Added tests for content conversion action permissions

- Updated 'removePermissionFromUser' test helper to work for entity-permissions that become part of the joint permissions system.
2024-10-01 05:36:00 +00:00 · 2022-06-19 18:12:36 +01:00 · 2022-06-19 18:12:36 +01:00 · 85f59b5275
commit 85f59b5275
parent 65d4505079
2 changed files with 55 additions and 3 deletions
--- a/tests/Entity/ConvertTest.php
+++ b/tests/Entity/ConvertTest.php
@ -49,6 +49,27 @@ class ConvertTest extends TestCase
        $this->assertActivityExists(ActivityType::BOOK_CREATE_FROM_CHAPTER, $newBook);
    }

+    public function test_convert_chapter_to_book_requires_permissions()
+    {
+        /** @var Chapter $chapter */
+        $chapter = Chapter::query()->first();
+        $user = $this->getViewer();
+
+        $permissions = ['chapter-delete-all', 'book-create-all', 'chapter-update-all'];
+        $this->giveUserPermissions($user, $permissions);
+
+        foreach ($permissions as $permission) {
+            $this->removePermissionFromUser($user, $permission);
+            $resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
+            $this->assertPermissionError($resp);
+            $this->giveUserPermissions($user, [$permission]);
+        }
+
+        $resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
+        $this->assertNotPermissionError($resp);
+        $resp->assertRedirect();
+    }
+
    public function test_book_edit_view_shows_convert_option()
    {
        $book = Book::query()->first();
@ -102,4 +123,25 @@ class ConvertTest extends TestCase
        $this->assertEquals($childChapter->name, $chapterChildPage->book->name);
    }

+    public function test_book_convert_to_shelf_requires_permissions()
+    {
+        /** @var Book $book */
+        $book = Book::query()->first();
+        $user = $this->getViewer();
+
+        $permissions = ['book-delete-all', 'bookshelf-create-all', 'book-update-all', 'book-create-all'];
+        $this->giveUserPermissions($user, $permissions);
+
+        foreach ($permissions as $permission) {
+            $this->removePermissionFromUser($user, $permission);
+            $resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));
+            $this->assertPermissionError($resp);
+            $this->giveUserPermissions($user, [$permission]);
+        }
+
+        $resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));
+        $this->assertNotPermissionError($resp);
+        $resp->assertRedirect();
+    }
+
 }
--- a/tests/SharedTestHelpers.php
+++ b/tests/SharedTestHelpers.php
@ -194,13 +194,23 @@ trait SharedTestHelpers
    /**
     * Completely remove the given permission name from the given user.
     */
-    protected function removePermissionFromUser(User $user, string $permission)
+    protected function removePermissionFromUser(User $user, string $permissionName)
    {
-        $permission = RolePermission::query()->where('name', '=', $permission)->first();
+        $permissionService = app()->make(PermissionService::class);
+
+        /** @var RolePermission $permission */
+        $permission = RolePermission::query()->where('name', '=', $permissionName)->firstOrFail();
+
+        $roles = $user->roles()->whereHas('permissions', function($query) use ($permission) {
+            $query->where('id', '=', $permission->id);
+        })->get();
+
        /** @var Role $role */
-        foreach ($user->roles as $role) {
+        foreach ($roles as $role) {
            $role->detachPermission($permission);
+            $permissionService->buildJointPermissionForRole($role);
        }
+
        $user->clearPermissionCache();
    }