mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 01:36:00 -04:00
Added tests for content conversion action permissions
- Updated 'removePermissionFromUser' test helper to work for entity-permissions that become part of the joint permissions system.
This commit is contained in:
parent
65d4505079
commit
85f59b5275
@ -49,6 +49,27 @@ class ConvertTest extends TestCase
|
||||
$this->assertActivityExists(ActivityType::BOOK_CREATE_FROM_CHAPTER, $newBook);
|
||||
}
|
||||
|
||||
public function test_convert_chapter_to_book_requires_permissions()
|
||||
{
|
||||
/** @var Chapter $chapter */
|
||||
$chapter = Chapter::query()->first();
|
||||
$user = $this->getViewer();
|
||||
|
||||
$permissions = ['chapter-delete-all', 'book-create-all', 'chapter-update-all'];
|
||||
$this->giveUserPermissions($user, $permissions);
|
||||
|
||||
foreach ($permissions as $permission) {
|
||||
$this->removePermissionFromUser($user, $permission);
|
||||
$resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
|
||||
$this->assertPermissionError($resp);
|
||||
$this->giveUserPermissions($user, [$permission]);
|
||||
}
|
||||
|
||||
$resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
|
||||
$this->assertNotPermissionError($resp);
|
||||
$resp->assertRedirect();
|
||||
}
|
||||
|
||||
public function test_book_edit_view_shows_convert_option()
|
||||
{
|
||||
$book = Book::query()->first();
|
||||
@ -102,4 +123,25 @@ class ConvertTest extends TestCase
|
||||
$this->assertEquals($childChapter->name, $chapterChildPage->book->name);
|
||||
}
|
||||
|
||||
public function test_book_convert_to_shelf_requires_permissions()
|
||||
{
|
||||
/** @var Book $book */
|
||||
$book = Book::query()->first();
|
||||
$user = $this->getViewer();
|
||||
|
||||
$permissions = ['book-delete-all', 'bookshelf-create-all', 'book-update-all', 'book-create-all'];
|
||||
$this->giveUserPermissions($user, $permissions);
|
||||
|
||||
foreach ($permissions as $permission) {
|
||||
$this->removePermissionFromUser($user, $permission);
|
||||
$resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));
|
||||
$this->assertPermissionError($resp);
|
||||
$this->giveUserPermissions($user, [$permission]);
|
||||
}
|
||||
|
||||
$resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));
|
||||
$this->assertNotPermissionError($resp);
|
||||
$resp->assertRedirect();
|
||||
}
|
||||
|
||||
}
|
@ -194,13 +194,23 @@ trait SharedTestHelpers
|
||||
/**
|
||||
* Completely remove the given permission name from the given user.
|
||||
*/
|
||||
protected function removePermissionFromUser(User $user, string $permission)
|
||||
protected function removePermissionFromUser(User $user, string $permissionName)
|
||||
{
|
||||
$permission = RolePermission::query()->where('name', '=', $permission)->first();
|
||||
$permissionService = app()->make(PermissionService::class);
|
||||
|
||||
/** @var RolePermission $permission */
|
||||
$permission = RolePermission::query()->where('name', '=', $permissionName)->firstOrFail();
|
||||
|
||||
$roles = $user->roles()->whereHas('permissions', function($query) use ($permission) {
|
||||
$query->where('id', '=', $permission->id);
|
||||
})->get();
|
||||
|
||||
/** @var Role $role */
|
||||
foreach ($user->roles as $role) {
|
||||
foreach ($roles as $role) {
|
||||
$role->detachPermission($permission);
|
||||
$permissionService->buildJointPermissionForRole($role);
|
||||
}
|
||||
|
||||
$user->clearPermissionCache();
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user