From e6e6d259749f789a4a3e8b87bc6e86ed94a4df9c Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Sun, 17 Jul 2022 10:18:24 +0100
Subject: [PATCH] Removed test web route, extracted text, added test

---
 resources/lang/en/entities.php               |  1 +
 resources/views/entities/list-item.blade.php |  2 +-
 routes/web.php                               |  7 -------
 tests/Entity/EntitySearchTest.php            | 17 ++++++++++++++++-
 4 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/resources/lang/en/entities.php b/resources/lang/en/entities.php
index 27d67487a..aa353bdac 100644
--- a/resources/lang/en/entities.php
+++ b/resources/lang/en/entities.php
@@ -24,6 +24,7 @@ return [
     'meta_updated_name' => 'Updated :timeLength by :user',
     'meta_owned_name' => 'Owned by :user',
     'entity_select' => 'Entity Select',
+    'entity_select_lack_permission' => 'You don\'t have the required permissions to select this item',
     'images' => 'Images',
     'my_recent_drafts' => 'My Recent Drafts',
     'my_recently_viewed' => 'My Recently Viewed',
diff --git a/resources/views/entities/list-item.blade.php b/resources/views/entities/list-item.blade.php
index 5314c8446..2fadef191 100644
--- a/resources/views/entities/list-item.blade.php
+++ b/resources/views/entities/list-item.blade.php
@@ -4,7 +4,7 @@
 
     @if($locked ?? false)
         <div class="text-warn my-xxs bold">
-            @icon('lock')You don't have the required permissions to select this item.
+            @icon('lock'){{ trans('entities.entity_select_lack_permission') }}
         </div>
     @endif
 
diff --git a/routes/web.php b/routes/web.php
index 9b562703c..5e16e5333 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -38,13 +38,6 @@ use Illuminate\View\Middleware\ShareErrorsFromSession;
 Route::get('/status', [StatusController::class, 'show']);
 Route::get('/robots.txt', [HomeController::class, 'robots']);
 
-Route::get('/test', function() {
-    $book = \BookStack\Entities\Models\Book::query()->where('slug', '=', 'k5TrhXxaNb')->firstOrFail();
-    $builder= app()->make(\BookStack\Auth\Permissions\JointPermissionBuilder::class);
-    $builder->rebuildForEntity($book);
-    return 'finished';
-})->withoutMiddleware('web');
-
 // Authenticated routes...
 Route::middleware('auth')->group(function () {
 
diff --git a/tests/Entity/EntitySearchTest.php b/tests/Entity/EntitySearchTest.php
index b535f5aaa..55c54695e 100644
--- a/tests/Entity/EntitySearchTest.php
+++ b/tests/Entity/EntitySearchTest.php
@@ -214,7 +214,7 @@ class EntitySearchTest extends TestCase
         $defaultListTest->assertDontSee($notVisitedPage->name);
     }
 
-    public function test_ajax_entity_serach_shows_breadcrumbs()
+    public function test_ajax_entity_search_shows_breadcrumbs()
     {
         $chapter = Chapter::first();
         $page = $chapter->pages->first();
@@ -230,6 +230,21 @@ class EntitySearchTest extends TestCase
         $chapterSearch->assertSee($chapter->book->getShortName(42));
     }
 
+    public function test_ajax_entity_search_reflects_items_without_permission()
+    {
+        $page = Page::query()->first();
+        $baseSelector = 'a[data-entity-type="page"][data-entity-id="' . $page->id . '"]';
+        $searchUrl = "/ajax/search/entities?permission=update&term=" . urlencode($page->name);
+
+        $resp = $this->asEditor()->get($searchUrl);
+        $resp->assertElementContains($baseSelector, $page->name);
+        $resp->assertElementNotContains($baseSelector, "You don't have the required permissions to select this item");
+
+        $resp = $this->actingAs($this->getViewer())->get($searchUrl);
+        $resp->assertElementContains($baseSelector, $page->name);
+        $resp->assertElementContains($baseSelector, "You don't have the required permissions to select this item");
+    }
+
     public function test_sibling_search_for_pages()
     {
         $chapter = Chapter::query()->with('pages')->first();