2017-02-04 19:58:42 +08:00
|
|
|
<?php namespace Tests;
|
2016-03-06 02:09:21 +08:00
|
|
|
|
2018-09-25 19:30:50 +08:00
|
|
|
use BookStack\Entities\Book;
|
|
|
|
use BookStack\Entities\Bookshelf;
|
|
|
|
use BookStack\Entities\Chapter;
|
|
|
|
use BookStack\Entities\Entity;
|
|
|
|
use BookStack\Auth\User;
|
2018-10-13 18:27:55 +08:00
|
|
|
use BookStack\Entities\Repos\EntityRepo;
|
2018-09-25 19:30:50 +08:00
|
|
|
use BookStack\Entities\Page;
|
2017-11-19 23:56:06 +08:00
|
|
|
|
2017-01-26 03:35:40 +08:00
|
|
|
class RestrictionsTest extends BrowserKitTest
|
2016-03-06 02:09:21 +08:00
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
|
|
|
|
/**
|
2018-09-25 19:30:50 +08:00
|
|
|
* @var \BookStack\Auth\User
|
2017-11-19 23:56:06 +08:00
|
|
|
*/
|
2016-03-06 02:09:21 +08:00
|
|
|
protected $user;
|
2017-11-19 23:56:06 +08:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @var User
|
|
|
|
*/
|
2016-03-31 03:15:44 +08:00
|
|
|
protected $viewer;
|
2017-11-19 23:56:06 +08:00
|
|
|
|
2016-03-06 02:09:21 +08:00
|
|
|
public function setUp()
|
|
|
|
{
|
|
|
|
parent::setUp();
|
2016-05-07 21:29:43 +08:00
|
|
|
$this->user = $this->getEditor();
|
2016-03-31 03:15:44 +08:00
|
|
|
$this->viewer = $this->getViewer();
|
2016-03-06 02:09:21 +08:00
|
|
|
}
|
|
|
|
|
2018-04-15 01:47:13 +08:00
|
|
|
protected function setEntityRestrictions(Entity $entity, $actions = [], $roles = [])
|
2016-03-06 02:09:21 +08:00
|
|
|
{
|
2018-04-15 01:47:13 +08:00
|
|
|
$roles = [
|
|
|
|
$this->user->roles->first(),
|
|
|
|
$this->viewer->roles->first(),
|
|
|
|
];
|
|
|
|
parent::setEntityRestrictions($entity, $actions, $roles);
|
2016-03-06 02:09:21 +08:00
|
|
|
}
|
|
|
|
|
2018-09-21 22:15:16 +08:00
|
|
|
public function test_bookshelf_view_restriction()
|
|
|
|
{
|
|
|
|
$shelf = Bookshelf::first();
|
|
|
|
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($shelf->getUrl())
|
|
|
|
->seePageIs($shelf->getUrl());
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, []);
|
|
|
|
|
|
|
|
$this->forceVisit($shelf->getUrl())
|
|
|
|
->see('Bookshelf not found');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, ['view']);
|
|
|
|
|
|
|
|
$this->visit($shelf->getUrl())
|
|
|
|
->see($shelf->name);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_bookshelf_update_restriction()
|
|
|
|
{
|
|
|
|
$shelf = BookShelf::first();
|
|
|
|
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($shelf->getUrl('/edit'))
|
|
|
|
->see('Edit Book');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->forceVisit($shelf->getUrl('/edit'))
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->visit($shelf->getUrl('/edit'))
|
|
|
|
->seePageIs($shelf->getUrl('/edit'));
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_bookshelf_delete_restriction()
|
|
|
|
{
|
|
|
|
$shelf = Book::first();
|
|
|
|
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($shelf->getUrl('/delete'))
|
|
|
|
->see('Delete Book');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->forceVisit($shelf->getUrl('/delete'))
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->visit($shelf->getUrl('/delete'))
|
|
|
|
->seePageIs($shelf->getUrl('/delete'))->see('Delete Book');
|
|
|
|
}
|
|
|
|
|
2016-03-06 02:09:21 +08:00
|
|
|
public function test_book_view_restriction()
|
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
$book = Book::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
$bookPage = $book->pages->first();
|
|
|
|
$bookChapter = $book->chapters->first();
|
|
|
|
|
|
|
|
$bookUrl = $book->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($bookUrl)
|
|
|
|
->seePageIs($bookUrl);
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, []);
|
|
|
|
|
|
|
|
$this->forceVisit($bookUrl)
|
|
|
|
->see('Book not found');
|
|
|
|
$this->forceVisit($bookPage->getUrl())
|
2017-01-02 00:05:44 +08:00
|
|
|
->see('Page not found');
|
2016-03-06 02:09:21 +08:00
|
|
|
$this->forceVisit($bookChapter->getUrl())
|
2017-01-02 00:05:44 +08:00
|
|
|
->see('Chapter not found');
|
2016-03-06 02:09:21 +08:00
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view']);
|
|
|
|
|
|
|
|
$this->visit($bookUrl)
|
|
|
|
->see($book->name);
|
|
|
|
$this->visit($bookPage->getUrl())
|
|
|
|
->see($bookPage->name);
|
|
|
|
$this->visit($bookChapter->getUrl())
|
|
|
|
->see($bookChapter->name);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_book_create_restriction()
|
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
$book = Book::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
|
|
|
|
$bookUrl = $book->getUrl();
|
2016-03-31 03:15:44 +08:00
|
|
|
$this->actingAs($this->viewer)
|
|
|
|
->visit($bookUrl)
|
|
|
|
->dontSeeInElement('.action-buttons', 'New Page')
|
|
|
|
->dontSeeInElement('.action-buttons', 'New Chapter');
|
2016-03-06 02:09:21 +08:00
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($bookUrl)
|
|
|
|
->seeInElement('.action-buttons', 'New Page')
|
|
|
|
->seeInElement('.action-buttons', 'New Chapter');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'delete', 'update']);
|
|
|
|
|
2018-03-25 18:34:42 +08:00
|
|
|
$this->forceVisit($bookUrl . '/create-chapter')
|
2016-03-06 02:09:21 +08:00
|
|
|
->see('You do not have permission')->seePageIs('/');
|
2018-03-25 18:34:42 +08:00
|
|
|
$this->forceVisit($bookUrl . '/create-page')
|
2016-03-06 02:09:21 +08:00
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
|
|
|
|
->dontSeeInElement('.action-buttons', 'New Chapter');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'create']);
|
|
|
|
|
2018-03-25 18:34:42 +08:00
|
|
|
$this->visit($bookUrl . '/create-chapter')
|
2016-03-06 02:09:21 +08:00
|
|
|
->type('test chapter', 'name')
|
|
|
|
->type('test description for chapter', 'description')
|
|
|
|
->press('Save Chapter')
|
|
|
|
->seePageIs($bookUrl . '/chapter/test-chapter');
|
2018-03-25 18:34:42 +08:00
|
|
|
$this->visit($bookUrl . '/create-page')
|
2016-03-06 02:09:21 +08:00
|
|
|
->type('test page', 'name')
|
|
|
|
->type('test content', 'html')
|
|
|
|
->press('Save Page')
|
|
|
|
->seePageIs($bookUrl . '/page/test-page');
|
|
|
|
$this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')
|
|
|
|
->seeInElement('.action-buttons', 'New Chapter');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_book_update_restriction()
|
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
$book = Book::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
$bookPage = $book->pages->first();
|
|
|
|
$bookChapter = $book->chapters->first();
|
|
|
|
|
|
|
|
$bookUrl = $book->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($bookUrl . '/edit')
|
|
|
|
->see('Edit Book');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->forceVisit($bookUrl . '/edit')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($bookPage->getUrl() . '/edit')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($bookChapter->getUrl() . '/edit')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->visit($bookUrl . '/edit')
|
|
|
|
->seePageIs($bookUrl . '/edit');
|
|
|
|
$this->visit($bookPage->getUrl() . '/edit')
|
|
|
|
->seePageIs($bookPage->getUrl() . '/edit');
|
|
|
|
$this->visit($bookChapter->getUrl() . '/edit')
|
|
|
|
->see('Edit Chapter');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_book_delete_restriction()
|
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
$book = Book::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
$bookPage = $book->pages->first();
|
|
|
|
$bookChapter = $book->chapters->first();
|
|
|
|
|
|
|
|
$bookUrl = $book->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($bookUrl . '/delete')
|
|
|
|
->see('Delete Book');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->forceVisit($bookUrl . '/delete')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($bookPage->getUrl() . '/delete')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($bookChapter->getUrl() . '/delete')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->visit($bookUrl . '/delete')
|
|
|
|
->seePageIs($bookUrl . '/delete')->see('Delete Book');
|
|
|
|
$this->visit($bookPage->getUrl() . '/delete')
|
|
|
|
->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');
|
|
|
|
$this->visit($bookChapter->getUrl() . '/delete')
|
|
|
|
->see('Delete Chapter');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_chapter_view_restriction()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$chapter = Chapter::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
$chapterPage = $chapter->pages->first();
|
|
|
|
|
|
|
|
$chapterUrl = $chapter->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($chapterUrl)
|
|
|
|
->seePageIs($chapterUrl);
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($chapter, []);
|
|
|
|
|
|
|
|
$this->forceVisit($chapterUrl)
|
|
|
|
->see('Chapter not found');
|
|
|
|
$this->forceVisit($chapterPage->getUrl())
|
|
|
|
->see('Page not found');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($chapter, ['view']);
|
|
|
|
|
|
|
|
$this->visit($chapterUrl)
|
|
|
|
->see($chapter->name);
|
|
|
|
$this->visit($chapterPage->getUrl())
|
|
|
|
->see($chapterPage->name);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_chapter_create_restriction()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$chapter = Chapter::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
|
|
|
|
$chapterUrl = $chapter->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($chapterUrl)
|
|
|
|
->seeInElement('.action-buttons', 'New Page');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($chapter, ['view', 'delete', 'update']);
|
|
|
|
|
|
|
|
$this->forceVisit($chapterUrl . '/create-page')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->visit($chapterUrl)->dontSeeInElement('.action-buttons', 'New Page');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($chapter, ['view', 'create']);
|
|
|
|
|
|
|
|
|
|
|
|
$this->visit($chapterUrl . '/create-page')
|
|
|
|
->type('test page', 'name')
|
|
|
|
->type('test content', 'html')
|
|
|
|
->press('Save Page')
|
|
|
|
->seePageIs($chapter->book->getUrl() . '/page/test-page');
|
2017-04-30 05:01:43 +08:00
|
|
|
|
2016-03-06 02:09:21 +08:00
|
|
|
$this->visit($chapterUrl)->seeInElement('.action-buttons', 'New Page');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_chapter_update_restriction()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$chapter = Chapter::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
$chapterPage = $chapter->pages->first();
|
|
|
|
|
|
|
|
$chapterUrl = $chapter->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($chapterUrl . '/edit')
|
|
|
|
->see('Edit Chapter');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($chapter, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->forceVisit($chapterUrl . '/edit')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($chapterPage->getUrl() . '/edit')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($chapter, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->visit($chapterUrl . '/edit')
|
|
|
|
->seePageIs($chapterUrl . '/edit')->see('Edit Chapter');
|
|
|
|
$this->visit($chapterPage->getUrl() . '/edit')
|
|
|
|
->seePageIs($chapterPage->getUrl() . '/edit');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_chapter_delete_restriction()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$chapter = Chapter::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
$chapterPage = $chapter->pages->first();
|
|
|
|
|
|
|
|
$chapterUrl = $chapter->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($chapterUrl . '/delete')
|
|
|
|
->see('Delete Chapter');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($chapter, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->forceVisit($chapterUrl . '/delete')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($chapterPage->getUrl() . '/delete')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($chapter, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->visit($chapterUrl . '/delete')
|
|
|
|
->seePageIs($chapterUrl . '/delete')->see('Delete Chapter');
|
|
|
|
$this->visit($chapterPage->getUrl() . '/delete')
|
|
|
|
->seePageIs($chapterPage->getUrl() . '/delete')->see('Delete Page');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_page_view_restriction()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$page = \BookStack\Entities\Page::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
|
|
|
|
$pageUrl = $page->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($pageUrl)
|
|
|
|
->seePageIs($pageUrl);
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($page, ['update', 'delete']);
|
|
|
|
|
|
|
|
$this->forceVisit($pageUrl)
|
|
|
|
->see('Page not found');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($page, ['view']);
|
|
|
|
|
|
|
|
$this->visit($pageUrl)
|
|
|
|
->see($page->name);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_page_update_restriction()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$page = Chapter::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
|
|
|
|
$pageUrl = $page->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($pageUrl . '/edit')
|
|
|
|
->seeInField('name', $page->name);
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($page, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->forceVisit($pageUrl . '/edit')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($page, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->visit($pageUrl . '/edit')
|
|
|
|
->seePageIs($pageUrl . '/edit')->seeInField('name', $page->name);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_page_delete_restriction()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$page = \BookStack\Entities\Page::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
|
|
|
|
$pageUrl = $page->getUrl();
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($pageUrl . '/delete')
|
|
|
|
->see('Delete Page');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($page, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->forceVisit($pageUrl . '/delete')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($page, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->visit($pageUrl . '/delete')
|
|
|
|
->seePageIs($pageUrl . '/delete')->see('Delete Page');
|
|
|
|
}
|
|
|
|
|
2018-09-21 22:15:16 +08:00
|
|
|
public function test_bookshelf_restriction_form()
|
|
|
|
{
|
|
|
|
$shelf = Bookshelf::first();
|
|
|
|
$this->asAdmin()->visit($shelf->getUrl('/permissions'))
|
|
|
|
->see('Bookshelf Permissions')
|
|
|
|
->check('restricted')
|
|
|
|
->check('restrictions[2][view]')
|
|
|
|
->press('Save Permissions')
|
|
|
|
->seeInDatabase('bookshelves', ['id' => $shelf->id, 'restricted' => true])
|
|
|
|
->seeInDatabase('entity_permissions', [
|
|
|
|
'restrictable_id' => $shelf->id,
|
2018-09-25 19:30:50 +08:00
|
|
|
'restrictable_type' => Bookshelf::newModelInstance()->getMorphClass(),
|
2018-09-21 22:15:16 +08:00
|
|
|
'role_id' => '2',
|
|
|
|
'action' => 'view'
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
2016-03-06 02:09:21 +08:00
|
|
|
public function test_book_restriction_form()
|
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
$book = Book::first();
|
2016-03-31 03:15:44 +08:00
|
|
|
$this->asAdmin()->visit($book->getUrl() . '/permissions')
|
|
|
|
->see('Book Permissions')
|
2016-03-06 02:09:21 +08:00
|
|
|
->check('restricted')
|
|
|
|
->check('restrictions[2][view]')
|
2016-03-31 03:15:44 +08:00
|
|
|
->press('Save Permissions')
|
2016-03-06 02:09:21 +08:00
|
|
|
->seeInDatabase('books', ['id' => $book->id, 'restricted' => true])
|
2016-05-02 04:20:50 +08:00
|
|
|
->seeInDatabase('entity_permissions', [
|
2016-03-06 02:09:21 +08:00
|
|
|
'restrictable_id' => $book->id,
|
2018-09-25 19:30:50 +08:00
|
|
|
'restrictable_type' => Book::newModelInstance()->getMorphClass(),
|
2016-03-06 02:09:21 +08:00
|
|
|
'role_id' => '2',
|
|
|
|
'action' => 'view'
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_chapter_restriction_form()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$chapter = Chapter::first();
|
2016-03-31 03:15:44 +08:00
|
|
|
$this->asAdmin()->visit($chapter->getUrl() . '/permissions')
|
|
|
|
->see('Chapter Permissions')
|
2016-03-06 02:09:21 +08:00
|
|
|
->check('restricted')
|
|
|
|
->check('restrictions[2][update]')
|
2016-03-31 03:15:44 +08:00
|
|
|
->press('Save Permissions')
|
2016-03-06 02:09:21 +08:00
|
|
|
->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true])
|
2016-05-02 04:20:50 +08:00
|
|
|
->seeInDatabase('entity_permissions', [
|
2016-03-06 02:09:21 +08:00
|
|
|
'restrictable_id' => $chapter->id,
|
2018-09-25 19:30:50 +08:00
|
|
|
'restrictable_type' => Chapter::newModelInstance()->getMorphClass(),
|
2016-03-06 02:09:21 +08:00
|
|
|
'role_id' => '2',
|
|
|
|
'action' => 'update'
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_page_restriction_form()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$page = \BookStack\Entities\Page::first();
|
2016-03-31 03:15:44 +08:00
|
|
|
$this->asAdmin()->visit($page->getUrl() . '/permissions')
|
|
|
|
->see('Page Permissions')
|
2016-03-06 02:09:21 +08:00
|
|
|
->check('restricted')
|
|
|
|
->check('restrictions[2][delete]')
|
2016-03-31 03:15:44 +08:00
|
|
|
->press('Save Permissions')
|
2016-03-06 02:09:21 +08:00
|
|
|
->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true])
|
2016-05-02 04:20:50 +08:00
|
|
|
->seeInDatabase('entity_permissions', [
|
2016-03-06 02:09:21 +08:00
|
|
|
'restrictable_id' => $page->id,
|
2018-09-25 19:30:50 +08:00
|
|
|
'restrictable_type' => Page::newModelInstance()->getMorphClass(),
|
2016-03-06 02:09:21 +08:00
|
|
|
'role_id' => '2',
|
|
|
|
'action' => 'delete'
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_restricted_pages_not_visible_in_book_navigation_on_pages()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$chapter = Chapter::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
$page = $chapter->pages->first();
|
|
|
|
$page2 = $chapter->pages[2];
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($page, []);
|
|
|
|
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($page2->getUrl())
|
|
|
|
->dontSeeInElement('.sidebar-page-list', $page->name);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_restricted_pages_not_visible_in_book_navigation_on_chapters()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$chapter = Chapter::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
$page = $chapter->pages->first();
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($page, []);
|
|
|
|
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($chapter->getUrl())
|
|
|
|
->dontSeeInElement('.sidebar-page-list', $page->name);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_restricted_pages_not_visible_on_chapter_pages()
|
|
|
|
{
|
2018-09-25 19:30:50 +08:00
|
|
|
$chapter = Chapter::first();
|
2016-03-06 02:09:21 +08:00
|
|
|
$page = $chapter->pages->first();
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($page, []);
|
|
|
|
|
|
|
|
$this->actingAs($this->user)
|
|
|
|
->visit($chapter->getUrl())
|
|
|
|
->dontSee($page->name);
|
|
|
|
}
|
|
|
|
|
2018-09-21 22:15:16 +08:00
|
|
|
public function test_bookshelf_update_restriction_override()
|
|
|
|
{
|
|
|
|
$shelf = Bookshelf::first();
|
|
|
|
|
|
|
|
$this->actingAs($this->viewer)
|
|
|
|
->visit($shelf->getUrl('/edit'))
|
|
|
|
->dontSee('Edit Book');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->forceVisit($shelf->getUrl('/edit'))
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->visit($shelf->getUrl('/edit'))
|
|
|
|
->seePageIs($shelf->getUrl('/edit'));
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_bookshelf_delete_restriction_override()
|
|
|
|
{
|
|
|
|
$shelf = Bookshelf::first();
|
|
|
|
|
|
|
|
$this->actingAs($this->viewer)
|
|
|
|
->visit($shelf->getUrl('/delete'))
|
|
|
|
->dontSee('Delete Book');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->forceVisit($shelf->getUrl('/delete'))
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($shelf, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->visit($shelf->getUrl('/delete'))
|
|
|
|
->seePageIs($shelf->getUrl('/delete'))->see('Delete Book');
|
|
|
|
}
|
|
|
|
|
2016-03-31 03:15:44 +08:00
|
|
|
public function test_book_create_restriction_override()
|
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
$book = Book::first();
|
2016-03-31 03:15:44 +08:00
|
|
|
|
|
|
|
$bookUrl = $book->getUrl();
|
|
|
|
$this->actingAs($this->viewer)
|
|
|
|
->visit($bookUrl)
|
|
|
|
->dontSeeInElement('.action-buttons', 'New Page')
|
|
|
|
->dontSeeInElement('.action-buttons', 'New Chapter');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'delete', 'update']);
|
|
|
|
|
2018-03-25 18:34:42 +08:00
|
|
|
$this->forceVisit($bookUrl . '/create-chapter')
|
2016-03-31 03:15:44 +08:00
|
|
|
->see('You do not have permission')->seePageIs('/');
|
2018-03-25 18:34:42 +08:00
|
|
|
$this->forceVisit($bookUrl . '/create-page')
|
2016-03-31 03:15:44 +08:00
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
|
|
|
|
->dontSeeInElement('.action-buttons', 'New Chapter');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'create']);
|
|
|
|
|
2018-03-25 18:34:42 +08:00
|
|
|
$this->visit($bookUrl . '/create-chapter')
|
2016-03-31 03:15:44 +08:00
|
|
|
->type('test chapter', 'name')
|
|
|
|
->type('test description for chapter', 'description')
|
|
|
|
->press('Save Chapter')
|
|
|
|
->seePageIs($bookUrl . '/chapter/test-chapter');
|
2018-03-25 18:34:42 +08:00
|
|
|
$this->visit($bookUrl . '/create-page')
|
2016-03-31 03:15:44 +08:00
|
|
|
->type('test page', 'name')
|
|
|
|
->type('test content', 'html')
|
|
|
|
->press('Save Page')
|
|
|
|
->seePageIs($bookUrl . '/page/test-page');
|
|
|
|
$this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')
|
|
|
|
->seeInElement('.action-buttons', 'New Chapter');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_book_update_restriction_override()
|
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
$book = Book::first();
|
2016-03-31 03:15:44 +08:00
|
|
|
$bookPage = $book->pages->first();
|
|
|
|
$bookChapter = $book->chapters->first();
|
|
|
|
|
|
|
|
$bookUrl = $book->getUrl();
|
|
|
|
$this->actingAs($this->viewer)
|
|
|
|
->visit($bookUrl . '/edit')
|
|
|
|
->dontSee('Edit Book');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->forceVisit($bookUrl . '/edit')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($bookPage->getUrl() . '/edit')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($bookChapter->getUrl() . '/edit')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->visit($bookUrl . '/edit')
|
|
|
|
->seePageIs($bookUrl . '/edit');
|
|
|
|
$this->visit($bookPage->getUrl() . '/edit')
|
|
|
|
->seePageIs($bookPage->getUrl() . '/edit');
|
|
|
|
$this->visit($bookChapter->getUrl() . '/edit')
|
|
|
|
->see('Edit Chapter');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_book_delete_restriction_override()
|
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
$book = Book::first();
|
2016-03-31 03:15:44 +08:00
|
|
|
$bookPage = $book->pages->first();
|
|
|
|
$bookChapter = $book->chapters->first();
|
|
|
|
|
|
|
|
$bookUrl = $book->getUrl();
|
|
|
|
$this->actingAs($this->viewer)
|
|
|
|
->visit($bookUrl . '/delete')
|
|
|
|
->dontSee('Delete Book');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'update']);
|
|
|
|
|
|
|
|
$this->forceVisit($bookUrl . '/delete')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($bookPage->getUrl() . '/delete')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
$this->forceVisit($bookChapter->getUrl() . '/delete')
|
|
|
|
->see('You do not have permission')->seePageIs('/');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, ['view', 'delete']);
|
|
|
|
|
|
|
|
$this->visit($bookUrl . '/delete')
|
|
|
|
->seePageIs($bookUrl . '/delete')->see('Delete Book');
|
|
|
|
$this->visit($bookPage->getUrl() . '/delete')
|
|
|
|
->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');
|
|
|
|
$this->visit($bookChapter->getUrl() . '/delete')
|
|
|
|
->see('Delete Chapter');
|
|
|
|
}
|
|
|
|
|
2017-04-22 20:39:34 +08:00
|
|
|
public function test_page_visible_if_has_permissions_when_book_not_visible()
|
|
|
|
{
|
2017-11-19 23:56:06 +08:00
|
|
|
$book = Book::first();
|
2017-04-22 20:39:34 +08:00
|
|
|
|
|
|
|
$this->setEntityRestrictions($book, []);
|
2017-11-19 23:56:06 +08:00
|
|
|
|
|
|
|
$bookChapter = $book->chapters->first();
|
|
|
|
$bookPage = $bookChapter->pages->first();
|
2017-04-22 20:39:34 +08:00
|
|
|
$this->setEntityRestrictions($bookPage, ['view']);
|
|
|
|
|
|
|
|
$this->actingAs($this->viewer);
|
|
|
|
$this->get($bookPage->getUrl());
|
|
|
|
$this->assertResponseOk();
|
|
|
|
$this->see($bookPage->name);
|
|
|
|
$this->dontSee(substr($book->name, 0, 15));
|
|
|
|
$this->dontSee(substr($bookChapter->name, 0, 15));
|
|
|
|
}
|
|
|
|
|
2017-12-31 22:47:08 +08:00
|
|
|
public function test_book_sort_view_permission()
|
|
|
|
{
|
|
|
|
$firstBook = Book::first();
|
|
|
|
$secondBook = Book::find(2);
|
|
|
|
$thirdBook = Book::find(3);
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($firstBook, ['view', 'update']);
|
|
|
|
$this->setEntityRestrictions($secondBook, ['view']);
|
|
|
|
$this->setEntityRestrictions($thirdBook, ['view', 'update']);
|
|
|
|
|
|
|
|
// Test sort page visibility
|
|
|
|
$this->actingAs($this->user)->visit($secondBook->getUrl() . '/sort')
|
|
|
|
->see('You do not have permission')
|
|
|
|
->seePageIs('/');
|
|
|
|
|
|
|
|
// Check sort page on first book
|
|
|
|
$this->actingAs($this->user)->visit($firstBook->getUrl() . '/sort')
|
|
|
|
->see($thirdBook->name)
|
|
|
|
->dontSee($secondBook->name);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_book_sort_permission() {
|
|
|
|
$firstBook = Book::first();
|
|
|
|
$secondBook = Book::find(2);
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($firstBook, ['view', 'update']);
|
|
|
|
$this->setEntityRestrictions($secondBook, ['view']);
|
|
|
|
|
|
|
|
$firstBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter',
|
|
|
|
['name' => 'first book chapter'], $firstBook);
|
|
|
|
$secondBookChapter = $this->app[EntityRepo::class]->createFromInput('chapter',
|
|
|
|
['name' => 'second book chapter'], $secondBook);
|
|
|
|
|
|
|
|
// Create request data
|
|
|
|
$reqData = [
|
|
|
|
[
|
|
|
|
'id' => $firstBookChapter->id,
|
|
|
|
'sort' => 0,
|
|
|
|
'parentChapter' => false,
|
|
|
|
'type' => 'chapter',
|
|
|
|
'book' => $secondBook->id
|
|
|
|
]
|
|
|
|
];
|
|
|
|
|
|
|
|
// Move chapter from first book to a second book
|
|
|
|
$this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)])
|
|
|
|
->followRedirects()
|
|
|
|
->see('You do not have permission')
|
|
|
|
->seePageIs('/');
|
|
|
|
|
|
|
|
$reqData = [
|
|
|
|
[
|
|
|
|
'id' => $secondBookChapter->id,
|
|
|
|
'sort' => 0,
|
|
|
|
'parentChapter' => false,
|
|
|
|
'type' => 'chapter',
|
|
|
|
'book' => $firstBook->id
|
|
|
|
]
|
|
|
|
];
|
|
|
|
|
|
|
|
// Move chapter from second book to first book
|
|
|
|
$this->actingAs($this->user)->put($firstBook->getUrl() . '/sort', ['sort-tree' => json_encode($reqData)])
|
|
|
|
->followRedirects()
|
|
|
|
->see('You do not have permission')
|
|
|
|
->seePageIs('/');
|
|
|
|
}
|
2018-07-14 21:12:29 +08:00
|
|
|
|
|
|
|
public function test_can_create_page_if_chapter_has_permissions_when_book_not_visible()
|
|
|
|
{
|
|
|
|
$book = Book::first();
|
|
|
|
$this->setEntityRestrictions($book, []);
|
|
|
|
$bookChapter = $book->chapters->first();
|
|
|
|
$this->setEntityRestrictions($bookChapter, ['view']);
|
|
|
|
|
|
|
|
$this->actingAs($this->user)->visit($bookChapter->getUrl())
|
|
|
|
->dontSee('New Page');
|
|
|
|
|
|
|
|
$this->setEntityRestrictions($bookChapter, ['view', 'create']);
|
|
|
|
|
|
|
|
$this->actingAs($this->user)->visit($bookChapter->getUrl())
|
|
|
|
->click('New Page')
|
|
|
|
->seeStatusCode(200)
|
|
|
|
->type('test page', 'name')
|
|
|
|
->type('test content', 'html')
|
|
|
|
->press('Save Page')
|
|
|
|
->seePageIs($book->getUrl('/page/test-page'))
|
|
|
|
->seeStatusCode(200);
|
|
|
|
}
|
2016-03-06 02:09:21 +08:00
|
|
|
}
|