            'name'     => 'My test attachment',
            'external' => true,
        ]);

        $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
        $resp->assertJson(['data' => [
            [
                'id'          => $attachment->id,
                'name'        => 'My test attachment',
                'uploaded_to' => $page->id,
                'external'    => true,
            ],
        ]]);
    }

    public function test_attachments_listing_based_upon_page_visibility()
    {
        $this->actingAsApiEditor();
        /** @var Page $page */
        $page = Page::query()->first();
        $attachment = $this->createAttachmentForPage($page, [
            'name'     => 'My test attachment',
            'external' => true,
        ]);

        $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
        $resp->assertJson(['data' => [
            [
                'id' => $attachment->id,
            ],
        ]]);

        $page->restricted = true;
        $page->save();
        $this->regenEntityPermissions($page);

        $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
        $resp->assertJsonMissing(['data' => [
            [
                'id' => $attachment->id,
            ],
        ]]);
    }

    public function test_create_endpoint_for_link_attachment()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();

        $details = [
            'name'        => 'My attachment',
            'uploaded_to' => $page->id,
            'link'        => 'https://cats.example.com',
        ];

        $resp = $this->postJson($this->baseEndpoint, $details);
        $resp->assertStatus(200);
        /** @var Attachment $newItem */
        $newItem = Attachment::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();
        $resp->assertJson(['id' => $newItem->id, 'external' => true, 'name' => $details['name'], 'uploaded_to' => $page->id]);
    }

    public function test_create_endpoint_for_upload_attachment()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();
        $file = $this->getTestFile('textfile.txt');

        $details = [
            'name'        => 'My attachment',
            'uploaded_to' => $page->id,
        ];

        $resp = $this->call('POST', $this->baseEndpoint, $details, [], ['file' => $file]);
        $resp->assertStatus(200);
        /** @var Attachment $newItem */
        $newItem = Attachment::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();
        $resp->assertJson(['id' => $newItem->id, 'external' => false, 'extension' => 'txt', 'name' => $details['name'], 'uploaded_to' => $page->id]);
        $this->assertTrue(file_exists(storage_path($newItem->path)));
        unlink(storage_path($newItem->path));
    }

    public function test_upload_limit_restricts_attachment_uploads()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();

        config()->set('app.upload_limit', 1);

        $file = tmpfile();
        $filePath = stream_get_meta_data($file)['uri'];
        fwrite($file, str_repeat('a', 1200000));
        $file = new UploadedFile($filePath, 'test.txt', 'text/plain', null, true);

        $details = [
            'name'        => 'My attachment',
            'uploaded_to' => $page->id,
        ];
        $resp = $this->call('POST', $this->baseEndpoint, $details, [], ['file' => $file]);
        $resp->assertStatus(422);
        $resp->assertJson($this->validationResponse([
            'file' => ['The file may not be greater than 1000 kilobytes.'],
        ]));
    }

    public function test_name_needed_to_create()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();

        $details = [
            'uploaded_to' => $page->id,
            'link'        => 'https://example.com',
        ];

        $resp = $this->postJson($this->baseEndpoint, $details);
        $resp->assertStatus(422);
        $resp->assertJson($this->validationResponse(['name' => ['The name field is required.']]));
    }

    public function test_link_or_file_needed_to_create()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();

        $details = [
            'name'        => 'my attachment',
            'uploaded_to' => $page->id,
        ];

        $resp = $this->postJson($this->baseEndpoint, $details);
        $resp->assertStatus(422);
        $resp->assertJson($this->validationResponse([
            'file' => ['The file field is required when link is not present.'],
            'link' => ['The link field is required when file is not present.'],
        ]));
    }

    public function test_message_shown_if_file_is_not_a_valid_file()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();

        $details = [
            'name'        => 'my attachment',
            'uploaded_to' => $page->id,
            'file'        => 'cat',
        ];

        $resp = $this->postJson($this->baseEndpoint, $details);
        $resp->assertStatus(422);
        $resp->assertJson($this->validationResponse(['file' => ['The file must be provided as a valid file.']]));
    }

    public function test_read_endpoint_for_link_attachment()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();

        $attachment = $this->createAttachmentForPage($page, [
            'name'  => 'my attachment',
            'path'  => 'https://example.com',
            'order' => 1,
        ]);

        $resp = $this->getJson("{$this->baseEndpoint}/{$attachment->id}");

        $resp->assertStatus(200);
        $resp->assertJson([
            'id'          => $attachment->id,
            'content'     => 'https://example.com',
            'external'    => true,
            'uploaded_to' => $page->id,
            'order'       => 1,
            'created_by'  => [
                'name' => $attachment->createdBy->name,
            ],
            'updated_by' => [
                'name' => $attachment->createdBy->name,
            ],
            'links' => [
                'html'     => "<a target=\"_blank\" href=\"http://localhost/attachments/{$attachment->id}\">my attachment</a>",
                'markdown' => "[my attachment](http://localhost/attachments/{$attachment->id})",
            ],
        ]);
    }

    public function test_read_endpoint_for_file_attachment()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();
        $file = $this->getTestFile('textfile.txt');

        $details = [
            'name'        => 'My file attachment',
            'uploaded_to' => $page->id,
        ];
        $this->call('POST', $this->baseEndpoint, $details, [], ['file' => $file]);
        /** @var Attachment $attachment */
        $attachment = Attachment::query()->orderByDesc('id')->where('name', '=', $details['name'])->firstOrFail();

        $resp = $this->getJson("{$this->baseEndpoint}/{$attachment->id}");
        $resp->assertStatus(200);
        $resp->assertHeader('Content-Type', 'application/json');

        $json = new AssertableJsonString($resp->streamedContent());
        $json->assertSubset([
            'id'          => $attachment->id,
            'content'     => base64_encode(file_get_contents(storage_path($attachment->path))),
            'external'    => false,
            'uploaded_to' => $page->id,
            'order'       => 1,
            'created_by'  => [
                'name' => $attachment->createdBy->name,
            ],
            'updated_by' => [
                'name' => $attachment->updatedBy->name,
            ],
            'links' => [
                'html'     => "<a target=\"_blank\" href=\"http://localhost/attachments/{$attachment->id}\">My file attachment</a>",
                'markdown' => "[My file attachment](http://localhost/attachments/{$attachment->id})",
            ],
        ]);

        unlink(storage_path($attachment->path));
    }

    public function test_attachment_not_visible_on_other_users_draft()
    {
        $this->actingAsApiAdmin();
        $editor = $this->getEditor();

        /** @var Page $page */
        $page = Page::query()->first();
        $page->draft = true;
        $page->owned_by = $editor;
        $page->save();
        $this->regenEntityPermissions($page);

        $attachment = $this->createAttachmentForPage($page, [
            'name'  => 'my attachment',
            'path'  => 'https://example.com',
            'order' => 1,
        ]);

        $resp = $this->getJson("{$this->baseEndpoint}/{$attachment->id}");

        $resp->assertStatus(404);
    }

    public function test_update_endpoint()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();
        $attachment = $this->createAttachmentForPage($page);

        $details = [
            'name' => 'My updated API attachment',
        ];

        $resp = $this->putJson("{$this->baseEndpoint}/{$attachment->id}", $details);
        $attachment->refresh();

        $resp->assertStatus(200);
        $resp->assertJson(['id' => $attachment->id, 'name' => 'My updated API attachment']);
    }

    public function test_update_link_attachment_to_file()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();
        $attachment = $this->createAttachmentForPage($page);
        $file = $this->getTestFile('textfile.txt');

        $resp = $this->call('PUT', "{$this->baseEndpoint}/{$attachment->id}", ['name' => 'My updated file'], [], ['file' => $file]);
        $resp->assertStatus(200);

        $attachment->refresh();
        $this->assertFalse($attachment->external);
        $this->assertEquals('txt', $attachment->extension);
        $this->assertStringStartsWith('uploads/files/', $attachment->path);
        $this->assertFileExists(storage_path($attachment->path));

        unlink(storage_path($attachment->path));
    }

    public function test_update_file_attachment_to_link()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();
        $file = $this->getTestFile('textfile.txt');
        $this->call('POST', $this->baseEndpoint, ['name' => 'My file attachment', 'uploaded_to' => $page->id], [], ['file' => $file]);
        /** @var Attachment $attachment */
        $attachment = Attachment::query()->where('name', '=', 'My file attachment')->firstOrFail();

        $filePath = storage_path($attachment->path);
        $this->assertFileExists($filePath);

        $details = [
            'name' => 'My updated API attachment',
            'link' => 'https://cats.example.com',
        ];

        $resp = $this->putJson("{$this->baseEndpoint}/{$attachment->id}", $details);
        $resp->assertStatus(200);
        $attachment->refresh();

        $this->assertFileDoesNotExist($filePath);
        $this->assertTrue($attachment->external);
        $this->assertEquals('https://cats.example.com', $attachment->path);
        $this->assertEquals('', $attachment->extension);
    }

    public function test_delete_endpoint()
    {
        $this->actingAsApiAdmin();
        /** @var Page $page */
        $page = Page::query()->first();
        $attachment = $this->createAttachmentForPage($page);

        $resp = $this->deleteJson("{$this->baseEndpoint}/{$attachment->id}");

        $resp->assertStatus(204);
        $this->assertDatabaseMissing('attachments', ['id' => $attachment->id]);
    }

    protected function createAttachmentForPage(Page $page, $attributes = []): Attachment
    {
        $admin = $this->getAdmin();
        /** @var Attachment $attachment */
        $attachment = $page->attachments()->forceCreate(array_merge([
            'uploaded_to' => $page->id,
            'name'        => 'test attachment',
            'external'    => true,
            'order'       => 1,
            'created_by'  => $admin->id,
            'updated_by'  => $admin->id,
            'path'        => 'https://attachment.example.com',
        ], $attributes));

        return $attachment;
    }

    /**
     * Get a test file that can be uploaded.
     */
    protected function getTestFile(string $fileName): UploadedFile
    {
        return new UploadedFile(base_path('tests/test-data/test-file.txt'), $fileName, 'text/plain', null, true);
    }
}
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`<?php`

			`namespace Tests\Api;`

			`use BookStack\Entities\Models\Page;`
			`use BookStack\Uploads\Attachment;`
			`use Illuminate\Http\UploadedFile;`
Fixed tests from streaming changes - Added testing check to buffer stop/clear on streaming output due to interference during tests. - Made content-disposition header a little safer in download responses. - Also aligned how we check for testing environment. 2022-04-03 11:22:31 -04:00			`use Illuminate\Testing\AssertableJsonString;`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`use Tests\TestCase;`

			`class AttachmentsApiTest extends TestCase`
			`{`
			`use TestsApi;`

			`protected $baseEndpoint = '/api/attachments';`

			`public function test_index_endpoint_returns_expected_book()`
			`{`
			`$this->actingAsApiEditor();`
			`$page = Page::query()->first();`
			`$attachment = $this->createAttachmentForPage($page, [`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'name' => 'My test attachment',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'external' => true,`
			`]);`

			`$resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');`
			`$resp->assertJson(['data' => [`
			`[`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'id' => $attachment->id,`
			`'name' => 'My test attachment',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'uploaded_to' => $page->id,`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'external' => true,`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`],`
			`]]);`
			`}`

			`public function test_attachments_listing_based_upon_page_visibility()`
			`{`
			`$this->actingAsApiEditor();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`
			`$attachment = $this->createAttachmentForPage($page, [`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'name' => 'My test attachment',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'external' => true,`
			`]);`

			`$resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');`
			`$resp->assertJson(['data' => [`
			`[`
			`'id' => $attachment->id,`
			`],`
			`]]);`

			`$page->restricted = true;`
			`$page->save();`
			`$this->regenEntityPermissions($page);`

			`$resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');`
			`$resp->assertJsonMissing(['data' => [`
			`[`
			`'id' => $attachment->id,`
			`],`
			`]]);`
			`}`

			`public function test_create_endpoint_for_link_attachment()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`

			`$details = [`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'name' => 'My attachment',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'uploaded_to' => $page->id,`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'link' => 'https://cats.example.com',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`];`

			`$resp = $this->postJson($this->baseEndpoint, $details);`
			`$resp->assertStatus(200);`
			`/** @var Attachment $newItem */`
			`$newItem = Attachment::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();`
			`$resp->assertJson(['id' => $newItem->id, 'external' => true, 'name' => $details['name'], 'uploaded_to' => $page->id]);`
			`}`

			`public function test_create_endpoint_for_upload_attachment()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`
			`$file = $this->getTestFile('textfile.txt');`

			`$details = [`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'name' => 'My attachment',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'uploaded_to' => $page->id,`
			`];`

			`$resp = $this->call('POST', $this->baseEndpoint, $details, [], ['file' => $file]);`
			`$resp->assertStatus(200);`
			`/** @var Attachment $newItem */`
			`$newItem = Attachment::query()->orderByDesc('id')->where('name', '=', $details['name'])->first();`
			`$resp->assertJson(['id' => $newItem->id, 'external' => false, 'extension' => 'txt', 'name' => $details['name'], 'uploaded_to' => $page->id]);`
			`$this->assertTrue(file_exists(storage_path($newItem->path)));`
			`unlink(storage_path($newItem->path));`
			`}`

Added attachment API file size limit test Created while testing for #3248, Was not something that's currently failing within BookStack but will still add for coverage. 2022-02-06 00:05:17 -05:00			`public function test_upload_limit_restricts_attachment_uploads()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`

			`config()->set('app.upload_limit', 1);`

			`$file = tmpfile();`
			`$filePath = stream_get_meta_data($file)['uri'];`
			`fwrite($file, str_repeat('a', 1200000));`
			`$file = new UploadedFile($filePath, 'test.txt', 'text/plain', null, true);`

			`$details = [`
			`'name' => 'My attachment',`
			`'uploaded_to' => $page->id,`
			`];`
			`$resp = $this->call('POST', $this->baseEndpoint, $details, [], ['file' => $file]);`
			`$resp->assertStatus(422);`
			`$resp->assertJson($this->validationResponse([`
Added missing validation.file message - Included test to cover - Also applied StyleCI fixes Closes #3248 2022-02-06 09:47:33 -05:00			`'file' => ['The file may not be greater than 1000 kilobytes.'],`
Added attachment API file size limit test Created while testing for #3248, Was not something that's currently failing within BookStack but will still add for coverage. 2022-02-06 00:05:17 -05:00			`]));`
			`}`

Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`public function test_name_needed_to_create()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`

			`$details = [`
			`'uploaded_to' => $page->id,`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'link' => 'https://example.com',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`];`

			`$resp = $this->postJson($this->baseEndpoint, $details);`
			`$resp->assertStatus(422);`
Added missing validation.file message - Included test to cover - Also applied StyleCI fixes Closes #3248 2022-02-06 09:47:33 -05:00			`$resp->assertJson($this->validationResponse(['name' => ['The name field is required.']]));`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`}`

			`public function test_link_or_file_needed_to_create()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`

			`$details = [`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'name' => 'my attachment',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'uploaded_to' => $page->id,`
			`];`

			`$resp = $this->postJson($this->baseEndpoint, $details);`
			`$resp->assertStatus(422);`
Added missing validation.file message - Included test to cover - Also applied StyleCI fixes Closes #3248 2022-02-06 09:47:33 -05:00			`$resp->assertJson($this->validationResponse([`
			`'file' => ['The file field is required when link is not present.'],`
			`'link' => ['The link field is required when file is not present.'],`
			`]));`
			`}`

			`public function test_message_shown_if_file_is_not_a_valid_file()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`

			`$details = [`
			`'name' => 'my attachment',`
			`'uploaded_to' => $page->id,`
			`'file' => 'cat',`
			`];`

			`$resp = $this->postJson($this->baseEndpoint, $details);`
			`$resp->assertStatus(422);`
			`$resp->assertJson($this->validationResponse(['file' => ['The file must be provided as a valid file.']]));`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`}`

			`public function test_read_endpoint_for_link_attachment()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`

			`$attachment = $this->createAttachmentForPage($page, [`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'name' => 'my attachment',`
			`'path' => 'https://example.com',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'order' => 1,`
			`]);`

			`$resp = $this->getJson("{$this->baseEndpoint}/{$attachment->id}");`

			`$resp->assertStatus(200);`
			`$resp->assertJson([`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'id' => $attachment->id,`
			`'content' => 'https://example.com',`
			`'external' => true,`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'uploaded_to' => $page->id,`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'order' => 1,`
			`'created_by' => [`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'name' => $attachment->createdBy->name,`
			`],`
			`'updated_by' => [`
			`'name' => $attachment->createdBy->name,`
			`],`
			`'links' => [`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'html' => "<a target=\"_blank\" href=\"http://localhost/attachments/{$attachment->id}\">my attachment</a>",`
			`'markdown' => "[my attachment](http://localhost/attachments/{$attachment->id})",`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`],`
			`]);`
			`}`

			`public function test_read_endpoint_for_file_attachment()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`
			`$file = $this->getTestFile('textfile.txt');`

			`$details = [`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'name' => 'My file attachment',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'uploaded_to' => $page->id,`
			`];`
			`$this->call('POST', $this->baseEndpoint, $details, [], ['file' => $file]);`
			`/** @var Attachment $attachment */`
			`$attachment = Attachment::query()->orderByDesc('id')->where('name', '=', $details['name'])->firstOrFail();`

			`$resp = $this->getJson("{$this->baseEndpoint}/{$attachment->id}");`
			`$resp->assertStatus(200);`
Fixed tests from streaming changes - Added testing check to buffer stop/clear on streaming output due to interference during tests. - Made content-disposition header a little safer in download responses. - Also aligned how we check for testing environment. 2022-04-03 11:22:31 -04:00			`$resp->assertHeader('Content-Type', 'application/json');`

			`$json = new AssertableJsonString($resp->streamedContent());`
			`$json->assertSubset([`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'id' => $attachment->id,`
			`'content' => base64_encode(file_get_contents(storage_path($attachment->path))),`
			`'external' => false,`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'uploaded_to' => $page->id,`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'order' => 1,`
			`'created_by' => [`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`'name' => $attachment->createdBy->name,`
			`],`
			`'updated_by' => [`
			`'name' => $attachment->updatedBy->name,`
			`],`
			`'links' => [`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'html' => "<a target=\"_blank\" href=\"http://localhost/attachments/{$attachment->id}\">My file attachment</a>",`
			`'markdown' => "[My file attachment](http://localhost/attachments/{$attachment->id})",`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`],`
			`]);`

			`unlink(storage_path($attachment->path));`
			`}`

Fixed related permissions query not considering drafts Page-related items added on drafts could be visible in certain scenarios since the applied permissions query filters would not consider page draft visibility. This commit alters queries on related items to apply such filtering. Included test to cover API scenario. Thanks to @haxatron for reporting. 2021-11-29 19:06:17 -05:00			`public function test_attachment_not_visible_on_other_users_draft()`
			`{`
			`$this->actingAsApiAdmin();`
			`$editor = $this->getEditor();`

			`/** @var Page $page */`
			`$page = Page::query()->first();`
			`$page->draft = true;`
			`$page->owned_by = $editor;`
			`$page->save();`
			`$this->regenEntityPermissions($page);`

			`$attachment = $this->createAttachmentForPage($page, [`
			`'name' => 'my attachment',`
			`'path' => 'https://example.com',`
			`'order' => 1,`
			`]);`

			`$resp = $this->getJson("{$this->baseEndpoint}/{$attachment->id}");`

			`$resp->assertStatus(404);`
			`}`

Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`public function test_update_endpoint()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`
			`$attachment = $this->createAttachmentForPage($page);`

			`$details = [`
			`'name' => 'My updated API attachment',`
			`];`

			`$resp = $this->putJson("{$this->baseEndpoint}/{$attachment->id}", $details);`
			`$attachment->refresh();`

			`$resp->assertStatus(200);`
			`$resp->assertJson(['id' => $attachment->id, 'name' => 'My updated API attachment']);`
			`}`

			`public function test_update_link_attachment_to_file()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`
			`$attachment = $this->createAttachmentForPage($page);`
			`$file = $this->getTestFile('textfile.txt');`

			`$resp = $this->call('PUT', "{$this->baseEndpoint}/{$attachment->id}", ['name' => 'My updated file'], [], ['file' => $file]);`
			`$resp->assertStatus(200);`

			`$attachment->refresh();`
			`$this->assertFalse($attachment->external);`
			`$this->assertEquals('txt', $attachment->extension);`
			`$this->assertStringStartsWith('uploads/files/', $attachment->path);`
			`$this->assertFileExists(storage_path($attachment->path));`

			`unlink(storage_path($attachment->path));`
			`}`

			`public function test_update_file_attachment_to_link()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`
			`$file = $this->getTestFile('textfile.txt');`
			`$this->call('POST', $this->baseEndpoint, ['name' => 'My file attachment', 'uploaded_to' => $page->id], [], ['file' => $file]);`
			`/** @var Attachment $attachment */`
			`$attachment = Attachment::query()->where('name', '=', 'My file attachment')->firstOrFail();`

			`$filePath = storage_path($attachment->path);`
			`$this->assertFileExists($filePath);`

			`$details = [`
			`'name' => 'My updated API attachment',`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'link' => 'https://cats.example.com',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`];`

			`$resp = $this->putJson("{$this->baseEndpoint}/{$attachment->id}", $details);`
			`$resp->assertStatus(200);`
			`$attachment->refresh();`

			`$this->assertFileDoesNotExist($filePath);`
			`$this->assertTrue($attachment->external);`
			`$this->assertEquals('https://cats.example.com', $attachment->path);`
			`$this->assertEquals('', $attachment->extension);`
			`}`

			`public function test_delete_endpoint()`
			`{`
			`$this->actingAsApiAdmin();`
			`/** @var Page $page */`
			`$page = Page::query()->first();`
			`$attachment = $this->createAttachmentForPage($page);`

			`$resp = $this->deleteJson("{$this->baseEndpoint}/{$attachment->id}");`

			`$resp->assertStatus(204);`
			`$this->assertDatabaseMissing('attachments', ['id' => $attachment->id]);`
			`}`

			`protected function createAttachmentForPage(Page $page, $attributes = []): Attachment`
			`{`
			`$admin = $this->getAdmin();`
			`/** @var Attachment $attachment */`
			`$attachment = $page->attachments()->forceCreate(array_merge([`
			`'uploaded_to' => $page->id,`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00			`'name' => 'test attachment',`
			`'external' => true,`
			`'order' => 1,`
			`'created_by' => $admin->id,`
			`'updated_by' => $admin->id,`
			`'path' => 'https://attachment.example.com',`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`], $attributes));`
Applied latest changes from styleCI 2021-10-20 05:49:45 -04:00
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`return $attachment;`
			`}`

			`/**`
			`* Get a test file that can be uploaded.`
			`*/`
			`protected function getTestFile(string $fileName): UploadedFile`
			`{`
Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-26 17:04:18 -04:00			`return new UploadedFile(base_path('tests/test-data/test-file.txt'), $fileName, 'text/plain', null, true);`
Added TestCase for attachments API methods 2021-10-19 19:58:56 -04:00			`}`
			`}`