From c724bfe4d37037e90a305b5ff9410070ccf90bb9 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Sat, 21 Jan 2023 11:08:34 +0000 Subject: [PATCH] Copied over work from user_permissions branch Only that relevant to the additional testing work. --- dev/docs/permission-scenario-testing.md | 421 ++++++++++++++++++ tests/Actions/AuditLogTest.php | 30 +- tests/Actions/WebhookCallTest.php | 4 +- tests/Actions/WebhookFormatTesting.php | 2 +- tests/Actions/WebhookManagementTest.php | 4 +- tests/Api/ApiAuthTest.php | 14 +- tests/Api/AttachmentsApiTest.php | 8 +- tests/Api/BooksApiTest.php | 2 +- tests/Api/ChaptersApiTest.php | 2 +- tests/Api/PagesApiTest.php | 4 +- tests/Api/RecycleBinApiTest.php | 14 +- tests/Api/TestsApi.php | 4 +- tests/Api/UsersApiTest.php | 8 +- tests/Auth/AuthTest.php | 6 +- tests/Auth/GroupSyncServiceTest.php | 8 +- tests/Auth/LdapTest.php | 4 +- tests/Auth/LoginAutoInitiateTest.php | 2 +- tests/Auth/MfaConfigurationTest.php | 18 +- tests/Auth/MfaVerificationTest.php | 10 +- tests/Auth/OidcTest.php | 6 +- tests/Auth/ResetPasswordTest.php | 2 +- tests/Auth/Saml2Test.php | 2 +- tests/Auth/SocialAuthTest.php | 6 +- tests/Auth/UserInviteTest.php | 10 +- tests/Commands/ClearActivityCommandTest.php | 2 +- tests/Commands/ClearViewsCommandTest.php | 4 +- .../CopyShelfPermissionsCommandTest.php | 8 +- .../RegeneratePermissionsCommandTest.php | 21 +- tests/Entity/BookShelfTest.php | 27 +- tests/Entity/BookTest.php | 14 +- tests/Entity/ChapterTest.php | 10 +- tests/Entity/ConvertTest.php | 16 +- tests/Entity/EntityAccessTest.php | 8 +- tests/Entity/EntitySearchTest.php | 16 +- tests/Entity/ExportTest.php | 7 +- tests/Entity/PageContentTest.php | 2 +- tests/Entity/PageDraftTest.php | 14 +- tests/Entity/PageRevisionTest.php | 8 +- tests/Entity/PageTemplateTest.php | 8 +- tests/Entity/PageTest.php | 22 +- tests/Entity/SortTest.php | 52 +-- tests/Entity/TagTest.php | 4 +- tests/ErrorTest.php | 6 +- tests/FavouriteTest.php | 14 +- tests/Helpers/EntityProvider.php | 40 -- tests/Helpers/PermissionsProvider.php | 136 ++++++ tests/Helpers/UserRoleProvider.php | 97 ++++ tests/HomepageTest.php | 10 +- tests/LanguageTest.php | 16 +- tests/Permissions/EntityPermissionsTest.php | 43 +- tests/Permissions/ExportPermissionsTest.php | 8 +- tests/Permissions/RolesTest.php | 90 ++-- .../Scenarios/EntityRolePermissionsTest.php | 201 +++++++++ .../Scenarios/EntityUserPermissionsTest.php | 209 +++++++++ .../Scenarios/PermissionScenarioTestCase.php | 38 ++ .../Scenarios/RoleContentPermissionsTest.php | 59 +++ tests/PublicActionTest.php | 4 +- tests/References/ReferencesTest.php | 2 +- tests/Settings/RecycleBinTest.php | 10 +- tests/Settings/RegenerateReferencesTest.php | 4 +- tests/Settings/TestEmailTest.php | 8 +- tests/TestCase.php | 114 +---- tests/ThemeTest.php | 2 +- tests/Unit/FrameworkAssumptionTest.php | 2 +- tests/Uploads/AttachmentTest.php | 10 +- tests/Uploads/DrawioTest.php | 6 +- tests/Uploads/ImageTest.php | 34 +- tests/User/UserApiTokenTest.php | 30 +- tests/User/UserManagementTest.php | 46 +- tests/User/UserPreferencesTest.php | 20 +- tests/User/UserProfileTest.php | 4 +- tests/User/UserSearchTest.php | 14 +- 72 files changed, 1566 insertions(+), 545 deletions(-) create mode 100644 dev/docs/permission-scenario-testing.md create mode 100644 tests/Helpers/PermissionsProvider.php create mode 100644 tests/Helpers/UserRoleProvider.php create mode 100644 tests/Permissions/Scenarios/EntityRolePermissionsTest.php create mode 100644 tests/Permissions/Scenarios/EntityUserPermissionsTest.php create mode 100644 tests/Permissions/Scenarios/PermissionScenarioTestCase.php create mode 100644 tests/Permissions/Scenarios/RoleContentPermissionsTest.php diff --git a/dev/docs/permission-scenario-testing.md b/dev/docs/permission-scenario-testing.md new file mode 100644 index 000000000..6d0935f09 --- /dev/null +++ b/dev/docs/permission-scenario-testing.md @@ -0,0 +1,421 @@ +# Permission Scenario Testing + +Due to complexity that can arise in the various combinations of permissions, this document details scenarios and their expected results. + +Test cases are written ability abstract, since all abilities should act the same in theory. Functional test cases may test abilities separate due to implementation differences. + +Tests are categorised by the most specific element involved in the scenario, where the below list is most specific to least: + +- User entity permissions. +- Role entity permissions. +- Fallback entity permissions. +- Role permissions. + +- TODO - Test fallback in the context of the above. + +## General Permission Logical Rules + +The below are some general rules we follow to standardise the behaviour of permissions in the platform: + +- Most specific permission application (as above) take priority and can deny less specific permissions. +- Parent user/role entity permissions that may be inherited, are considered to essentially be applied on the item they are inherited to unless a lower level has its own permission rule for an already specific role/user. +- Where both grant and deny exist at the same specificity, we side towards grant. + +## Cases + +### Content Role Permissions + +These are tests related to item/entity permissions that are set only at a role level. + +#### test_01_allow + +- Role A has role all-page permission. +- User has Role A. + +User granted page permission. + +#### test_02_deny + +- Role A has no page permission. +- User has Role A. + +User denied page permission. + +#### test_10_allow_on_own_with_own + +- Role A has role own-page permission. +- User has Role A. +- User is owner of page. + +User granted page permission. + +#### test_11_deny_on_other_with_own + +- Role A has role own-page permission. +- User has Role A. +- User is not owner of page. + +User denied page permission. + +#### test_20_multiple_role_conflicting_all + +- Role A has role all-page permission. +- Role B has no page permission. +- User has Role A & B. + +User granted page permission. + +#### test_21_multiple_role_conflicting_own + +- Role A has role own-page permission. +- Role B has no page permission. +- User has Role A & B. +- User is owner of page. + +User granted page permission. + +--- + +### Entity Role Permissions + +These are tests related to entity-level role-specific permission overrides. + +#### test_01_explicit_allow + +- Page permissions have inherit disabled. +- Role A has entity allow page permission. +- User has Role A. + +User granted page permission. + +#### test_02_explicit_deny + +- Page permissions have inherit disabled. +- Role A has entity deny page permission. +- User has Role A. + +User denied page permission. + +#### test_03_same_level_conflicting + +- Page permissions have inherit disabled. +- Role A has entity allow page permission. +- Role B has entity deny page permission. +- User has both Role A & B. + +User granted page permission. +Explicit grant overrides entity deny at same level. + +#### test_20_inherit_allow + +- Page permissions have inherit enabled. +- Chapter permissions has inherit disabled. +- Role A has entity allow chapter permission. +- User has Role A. + +User granted page permission. + +#### test_21_inherit_deny + +- Page permissions have inherit enabled. +- Chapter permissions has inherit disabled. +- Role A has entity deny chapter permission. +- User has Role A. + +User denied page permission. + +#### test_22_same_level_conflict_inherit + +- Page permissions have inherit enabled. +- Chapter permissions has inherit disabled. +- Role A has entity deny chapter permission. +- Role B has entity allow chapter permission. +- User has both Role A & B. + +User granted page permission. + +#### test_30_child_inherit_override_allow + +- Page permissions have inherit enabled. +- Chapter permissions has inherit disabled. +- Role A has entity deny chapter permission. +- Role A has entity allow page permission. +- User has Role A. + +User granted page permission. + +#### test_31_child_inherit_override_deny + +- Page permissions have inherit enabled. +- Chapter permissions has inherit disabled. +- Role A has entity allow chapter permission. +- Role A has entity deny page permission. +- User has Role A. + +User denied page permission. + +#### test_40_multi_role_inherit_conflict_override_deny + +- Page permissions have inherit enabled. +- Chapter permissions has inherit disabled. +- Role A has entity deny page permission. +- Role B has entity allow chapter permission. +- User has Role A & B. + +User granted page permission. + +#### test_41_multi_role_inherit_conflict_retain_allow + +- Page permissions have inherit enabled. +- Chapter permissions has inherit disabled. +- Role A has entity allow page permission. +- Role B has entity deny chapter permission. +- User has Role A & B. + +User granted page permission. + +#### test_50_role_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- Role A has entity allow page permission. +- User has Role A. + +User granted page permission. + +#### test_51_role_override_deny + +- Page permissions have inherit enabled. +- Role A has no page-view-all role permission. +- Role A has entity deny page permission. +- User has Role A. + +User denied page permission. + +#### test_60_inherited_role_override_allow + +- Page permissions have inherit enabled. +- Chapter permissions have inherit enabled. +- Role A has no page role permission. +- Role A has entity allow chapter permission. +- User has Role A. + +User granted page permission. + +#### test_61_inherited_role_override_deny + +- Page permissions have inherit enabled. +- Chapter permissions have inherit enabled. +- Role A has page role permission. +- Role A has entity denied chapter permission. +- User has Role A. + +User denied page permission. + +#### test_62_inherited_role_override_deny_on_own + +- Page permissions have inherit enabled. +- Chapter permissions have inherit enabled. +- Role A has own-page role permission. +- Role A has entity denied chapter permission. +- User has Role A. +- User owns Page. + +User denied page permission. + +#### test_70_multi_role_inheriting_deny + +- Page permissions have inherit enabled. +- Role A has all page role permission. +- Role B has entity denied page permission. +- User has Role A and B. + +User denied page permission. + +#### test_80_multi_role_inherited_deny_via_parent + +- Page permissions have inherit enabled. +- Chapter permissions have inherit enabled. +- Role A has all-pages role permission. +- Role B has entity denied chapter permission. +- User has Role A & B. + +User denied page permission. + +--- + +### Entity User Permissions + +These are tests related to entity-level user-specific permission overrides. + +#### test_01_explicit_allow + +- Page permissions have inherit disabled. +- User has entity allow page permission. + +User granted page permission. + +#### test_02_explicit_deny + +- Page permissions have inherit disabled. +- User has entity deny page permission. + +User denied page permission. + +#### test_10_allow_inherit + +- Page permissions have inherit enabled. +- Chapter permissions have inherit disabled. +- User has entity allow chapter permission. + +User granted page permission. + +#### test_11_deny_inherit + +- Page permissions have inherit enabled. +- Chapter permissions have inherit disabled. +- User has entity deny chapter permission. + +User denied page permission. + +#### test_12_allow_inherit_override + +- Page permissions have inherit enabled. +- Chapter permissions have inherit disabled. +- User has entity deny chapter permission. +- User has entity allow page permission. + +User granted page permission. + +#### test_13_deny_inherit_override + +- Page permissions have inherit enabled. +- Chapter permissions have inherit disabled. +- User has entity allow chapter permission. +- User has entity deny page permission. + +User denied page permission. + +#### test_40_entity_role_override_allow + +- Page permissions have inherit disabled. +- User has entity allow page permission. +- Role A has entity deny page permission. +- User has role A. + +User granted page permission. + +#### test_41_entity_role_override_deny + +- Page permissions have inherit disabled. +- User has entity deny page permission. +- Role A has entity allow page permission. +- User has role A. + +User denied page permission. + +#### test_42_entity_role_override_allow_via_inherit + +- Page permissions have inherit enabled. +- Chapter permissions have inherit disabled. +- User has entity allow chapter permission. +- Role A has entity deny page permission. +- User has role A. + +User granted page permission. + +#### test_43_entity_role_override_deny_via_inherit + +- Page permissions have inherit enabled. +- Chapter permissions have inherit disabled. +- User has entity deny chapter permission. +- Role A has entity allow page permission. +- User has role A. + +User denied page permission. + +#### test_50_role_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- User has entity allow page permission. +- User has Role A. + +User granted page permission. + +#### test_51_role_override_deny + +- Page permissions have inherit enabled. +- Role A has all-page role permission. +- User has entity deny page permission. +- User has Role A. + +User denied page permission. + +#### test_60_inherited_role_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- User has entity allow chapter permission. +- User has Role A. + +User granted page permission. + +#### test_61_inherited_role_override_deny + +- Page permissions have inherit enabled. +- Role A has view-all page role permission. +- User has entity deny chapter permission. +- User has Role A. + +User denied page permission. + +#### test_61_inherited_role_override_deny_on_own + +- Page permissions have inherit enabled. +- Role A has view-own page role permission. +- User has entity deny chapter permission. +- User has Role A. +- User owns Page. + +User denied page permission. + +#### test_70_all_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- Role A has entity deny page permission. +- User has entity allow page permission. +- User has Role A. + +User granted page permission. + +#### test_71_all_override_deny + +- Page permissions have inherit enabled. +- Role A has page-all role permission. +- Role A has entity allow page permission. +- User has entity deny page permission. +- User has Role A. + +User denied page permission. + +#### test_80_inherited_all_override_allow + +- Page permissions have inherit enabled. +- Role A has no page role permission. +- Role A has entity deny chapter permission. +- User has entity allow chapter permission. +- User has Role A. + +User granted page permission. + +#### test_81_inherited_all_override_deny + +- Page permissions have inherit enabled. +- Role A has view-all page role permission. +- Role A has entity allow chapter permission. +- User has entity deny chapter permission. +- User has Role A. + +User denied page permission. \ No newline at end of file diff --git a/tests/Actions/AuditLogTest.php b/tests/Actions/AuditLogTest.php index 25fa2b796..52b45e712 100644 --- a/tests/Actions/AuditLogTest.php +++ b/tests/Actions/AuditLogTest.php @@ -23,17 +23,17 @@ class AuditLogTest extends TestCase public function test_only_accessible_with_right_permissions() { - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $this->actingAs($viewer); $resp = $this->get('/settings/audit'); $this->assertPermissionError($resp); - $this->giveUserPermissions($viewer, ['settings-manage']); + $this->permissions->grantUserRolePermissions($viewer, ['settings-manage']); $resp = $this->get('/settings/audit'); $this->assertPermissionError($resp); - $this->giveUserPermissions($viewer, ['users-manage']); + $this->permissions->grantUserRolePermissions($viewer, ['users-manage']); $resp = $this->get('/settings/audit'); $resp->assertStatus(200); $resp->assertSeeText('Audit Log'); @@ -41,7 +41,7 @@ class AuditLogTest extends TestCase public function test_shows_activity() { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $this->actingAs($admin); $page = $this->entities->page(); $this->activityService->add(ActivityType::PAGE_CREATE, $page); @@ -56,7 +56,7 @@ class AuditLogTest extends TestCase public function test_shows_name_for_deleted_items() { - $this->actingAs($this->getAdmin()); + $this->actingAs($this->users->admin()); $page = $this->entities->page(); $pageName = $page->name; $this->activityService->add(ActivityType::PAGE_CREATE, $page); @@ -71,12 +71,12 @@ class AuditLogTest extends TestCase public function test_shows_activity_for_deleted_users() { - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $this->actingAs($viewer); $page = $this->entities->page(); $this->activityService->add(ActivityType::PAGE_CREATE, $page); - $this->actingAs($this->getAdmin()); + $this->actingAs($this->users->admin()); app(UserRepo::class)->destroy($viewer); $resp = $this->get('settings/audit'); @@ -85,7 +85,7 @@ class AuditLogTest extends TestCase public function test_filters_by_key() { - $this->actingAs($this->getAdmin()); + $this->actingAs($this->users->admin()); $page = $this->entities->page(); $this->activityService->add(ActivityType::PAGE_CREATE, $page); @@ -98,7 +98,7 @@ class AuditLogTest extends TestCase public function test_date_filters() { - $this->actingAs($this->getAdmin()); + $this->actingAs($this->users->admin()); $page = $this->entities->page(); $this->activityService->add(ActivityType::PAGE_CREATE, $page); @@ -120,8 +120,8 @@ class AuditLogTest extends TestCase public function test_user_filter() { - $admin = $this->getAdmin(); - $editor = $this->getEditor(); + $admin = $this->users->admin(); + $editor = $this->users->editor(); $this->actingAs($admin); $page = $this->entities->page(); $this->activityService->add(ActivityType::PAGE_CREATE, $page); @@ -142,7 +142,7 @@ class AuditLogTest extends TestCase public function test_ip_address_logged_and_visible() { config()->set('app.proxies', '*'); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $page = $this->entities->page(); $this->actingAs($editor)->put($page->getUrl(), [ @@ -166,7 +166,7 @@ class AuditLogTest extends TestCase public function test_ip_address_is_searchable() { config()->set('app.proxies', '*'); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $page = $this->entities->page(); $this->actingAs($editor)->put($page->getUrl(), [ @@ -192,7 +192,7 @@ class AuditLogTest extends TestCase { config()->set('app.proxies', '*'); config()->set('app.env', 'demo'); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $page = $this->entities->page(); $this->actingAs($editor)->put($page->getUrl(), [ @@ -215,7 +215,7 @@ class AuditLogTest extends TestCase { config()->set('app.proxies', '*'); config()->set('app.ip_address_precision', 2); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $page = $this->entities->page(); $this->actingAs($editor)->put($page->getUrl(), [ diff --git a/tests/Actions/WebhookCallTest.php b/tests/Actions/WebhookCallTest.php index 7ca190200..078b8bdf4 100644 --- a/tests/Actions/WebhookCallTest.php +++ b/tests/Actions/WebhookCallTest.php @@ -88,7 +88,7 @@ class WebhookCallTest extends TestCase ]); $webhook = $this->newWebhook(['active' => true, 'endpoint' => 'https://wh.example.com'], ['all']); $page = $this->entities->page(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->runEvent(ActivityType::PAGE_UPDATE, $page, $editor); @@ -111,7 +111,7 @@ class WebhookCallTest extends TestCase protected function runEvent(string $event, $detail = '', ?User $user = null) { if (is_null($user)) { - $user = $this->getEditor(); + $user = $this->users->editor(); } $this->actingAs($user); diff --git a/tests/Actions/WebhookFormatTesting.php b/tests/Actions/WebhookFormatTesting.php index 07341c75b..be67d4d52 100644 --- a/tests/Actions/WebhookFormatTesting.php +++ b/tests/Actions/WebhookFormatTesting.php @@ -41,7 +41,7 @@ class WebhookFormatTesting extends TestCase protected function getWebhookData(string $event, $detail): array { $webhook = Webhook::factory()->make(); - $user = $this->getEditor(); + $user = $this->users->editor(); $formatter = WebhookFormatter::getDefault($event, $webhook, $detail, $user, time()); return $formatter->format(); diff --git a/tests/Actions/WebhookManagementTest.php b/tests/Actions/WebhookManagementTest.php index f106f303a..52838beca 100644 --- a/tests/Actions/WebhookManagementTest.php +++ b/tests/Actions/WebhookManagementTest.php @@ -135,7 +135,7 @@ class WebhookManagementTest extends TestCase public function test_settings_manage_permission_required_for_webhook_routes() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $routes = [ @@ -153,7 +153,7 @@ class WebhookManagementTest extends TestCase $this->assertPermissionError($resp); } - $this->giveUserPermissions($editor, ['settings-manage']); + $this->permissions->grantUserRolePermissions($editor, ['settings-manage']); foreach ($routes as [$method, $endpoint]) { $resp = $this->call($method, $endpoint); diff --git a/tests/Api/ApiAuthTest.php b/tests/Api/ApiAuthTest.php index cc6818e27..038c4e067 100644 --- a/tests/Api/ApiAuthTest.php +++ b/tests/Api/ApiAuthTest.php @@ -16,8 +16,8 @@ class ApiAuthTest extends TestCase public function test_requests_succeed_with_default_auth() { - $viewer = $this->getViewer(); - $this->giveUserPermissions($viewer, ['access-api']); + $viewer = $this->users->viewer(); + $this->permissions->grantUserRolePermissions($viewer, ['access-api']); $resp = $this->get($this->endpoint); $resp->assertStatus(401); @@ -63,7 +63,7 @@ class ApiAuthTest extends TestCase auth()->logout(); $accessApiPermission = RolePermission::getByName('access-api'); - $editorRole = $this->getEditor()->roles()->first(); + $editorRole = $this->users->editor()->roles()->first(); $editorRole->detachPermission($accessApiPermission); $resp = $this->get($this->endpoint, $this->apiAuthHeader()); @@ -73,7 +73,7 @@ class ApiAuthTest extends TestCase public function test_api_access_permission_required_to_access_api_with_session_auth() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor, 'standard'); $resp = $this->get($this->endpoint); @@ -81,7 +81,7 @@ class ApiAuthTest extends TestCase auth('standard')->logout(); $accessApiPermission = RolePermission::getByName('access-api'); - $editorRole = $this->getEditor()->roles()->first(); + $editorRole = $this->users->editor()->roles()->first(); $editorRole->detachPermission($accessApiPermission); $editor = User::query()->where('id', '=', $editor->id)->first(); @@ -114,7 +114,7 @@ class ApiAuthTest extends TestCase public function test_token_expiry_checked() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $token = $editor->apiTokens()->first(); $resp = $this->get($this->endpoint, $this->apiAuthHeader()); @@ -130,7 +130,7 @@ class ApiAuthTest extends TestCase public function test_email_confirmation_checked_using_api_auth() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $editor->email_confirmed = false; $editor->save(); diff --git a/tests/Api/AttachmentsApiTest.php b/tests/Api/AttachmentsApiTest.php index 4d1d3b340..b03f280ac 100644 --- a/tests/Api/AttachmentsApiTest.php +++ b/tests/Api/AttachmentsApiTest.php @@ -50,7 +50,7 @@ class AttachmentsApiTest extends TestCase ], ]]); - $this->entities->setPermissions($page, [], []); + $this->permissions->setEntityPermissions($page, [], []); $resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id'); $resp->assertJsonMissing(['data' => [ @@ -246,13 +246,13 @@ class AttachmentsApiTest extends TestCase public function test_attachment_not_visible_on_other_users_draft() { $this->actingAsApiAdmin(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $page = $this->entities->page(); $page->draft = true; $page->owned_by = $editor->id; $page->save(); - $this->entities->regenPermissions($page); + $this->permissions->regenerateForEntity($page); $attachment = $this->createAttachmentForPage($page, [ 'name' => 'my attachment', @@ -342,7 +342,7 @@ class AttachmentsApiTest extends TestCase protected function createAttachmentForPage(Page $page, $attributes = []): Attachment { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); /** @var Attachment $attachment */ $attachment = $page->attachments()->forceCreate(array_merge([ 'uploaded_to' => $page->id, diff --git a/tests/Api/BooksApiTest.php b/tests/Api/BooksApiTest.php index 614185c93..dd187672e 100644 --- a/tests/Api/BooksApiTest.php +++ b/tests/Api/BooksApiTest.php @@ -246,7 +246,7 @@ class BooksApiTest extends TestCase { $types = ['html', 'plaintext', 'pdf', 'markdown']; $this->actingAsApiEditor(); - $this->removePermissionFromUser($this->getEditor(), 'content-export'); + $this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']); $book = $this->entities->book(); foreach ($types as $type) { diff --git a/tests/Api/ChaptersApiTest.php b/tests/Api/ChaptersApiTest.php index d2db0313f..a48e3b026 100644 --- a/tests/Api/ChaptersApiTest.php +++ b/tests/Api/ChaptersApiTest.php @@ -221,7 +221,7 @@ class ChaptersApiTest extends TestCase { $types = ['html', 'plaintext', 'pdf', 'markdown']; $this->actingAsApiEditor(); - $this->removePermissionFromUser($this->getEditor(), 'content-export'); + $this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']); $chapter = Chapter::visible()->has('pages')->first(); foreach ($types as $type) { diff --git a/tests/Api/PagesApiTest.php b/tests/Api/PagesApiTest.php index 8c533680f..12b38bc07 100644 --- a/tests/Api/PagesApiTest.php +++ b/tests/Api/PagesApiTest.php @@ -209,7 +209,7 @@ class PagesApiTest extends TestCase $this->actingAsApiEditor(); $page = $this->entities->page(); $chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first(); - $this->entities->setPermissions($chapter, ['view'], [$this->getEditor()->roles()->first()]); + $this->permissions->setEntityPermissions($chapter, ['view'], [$this->users->editor()->roles()->first()]); $details = [ 'name' => 'My updated API page', 'chapter_id' => $chapter->id, @@ -315,7 +315,7 @@ class PagesApiTest extends TestCase { $types = ['html', 'plaintext', 'pdf', 'markdown']; $this->actingAsApiEditor(); - $this->removePermissionFromUser($this->getEditor(), 'content-export'); + $this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']); $page = $this->entities->page(); foreach ($types as $type) { diff --git a/tests/Api/RecycleBinApiTest.php b/tests/Api/RecycleBinApiTest.php index bc7249987..d174838c2 100644 --- a/tests/Api/RecycleBinApiTest.php +++ b/tests/Api/RecycleBinApiTest.php @@ -21,8 +21,8 @@ class RecycleBinApiTest extends TestCase public function test_settings_manage_permission_needed_for_all_endpoints() { - $editor = $this->getEditor(); - $this->giveUserPermissions($editor, ['settings-manage']); + $editor = $this->users->editor(); + $this->permissions->grantUserRolePermissions($editor, ['settings-manage']); $this->actingAs($editor); foreach ($this->endpointMap as [$method, $uri]) { @@ -34,8 +34,8 @@ class RecycleBinApiTest extends TestCase public function test_restrictions_manage_all_permission_needed_for_all_endpoints() { - $editor = $this->getEditor(); - $this->giveUserPermissions($editor, ['restrictions-manage-all']); + $editor = $this->users->editor(); + $this->permissions->grantUserRolePermissions($editor, ['restrictions-manage-all']); $this->actingAs($editor); foreach ($this->endpointMap as [$method, $uri]) { @@ -47,7 +47,7 @@ class RecycleBinApiTest extends TestCase public function test_index_endpoint_returns_expected_page() { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $page = $this->entities->page(); $book = $this->entities->book(); @@ -82,7 +82,7 @@ class RecycleBinApiTest extends TestCase public function test_index_endpoint_returns_children_count() { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $book = Book::query()->whereHas('pages')->whereHas('chapters')->withCount(['pages', 'chapters'])->first(); $this->actingAs($admin)->delete($book->getUrl()); @@ -109,7 +109,7 @@ class RecycleBinApiTest extends TestCase public function test_index_endpoint_returns_parent() { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $page = $this->entities->pageWithinChapter(); $this->actingAs($admin)->delete($page->getUrl()); diff --git a/tests/Api/TestsApi.php b/tests/Api/TestsApi.php index 0cdd93741..501f28754 100644 --- a/tests/Api/TestsApi.php +++ b/tests/Api/TestsApi.php @@ -12,7 +12,7 @@ trait TestsApi */ protected function actingAsApiEditor() { - $this->actingAs($this->getEditor(), 'api'); + $this->actingAs($this->users->editor(), 'api'); return $this; } @@ -22,7 +22,7 @@ trait TestsApi */ protected function actingAsApiAdmin() { - $this->actingAs($this->getAdmin(), 'api'); + $this->actingAs($this->users->admin(), 'api'); return $this; } diff --git a/tests/Api/UsersApiTest.php b/tests/Api/UsersApiTest.php index 739981f24..c89f9e6e3 100644 --- a/tests/Api/UsersApiTest.php +++ b/tests/Api/UsersApiTest.php @@ -175,7 +175,7 @@ class UsersApiTest extends TestCase { $this->actingAsApiAdmin(); /** @var User $user */ - $user = $this->getAdmin(); + $user = $this->users->admin(); $roles = Role::query()->pluck('id'); $resp = $this->putJson($this->baseEndpoint . "/{$user->id}", [ 'name' => 'My updated user', @@ -204,7 +204,7 @@ class UsersApiTest extends TestCase { $this->actingAsApiAdmin(); /** @var User $user */ - $user = $this->getAdmin(); + $user = $this->users->admin(); $roleCount = $user->roles()->count(); $resp = $this->putJson($this->baseEndpoint . "/{$user->id}", []); @@ -222,7 +222,7 @@ class UsersApiTest extends TestCase { $this->actingAsApiAdmin(); /** @var User $user */ - $user = User::query()->where('id', '!=', $this->getAdmin()->id) + $user = User::query()->where('id', '!=', $this->users->admin()->id) ->whereNull('system_name') ->first(); @@ -236,7 +236,7 @@ class UsersApiTest extends TestCase { $this->actingAsApiAdmin(); /** @var User $user */ - $user = User::query()->where('id', '!=', $this->getAdmin()->id) + $user = User::query()->where('id', '!=', $this->users->admin()->id) ->whereNull('system_name') ->first(); $entityChain = $this->entities->createChainBelongingToUser($user); diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php index 3220b2aac..fe7e62568 100644 --- a/tests/Auth/AuthTest.php +++ b/tests/Auth/AuthTest.php @@ -44,7 +44,7 @@ class AuthTest extends TestCase public function test_mfa_session_cleared_on_logout() { - $user = $this->getEditor(); + $user = $this->users->editor(); $mfaSession = $this->app->make(MfaSession::class); $mfaSession->markVerifiedForUser($user); @@ -94,7 +94,7 @@ class AuthTest extends TestCase public function test_login_authenticates_nonadmins_on_default_guard_only() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $editor->password = bcrypt('password'); $editor->save(); @@ -120,7 +120,7 @@ class AuthTest extends TestCase public function test_logged_in_user_with_unconfirmed_email_is_logged_out() { $this->setSettings(['registration-confirmation' => 'true']); - $user = $this->getEditor(); + $user = $this->users->editor(); $user->email_confirmed = false; $user->save(); diff --git a/tests/Auth/GroupSyncServiceTest.php b/tests/Auth/GroupSyncServiceTest.php index 2fad53b26..dbf4110d8 100644 --- a/tests/Auth/GroupSyncServiceTest.php +++ b/tests/Auth/GroupSyncServiceTest.php @@ -11,7 +11,7 @@ class GroupSyncServiceTest extends TestCase { public function test_user_is_assigned_to_matching_roles() { - $user = $this->getViewer(); + $user = $this->users->viewer(); $roleA = Role::factory()->create(['display_name' => 'Wizards']); $roleB = Role::factory()->create(['display_name' => 'Gremlins']); @@ -33,7 +33,7 @@ class GroupSyncServiceTest extends TestCase public function test_multiple_values_in_role_external_auth_id_handled() { - $user = $this->getViewer(); + $user = $this->users->viewer(); $role = Role::factory()->create(['display_name' => 'ABC123', 'external_auth_id' => 'sales, engineering, developers, marketers']); $this->assertFalse($user->hasRole($role->id)); @@ -45,7 +45,7 @@ class GroupSyncServiceTest extends TestCase public function test_commas_can_be_used_in_external_auth_id_if_escaped() { - $user = $this->getViewer(); + $user = $this->users->viewer(); $role = Role::factory()->create(['display_name' => 'ABC123', 'external_auth_id' => 'sales\,-developers, marketers']); $this->assertFalse($user->hasRole($role->id)); @@ -57,7 +57,7 @@ class GroupSyncServiceTest extends TestCase public function test_external_auth_id_matches_ignoring_case() { - $user = $this->getViewer(); + $user = $this->users->viewer(); $role = Role::factory()->create(['display_name' => 'ABC123', 'external_auth_id' => 'WaRRioRs']); $this->assertFalse($user->hasRole($role->id)); diff --git a/tests/Auth/LdapTest.php b/tests/Auth/LdapTest.php index 978420f86..cac2ea5e1 100644 --- a/tests/Auth/LdapTest.php +++ b/tests/Auth/LdapTest.php @@ -235,7 +235,7 @@ class LdapTest extends TestCase public function test_user_edit_form() { - $editUser = $this->getNormalUser(); + $editUser = $this->users->viewer(); $editPage = $this->asAdmin()->get("/settings/users/{$editUser->id}"); $editPage->assertSee('Edit User'); $editPage->assertDontSee('Password'); @@ -257,7 +257,7 @@ class LdapTest extends TestCase public function test_non_admins_cannot_change_auth_id() { - $testUser = $this->getNormalUser(); + $testUser = $this->users->viewer(); $this->actingAs($testUser) ->get('/settings/users/' . $testUser->id) ->assertDontSee('External Authentication'); diff --git a/tests/Auth/LoginAutoInitiateTest.php b/tests/Auth/LoginAutoInitiateTest.php index 2d0384435..fcb4431af 100644 --- a/tests/Auth/LoginAutoInitiateTest.php +++ b/tests/Auth/LoginAutoInitiateTest.php @@ -70,7 +70,7 @@ class LoginAutoInitiateTest extends TestCase config()->set([ 'auth.method' => 'oidc', ]); - $this->actingAs($this->getEditor()); + $this->actingAs($this->users->editor()); $req = $this->post('/logout'); $req->assertRedirect('/login?prevent_auto_init=true'); diff --git a/tests/Auth/MfaConfigurationTest.php b/tests/Auth/MfaConfigurationTest.php index 3416263f3..fb941f00b 100644 --- a/tests/Auth/MfaConfigurationTest.php +++ b/tests/Auth/MfaConfigurationTest.php @@ -13,7 +13,7 @@ class MfaConfigurationTest extends TestCase { public function test_totp_setup() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->assertDatabaseMissing('mfa_values', ['user_id' => $editor->id]); // Setup page state @@ -66,7 +66,7 @@ class MfaConfigurationTest extends TestCase public function test_backup_codes_setup() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->assertDatabaseMissing('mfa_values', ['user_id' => $editor->id]); // Setup page state @@ -112,8 +112,8 @@ class MfaConfigurationTest extends TestCase public function test_mfa_method_count_is_visible_on_user_edit_page() { - $user = $this->getEditor(); - $resp = $this->actingAs($this->getAdmin())->get($user->getEditUrl()); + $user = $this->users->editor(); + $resp = $this->actingAs($this->users->admin())->get($user->getEditUrl()); $resp->assertSee('0 methods configured'); MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, 'test'); @@ -127,17 +127,17 @@ class MfaConfigurationTest extends TestCase public function test_mfa_setup_link_only_shown_when_viewing_own_user_edit_page() { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $resp = $this->actingAs($admin)->get($admin->getEditUrl()); $this->withHtml($resp)->assertElementExists('a[href$="/mfa/setup"]'); - $resp = $this->actingAs($admin)->get($this->getEditor()->getEditUrl()); + $resp = $this->actingAs($admin)->get($this->users->editor()->getEditUrl()); $this->withHtml($resp)->assertElementNotExists('a[href$="/mfa/setup"]'); } public function test_mfa_indicator_shows_in_user_list() { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); User::query()->where('id', '!=', $admin->id)->delete(); $resp = $this->actingAs($admin)->get('/settings/users'); @@ -150,7 +150,7 @@ class MfaConfigurationTest extends TestCase public function test_remove_mfa_method() { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test'); $this->assertEquals(1, $admin->mfaValues()->count()); @@ -168,7 +168,7 @@ class MfaConfigurationTest extends TestCase public function test_totp_setup_url_shows_correct_user_when_setup_forced_upon_login() { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); /** @var Role $role */ $role = $admin->roles()->first(); $role->mfa_enforced = true; diff --git a/tests/Auth/MfaVerificationTest.php b/tests/Auth/MfaVerificationTest.php index ba4c9b983..e23250314 100644 --- a/tests/Auth/MfaVerificationTest.php +++ b/tests/Auth/MfaVerificationTest.php @@ -140,7 +140,7 @@ class MfaVerificationTest extends TestCase public function test_both_mfa_options_available_if_set_on_profile() { - $user = $this->getEditor(); + $user = $this->users->editor(); $user->password = Hash::make('password'); $user->save(); @@ -165,7 +165,7 @@ class MfaVerificationTest extends TestCase public function test_mfa_required_with_no_methods_leads_to_setup() { - $user = $this->getEditor(); + $user = $this->users->editor(); $user->password = Hash::make('password'); $user->save(); /** @var Role $role */ @@ -222,7 +222,7 @@ class MfaVerificationTest extends TestCase // Attempted login user, who has configured mfa, access // Sets up user that has MFA required after attempted login. $loginService = $this->app->make(LoginService::class); - $user = $this->getEditor(); + $user = $this->users->editor(); /** @var Role $role */ $role = $user->roles->first(); $role->mfa_enforced = true; @@ -257,7 +257,7 @@ class MfaVerificationTest extends TestCase protected function startTotpLogin(): array { $secret = $this->app->make(TotpService::class)->generateSecret(); - $user = $this->getEditor(); + $user = $this->users->editor(); $user->password = Hash::make('password'); $user->save(); MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, $secret); @@ -274,7 +274,7 @@ class MfaVerificationTest extends TestCase */ protected function startBackupCodeLogin($codes = ['kzzu6-1pgll', 'bzxnf-plygd', 'bwdsp-ysl51', '1vo93-ioy7n', 'lf7nw-wdyka', 'xmtrd-oplac']): array { - $user = $this->getEditor(); + $user = $this->users->editor(); $user->password = Hash::make('password'); $user->save(); MfaValue::upsertWithValue($user, MfaValue::METHOD_BACKUP_CODES, json_encode($codes)); diff --git a/tests/Auth/OidcTest.php b/tests/Auth/OidcTest.php index db1f87bd5..32c2d4ae2 100644 --- a/tests/Auth/OidcTest.php +++ b/tests/Auth/OidcTest.php @@ -93,7 +93,7 @@ class OidcTest extends TestCase public function test_logout_route_functions() { - $this->actingAs($this->getEditor()); + $this->actingAs($this->users->editor()); $this->post('/logout'); $this->assertFalse(auth()->check()); } @@ -228,7 +228,7 @@ class OidcTest extends TestCase public function test_auth_login_as_existing_user() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $editor->external_auth_id = 'benny505'; $editor->save(); @@ -245,7 +245,7 @@ class OidcTest extends TestCase public function test_auth_login_as_existing_user_email_with_different_auth_id_fails() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $editor->external_auth_id = 'editor101'; $editor->save(); diff --git a/tests/Auth/ResetPasswordTest.php b/tests/Auth/ResetPasswordTest.php index 7b2d2e72b..72e26f10c 100644 --- a/tests/Auth/ResetPasswordTest.php +++ b/tests/Auth/ResetPasswordTest.php @@ -85,7 +85,7 @@ class ResetPasswordTest extends TestCase public function test_reset_request_is_throttled() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); Notification::fake(); $this->get('/password/email'); $this->followingRedirects()->post('/password/email', [ diff --git a/tests/Auth/Saml2Test.php b/tests/Auth/Saml2Test.php index 4c8d14dd5..0ee419610 100644 --- a/tests/Auth/Saml2Test.php +++ b/tests/Auth/Saml2Test.php @@ -170,7 +170,7 @@ class Saml2Test extends TestCase 'saml2.onelogin.strict' => false, ]); - $resp = $this->actingAs($this->getEditor())->get('/'); + $resp = $this->actingAs($this->users->editor())->get('/'); $this->withHtml($resp)->assertElementContains('form[action$="/saml2/logout"] button', 'Logout'); } diff --git a/tests/Auth/SocialAuthTest.php b/tests/Auth/SocialAuthTest.php index 67da771a5..24deedd5f 100644 --- a/tests/Auth/SocialAuthTest.php +++ b/tests/Auth/SocialAuthTest.php @@ -77,18 +77,18 @@ class SocialAuthTest extends TestCase // Test social callback with matching social account DB::table('social_accounts')->insert([ - 'user_id' => $this->getAdmin()->id, + 'user_id' => $this->users->admin()->id, 'driver' => 'github', 'driver_id' => 'logintest123', ]); $resp = $this->followingRedirects()->get('/login/service/github/callback'); $resp->assertDontSee('login-form'); - $this->assertActivityExists(ActivityType::AUTH_LOGIN, null, 'github; (' . $this->getAdmin()->id . ') ' . $this->getAdmin()->name); + $this->assertActivityExists(ActivityType::AUTH_LOGIN, null, 'github; (' . $this->users->admin()->id . ') ' . $this->users->admin()->name); } public function test_social_account_detach() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); config([ 'GITHUB_APP_ID' => 'abc123', 'GITHUB_APP_SECRET' => '123abc', 'APP_URL' => 'http://localhost', diff --git a/tests/Auth/UserInviteTest.php b/tests/Auth/UserInviteTest.php index ccbb538a6..e82ce4638 100644 --- a/tests/Auth/UserInviteTest.php +++ b/tests/Auth/UserInviteTest.php @@ -17,7 +17,7 @@ class UserInviteTest extends TestCase public function test_user_creation_creates_invite() { Notification::fake(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $email = Str::random(16) . '@example.com'; $resp = $this->actingAs($admin)->post('/settings/users/create', [ @@ -38,7 +38,7 @@ class UserInviteTest extends TestCase public function test_user_invite_sent_in_selected_language() { Notification::fake(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $email = Str::random(16) . '@example.com'; $resp = $this->actingAs($admin)->post('/settings/users/create', [ @@ -62,7 +62,7 @@ class UserInviteTest extends TestCase public function test_invite_set_password() { Notification::fake(); - $user = $this->getViewer(); + $user = $this->users->viewer(); $inviteService = app(UserInviteService::class); $inviteService->sendInvitation($user); @@ -91,7 +91,7 @@ class UserInviteTest extends TestCase public function test_invite_set_has_password_validation() { Notification::fake(); - $user = $this->getViewer(); + $user = $this->users->viewer(); $inviteService = app(UserInviteService::class); $inviteService->sendInvitation($user); @@ -126,7 +126,7 @@ class UserInviteTest extends TestCase public function test_token_expires_after_two_weeks() { Notification::fake(); - $user = $this->getViewer(); + $user = $this->users->viewer(); $inviteService = app(UserInviteService::class); $inviteService->sendInvitation($user); diff --git a/tests/Commands/ClearActivityCommandTest.php b/tests/Commands/ClearActivityCommandTest.php index cf2fba0d6..b2624e23d 100644 --- a/tests/Commands/ClearActivityCommandTest.php +++ b/tests/Commands/ClearActivityCommandTest.php @@ -19,7 +19,7 @@ class ClearActivityCommandTest extends TestCase $this->assertDatabaseHas('activities', [ 'type' => 'page_update', 'entity_id' => $page->id, - 'user_id' => $this->getEditor()->id, + 'user_id' => $this->users->editor()->id, ]); DB::rollBack(); diff --git a/tests/Commands/ClearViewsCommandTest.php b/tests/Commands/ClearViewsCommandTest.php index bbd06fa01..c9179089b 100644 --- a/tests/Commands/ClearViewsCommandTest.php +++ b/tests/Commands/ClearViewsCommandTest.php @@ -16,7 +16,7 @@ class ClearViewsCommandTest extends TestCase $this->get($page->getUrl()); $this->assertDatabaseHas('views', [ - 'user_id' => $this->getEditor()->id, + 'user_id' => $this->users->editor()->id, 'viewable_id' => $page->id, 'views' => 1, ]); @@ -27,7 +27,7 @@ class ClearViewsCommandTest extends TestCase $this->assertTrue($exitCode === 0, 'Command executed successfully'); $this->assertDatabaseMissing('views', [ - 'user_id' => $this->getEditor()->id, + 'user_id' => $this->users->editor()->id, ]); } } diff --git a/tests/Commands/CopyShelfPermissionsCommandTest.php b/tests/Commands/CopyShelfPermissionsCommandTest.php index cb9a845fd..c4b9fe6f3 100644 --- a/tests/Commands/CopyShelfPermissionsCommandTest.php +++ b/tests/Commands/CopyShelfPermissionsCommandTest.php @@ -18,11 +18,11 @@ class CopyShelfPermissionsCommandTest extends TestCase { $shelf = $this->entities->shelf(); $child = $shelf->books()->first(); - $editorRole = $this->getEditor()->roles()->first(); + $editorRole = $this->users->editor()->roles()->first(); $this->assertFalse($child->hasPermissions(), 'Child book should not be restricted by default'); $this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default'); - $this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]); + $this->permissions->setEntityPermissions($shelf, ['view', 'update'], [$editorRole]); $this->artisan('bookstack:copy-shelf-permissions', [ '--slug' => $shelf->slug, ]); @@ -43,11 +43,11 @@ class CopyShelfPermissionsCommandTest extends TestCase $shelf = $this->entities->shelf(); Bookshelf::query()->where('id', '!=', $shelf->id)->delete(); $child = $shelf->books()->first(); - $editorRole = $this->getEditor()->roles()->first(); + $editorRole = $this->users->editor()->roles()->first(); $this->assertFalse($child->hasPermissions(), 'Child book should not be restricted by default'); $this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default'); - $this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]); + $this->permissions->setEntityPermissions($shelf, ['view', 'update'], [$editorRole]); $this->artisan('bookstack:copy-shelf-permissions --all') ->expectsQuestion('Permission settings for all shelves will be cascaded. Books assigned to multiple shelves will receive only the permissions of it\'s last processed shelf. Are you sure you want to proceed?', 'y'); $child = $shelf->books()->first(); diff --git a/tests/Commands/RegeneratePermissionsCommandTest.php b/tests/Commands/RegeneratePermissionsCommandTest.php index d514e5f9d..cc53b460d 100644 --- a/tests/Commands/RegeneratePermissionsCommandTest.php +++ b/tests/Commands/RegeneratePermissionsCommandTest.php @@ -2,8 +2,7 @@ namespace Tests\Commands; -use BookStack\Auth\Permissions\JointPermission; -use BookStack\Entities\Models\Page; +use BookStack\Auth\Permissions\CollapsedPermission; use Illuminate\Support\Facades\Artisan; use Illuminate\Support\Facades\DB; use Tests\TestCase; @@ -13,15 +12,23 @@ class RegeneratePermissionsCommandTest extends TestCase public function test_regen_permissions_command() { DB::rollBack(); - JointPermission::query()->truncate(); - $page = Page::first(); + $page = $this->entities->page(); + $editor = $this->users->editor(); + $this->permissions->addEntityPermission($page, ['view'], null, $editor); + CollapsedPermission::query()->truncate(); - $this->assertDatabaseMissing('joint_permissions', ['entity_id' => $page->id]); + $this->assertDatabaseMissing('entity_permissions_collapsed', ['entity_id' => $page->id]); $exitCode = Artisan::call('bookstack:regenerate-permissions'); $this->assertTrue($exitCode === 0, 'Command executed successfully'); - DB::beginTransaction(); - $this->assertDatabaseHas('joint_permissions', ['entity_id' => $page->id]); + $this->assertDatabaseHas('entity_permissions_collapsed', [ + 'entity_id' => $page->id, + 'user_id' => $editor->id, + 'view' => 1, + ]); + + CollapsedPermission::query()->truncate(); + DB::beginTransaction(); } } diff --git a/tests/Entity/BookShelfTest.php b/tests/Entity/BookShelfTest.php index 5d919f12b..5c6489281 100644 --- a/tests/Entity/BookShelfTest.php +++ b/tests/Entity/BookShelfTest.php @@ -16,21 +16,20 @@ class BookShelfTest extends TestCase public function test_shelves_shows_in_header_if_have_view_permissions() { - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $resp = $this->actingAs($viewer)->get('/'); $this->withHtml($resp)->assertElementContains('header', 'Shelves'); $viewer->roles()->delete(); - $this->giveUserPermissions($viewer); $resp = $this->actingAs($viewer)->get('/'); $this->withHtml($resp)->assertElementNotContains('header', 'Shelves'); - $this->giveUserPermissions($viewer, ['bookshelf-view-all']); + $this->permissions->grantUserRolePermissions($viewer, ['bookshelf-view-all']); $resp = $this->actingAs($viewer)->get('/'); $this->withHtml($resp)->assertElementContains('header', 'Shelves'); $viewer->roles()->delete(); - $this->giveUserPermissions($viewer, ['bookshelf-view-own']); + $this->permissions->grantUserRolePermissions($viewer, ['bookshelf-view-own']); $resp = $this->actingAs($viewer)->get('/'); $this->withHtml($resp)->assertElementContains('header', 'Shelves'); } @@ -38,14 +37,14 @@ class BookShelfTest extends TestCase public function test_shelves_shows_in_header_if_have_any_shelve_view_permission() { $user = User::factory()->create(); - $this->giveUserPermissions($user, ['image-create-all']); + $this->permissions->grantUserRolePermissions($user, ['image-create-all']); $shelf = $this->entities->shelf(); $userRole = $user->roles()->first(); $resp = $this->actingAs($user)->get('/'); $this->withHtml($resp)->assertElementNotContains('header', 'Shelves'); - $this->entities->setPermissions($shelf, ['view'], [$userRole]); + $this->permissions->setEntityPermissions($shelf, ['view'], [$userRole]); $resp = $this->get('/'); $this->withHtml($resp)->assertElementContains('header', 'Shelves'); @@ -69,7 +68,7 @@ class BookShelfTest extends TestCase $resp->assertSee($book->name); $resp->assertSee($book->getUrl()); - $this->entities->setPermissions($book, []); + $this->permissions->setEntityPermissions($book, []); $resp = $this->asEditor()->get('/shelves'); $resp->assertDontSee($book->name); @@ -93,7 +92,7 @@ class BookShelfTest extends TestCase ], ])); $resp->assertRedirect(); - $editorId = $this->getEditor()->id; + $editorId = $this->users->editor()->id; $this->assertDatabaseHas('bookshelves', array_merge($shelfInfo, ['created_by' => $editorId, 'updated_by' => $editorId])); $shelf = Bookshelf::where('name', '=', $shelfInfo['name'])->first(); @@ -186,13 +185,13 @@ class BookShelfTest extends TestCase $this->withHtml($resp)->assertElementContains('.book-content a.grid-card:nth-child(1)', $books[0]->name); $this->withHtml($resp)->assertElementNotContains('.book-content a.grid-card:nth-child(3)', $books[0]->name); - setting()->putUser($this->getEditor(), 'shelf_books_sort_order', 'desc'); + setting()->putUser($this->users->editor(), 'shelf_books_sort_order', 'desc'); $resp = $this->asEditor()->get($shelf->getUrl()); $this->withHtml($resp)->assertElementNotContains('.book-content a.grid-card:nth-child(1)', $books[0]->name); $this->withHtml($resp)->assertElementContains('.book-content a.grid-card:nth-child(3)', $books[0]->name); - setting()->putUser($this->getEditor(), 'shelf_books_sort_order', 'desc'); - setting()->putUser($this->getEditor(), 'shelf_books_sort', 'name'); + setting()->putUser($this->users->editor(), 'shelf_books_sort_order', 'desc'); + setting()->putUser($this->users->editor(), 'shelf_books_sort', 'name'); $resp = $this->asEditor()->get($shelf->getUrl()); $this->withHtml($resp)->assertElementContains('.book-content a.grid-card:nth-child(1)', 'hdgfgdfg'); $this->withHtml($resp)->assertElementContains('.book-content a.grid-card:nth-child(2)', 'bsfsdfsdfsd'); @@ -224,7 +223,7 @@ class BookShelfTest extends TestCase $resp->assertRedirect($shelf->getUrl()); $this->assertSessionHas('success'); - $editorId = $this->getEditor()->id; + $editorId = $this->users->editor()->id; $this->assertDatabaseHas('bookshelves', array_merge($shelfInfo, ['id' => $shelf->id, 'created_by' => $editorId, 'updated_by' => $editorId])); $shelfPage = $this->get($shelf->getUrl()); @@ -294,11 +293,11 @@ class BookShelfTest extends TestCase $resp->assertSee("action=\"{$shelf->getUrl('/copy-permissions')}\"", false); $child = $shelf->books()->first(); - $editorRole = $this->getEditor()->roles()->first(); + $editorRole = $this->users->editor()->roles()->first(); $this->assertFalse($child->hasPermissions(), 'Child book should not be restricted by default'); $this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default'); - $this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]); + $this->permissions->setEntityPermissions($shelf, ['view', 'update'], [$editorRole]); $resp = $this->post($shelf->getUrl('/copy-permissions')); $child = $shelf->books()->first(); diff --git a/tests/Entity/BookTest.php b/tests/Entity/BookTest.php index 9e2750fd0..8435c534f 100644 --- a/tests/Entity/BookTest.php +++ b/tests/Entity/BookTest.php @@ -221,7 +221,7 @@ class BookTest extends TestCase public function test_books_view_shows_view_toggle_option() { /** @var Book $book */ - $editor = $this->getEditor(); + $editor = $this->users->editor(); setting()->putUser($editor, 'books_view_type', 'list'); $resp = $this->actingAs($editor)->get('/books'); @@ -304,7 +304,7 @@ class BookTest extends TestCase // Hide child content /** @var BookChild $page */ foreach ($book->getDirectChildren() as $child) { - $this->entities->setPermissions($child, [], []); + $this->permissions->setEntityPermissions($child, [], []); } $this->asEditor()->post($book->getUrl('/copy'), ['name' => 'My copy book']); @@ -318,8 +318,8 @@ class BookTest extends TestCase { /** @var Book $book */ $book = Book::query()->whereHas('chapters')->whereHas('directPages')->whereHas('chapters')->first(); - $viewer = $this->getViewer(); - $this->giveUserPermissions($viewer, ['book-create-all']); + $viewer = $this->users->viewer(); + $this->permissions->grantUserRolePermissions($viewer, ['book-create-all']); $this->actingAs($viewer)->post($book->getUrl('/copy'), ['name' => 'My copy book']); /** @var Book $copy */ @@ -354,9 +354,9 @@ class BookTest extends TestCase $shelfA->appendBook($book); $shelfB->appendBook($book); - $viewer = $this->getViewer(); - $this->giveUserPermissions($viewer, ['book-update-all', 'book-create-all', 'bookshelf-update-all']); - $this->entities->setPermissions($shelfB); + $viewer = $this->users->viewer(); + $this->permissions->grantUserRolePermissions($viewer, ['book-update-all', 'book-create-all', 'bookshelf-update-all']); + $this->permissions->setEntityPermissions($shelfB); $this->asEditor()->post($book->getUrl('/copy'), ['name' => 'My copy book']); diff --git a/tests/Entity/ChapterTest.php b/tests/Entity/ChapterTest.php index b726280c9..7fa32c252 100644 --- a/tests/Entity/ChapterTest.php +++ b/tests/Entity/ChapterTest.php @@ -101,7 +101,7 @@ class ChapterTest extends TestCase // Hide pages to all non-admin roles /** @var Page $page */ foreach ($chapter->pages as $page) { - $this->entities->setPermissions($page, [], []); + $this->permissions->setEntityPermissions($page, [], []); } $this->asEditor()->post($chapter->getUrl('/copy'), [ @@ -116,8 +116,8 @@ class ChapterTest extends TestCase public function test_copy_does_not_copy_pages_if_user_cant_page_create() { $chapter = $this->entities->chapterHasPages(); - $viewer = $this->getViewer(); - $this->giveUserPermissions($viewer, ['chapter-create-all']); + $viewer = $this->users->viewer(); + $this->permissions->grantUserRolePermissions($viewer, ['chapter-create-all']); // Lacking permission results in no copied pages $this->actingAs($viewer)->post($chapter->getUrl('/copy'), [ @@ -128,7 +128,7 @@ class ChapterTest extends TestCase $newChapter = Chapter::query()->where('name', '=', 'My copied chapter')->first(); $this->assertEquals(0, $newChapter->pages()->count()); - $this->giveUserPermissions($viewer, ['page-create-all']); + $this->permissions->grantUserRolePermissions($viewer, ['page-create-all']); // Having permission rules in copied pages $this->actingAs($viewer)->post($chapter->getUrl('/copy'), [ @@ -144,7 +144,7 @@ class ChapterTest extends TestCase { $chapter = $this->entities->chapter(); - $resp = $this->actingAs($this->getViewer())->get($chapter->getUrl()); + $resp = $this->actingAs($this->users->viewer())->get($chapter->getUrl()); $this->withHtml($resp)->assertLinkNotExists($chapter->book->getUrl('sort')); $resp = $this->asEditor()->get($chapter->getUrl()); diff --git a/tests/Entity/ConvertTest.php b/tests/Entity/ConvertTest.php index 16dd89068..4beec7fa6 100644 --- a/tests/Entity/ConvertTest.php +++ b/tests/Entity/ConvertTest.php @@ -49,16 +49,16 @@ class ConvertTest extends TestCase public function test_convert_chapter_to_book_requires_permissions() { $chapter = $this->entities->chapter(); - $user = $this->getViewer(); + $user = $this->users->viewer(); $permissions = ['chapter-delete-all', 'book-create-all', 'chapter-update-all']; - $this->giveUserPermissions($user, $permissions); + $this->permissions->grantUserRolePermissions($user, $permissions); foreach ($permissions as $permission) { - $this->removePermissionFromUser($user, $permission); + $this->permissions->removeUserRolePermissions($user, [$permission]); $resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book')); $this->assertPermissionError($resp); - $this->giveUserPermissions($user, [$permission]); + $this->permissions->grantUserRolePermissions($user, [$permission]); } $resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book')); @@ -122,16 +122,16 @@ class ConvertTest extends TestCase public function test_book_convert_to_shelf_requires_permissions() { $book = $this->entities->book(); - $user = $this->getViewer(); + $user = $this->users->viewer(); $permissions = ['book-delete-all', 'bookshelf-create-all', 'book-update-all', 'book-create-all']; - $this->giveUserPermissions($user, $permissions); + $this->permissions->grantUserRolePermissions($user, $permissions); foreach ($permissions as $permission) { - $this->removePermissionFromUser($user, $permission); + $this->permissions->removeUserRolePermissions($user, [$permission]); $resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf')); $this->assertPermissionError($resp); - $this->giveUserPermissions($user, [$permission]); + $this->permissions->grantUserRolePermissions($user, [$permission]); } $resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf')); diff --git a/tests/Entity/EntityAccessTest.php b/tests/Entity/EntityAccessTest.php index 2bb32fde8..ab7587a3b 100644 --- a/tests/Entity/EntityAccessTest.php +++ b/tests/Entity/EntityAccessTest.php @@ -11,8 +11,8 @@ class EntityAccessTest extends TestCase public function test_entities_viewable_after_creator_deletion() { // Create required assets and revisions - $creator = $this->getEditor(); - $updater = $this->getViewer(); + $creator = $this->users->editor(); + $updater = $this->users->viewer(); $entities = $this->entities->createChainBelongingToUser($creator, $updater); app()->make(UserRepo::class)->destroy($creator); $this->entities->updatePage($entities['page'], ['html' => '

hello!

>']); @@ -23,8 +23,8 @@ class EntityAccessTest extends TestCase public function test_entities_viewable_after_updater_deletion() { // Create required assets and revisions - $creator = $this->getViewer(); - $updater = $this->getEditor(); + $creator = $this->users->viewer(); + $updater = $this->users->editor(); $entities = $this->entities->createChainBelongingToUser($creator, $updater); app()->make(UserRepo::class)->destroy($updater); $this->entities->updatePage($entities['page'], ['html' => '

Hello there!

']); diff --git a/tests/Entity/EntitySearchTest.php b/tests/Entity/EntitySearchTest.php index 2650b6743..4563fb651 100644 --- a/tests/Entity/EntitySearchTest.php +++ b/tests/Entity/EntitySearchTest.php @@ -132,7 +132,7 @@ class EntitySearchTest extends TestCase public function test_search_filters() { $page = $this->entities->newPage(['name' => 'My new test quaffleachits', 'html' => 'this is about an orange donkey danzorbhsing']); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); // Viewed filter searches @@ -171,7 +171,7 @@ class EntitySearchTest extends TestCase // Restricted filter $this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertDontSee($page->name); - $this->entities->setPermissions($page, ['view'], [$editor->roles->first()]); + $this->permissions->setEntityPermissions($page, ['view'], [$editor->roles->first()]); $this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertSee($page->name); // Date filters @@ -235,7 +235,7 @@ class EntitySearchTest extends TestCase $this->withHtml($resp)->assertElementContains($baseSelector, $page->name); $this->withHtml($resp)->assertElementNotContains($baseSelector, "You don't have the required permissions to select this item"); - $resp = $this->actingAs($this->getViewer())->get($searchUrl); + $resp = $this->actingAs($this->users->viewer())->get($searchUrl); $this->withHtml($resp)->assertElementContains($baseSelector, $page->name); $this->withHtml($resp)->assertElementContains($baseSelector, "You don't have the required permissions to select this item"); } @@ -246,7 +246,7 @@ class EntitySearchTest extends TestCase $this->assertGreaterThan(2, count($chapter->pages), 'Ensure we\'re testing with at least 1 sibling'); $page = $chapter->pages->first(); - $search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$page->id}&entity_type=page"); + $search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$page->id}&entity_type=page"); $search->assertSuccessful(); foreach ($chapter->pages as $page) { $search->assertSee($page->name); @@ -261,7 +261,7 @@ class EntitySearchTest extends TestCase $bookChildren = $page->book->getDirectChildren(); $this->assertGreaterThan(2, count($bookChildren), 'Ensure we\'re testing with at least 1 sibling'); - $search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$page->id}&entity_type=page"); + $search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$page->id}&entity_type=page"); $search->assertSuccessful(); foreach ($bookChildren as $child) { $search->assertSee($child->name); @@ -276,7 +276,7 @@ class EntitySearchTest extends TestCase $bookChildren = $chapter->book->getDirectChildren(); $this->assertGreaterThan(2, count($bookChildren), 'Ensure we\'re testing with at least 1 sibling'); - $search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$chapter->id}&entity_type=chapter"); + $search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$chapter->id}&entity_type=chapter"); $search->assertSuccessful(); foreach ($bookChildren as $child) { $search->assertSee($child->name); @@ -291,7 +291,7 @@ class EntitySearchTest extends TestCase $book = $books->first(); $this->assertGreaterThan(2, count($books), 'Ensure we\'re testing with at least 1 sibling'); - $search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$book->id}&entity_type=book"); + $search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$book->id}&entity_type=book"); $search->assertSuccessful(); foreach ($books as $expectedBook) { $search->assertSee($expectedBook->name); @@ -304,7 +304,7 @@ class EntitySearchTest extends TestCase $shelf = $shelves->first(); $this->assertGreaterThan(2, count($shelves), 'Ensure we\'re testing with at least 1 sibling'); - $search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$shelf->id}&entity_type=bookshelf"); + $search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$shelf->id}&entity_type=bookshelf"); $search->assertSuccessful(); foreach ($shelves as $expectedShelf) { $search->assertSee($expectedShelf->name); diff --git a/tests/Entity/ExportTest.php b/tests/Entity/ExportTest.php index 0f80bdd49..0f8d0f48c 100644 --- a/tests/Entity/ExportTest.php +++ b/tests/Entity/ExportTest.php @@ -275,7 +275,7 @@ class ExportTest extends TestCase public function test_page_export_with_deleted_creator_and_updater() { - $user = $this->getViewer(['name' => 'ExportWizardTheFifth']); + $user = $this->users->viewer(['name' => 'ExportWizardTheFifth']); $page = $this->entities->page(); $page->created_by = $user->id; $page->updated_by = $user->id; @@ -409,7 +409,7 @@ class ExportTest extends TestCase $chapter = $book->chapters()->first(); $page = $chapter->pages()->first(); $entities = [$book, $chapter, $page]; - $user = $this->getViewer(); + $user = $this->users->viewer(); $this->actingAs($user); foreach ($entities as $entity) { @@ -417,8 +417,7 @@ class ExportTest extends TestCase $resp->assertSee('/export/pdf'); } - /** @var Role $role */ - $this->removePermissionFromUser($user, 'content-export'); + $this->permissions->removeUserRolePermissions($user, ['content-export']); foreach ($entities as $entity) { $resp = $this->get($entity->getUrl()); diff --git a/tests/Entity/PageContentTest.php b/tests/Entity/PageContentTest.php index 0c9854206..e24ee4fb5 100644 --- a/tests/Entity/PageContentTest.php +++ b/tests/Entity/PageContentTest.php @@ -483,7 +483,7 @@ class PageContentTest extends TestCase { $page = $this->entities->page(); - $this->actingAs($this->getAdmin()) + $this->actingAs($this->users->admin()) ->put($page->getUrl(''), [ 'name' => 'Testing', 'html' => '

"Hello & welcome"

', diff --git a/tests/Entity/PageDraftTest.php b/tests/Entity/PageDraftTest.php index 010173852..75b1933ea 100644 --- a/tests/Entity/PageDraftTest.php +++ b/tests/Entity/PageDraftTest.php @@ -39,7 +39,7 @@ class PageDraftTest extends TestCase $this->withHtml($resp)->assertElementNotContains('[name="html"]', $addedContent); $newContent = $this->page->html . $addedContent; - $newUser = $this->getEditor(); + $newUser = $this->users->editor(); $this->pageRepo->updatePageDraft($this->page, ['html' => $newContent]); $resp = $this->actingAs($newUser)->get($this->page->getUrl('/edit')); @@ -62,7 +62,7 @@ class PageDraftTest extends TestCase $this->withHtml($resp)->assertElementNotContains('[name="html"]', $addedContent); $newContent = $this->page->html . $addedContent; - $newUser = $this->getEditor(); + $newUser = $this->users->editor(); $this->pageRepo->updatePageDraft($this->page, ['html' => $newContent]); $this->actingAs($newUser) @@ -75,8 +75,8 @@ class PageDraftTest extends TestCase public function test_draft_save_shows_alert_if_draft_older_than_last_page_update() { - $admin = $this->getAdmin(); - $editor = $this->getEditor(); + $admin = $this->users->admin(); + $editor = $this->users->editor(); $page = $this->entities->page(); $this->actingAs($editor)->put('/ajax/page/' . $page->id . '/save-draft', [ @@ -109,8 +109,8 @@ class PageDraftTest extends TestCase public function test_draft_save_shows_alert_if_draft_edit_started_by_someone_else() { - $admin = $this->getAdmin(); - $editor = $this->getEditor(); + $admin = $this->users->admin(); + $editor = $this->users->editor(); $page = $this->entities->page(); $this->actingAs($admin)->put('/ajax/page/' . $page->id . '/save-draft', [ @@ -143,7 +143,7 @@ class PageDraftTest extends TestCase { $book = $this->entities->book(); $chapter = $book->chapters->first(); - $newUser = $this->getEditor(); + $newUser = $this->users->editor(); $this->actingAs($newUser)->get($book->getUrl('/create-page')); $this->get($chapter->getUrl('/create-page')); diff --git a/tests/Entity/PageRevisionTest.php b/tests/Entity/PageRevisionTest.php index 0749888c8..0df37728e 100644 --- a/tests/Entity/PageRevisionTest.php +++ b/tests/Entity/PageRevisionTest.php @@ -208,13 +208,13 @@ class PageRevisionTest extends TestCase $page = $this->entities->page(); $this->createRevisions($page, 2); - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $this->actingAs($viewer); $respHtml = $this->withHtml($this->get($page->getUrl('/revisions'))); $respHtml->assertElementNotContains('.actions a', 'Restore'); $respHtml->assertElementNotExists('form[action$="/restore"]'); - $this->giveUserPermissions($viewer, ['page-update-all']); + $this->permissions->grantUserRolePermissions($viewer, ['page-update-all']); $respHtml = $this->withHtml($this->get($page->getUrl('/revisions'))); $respHtml->assertElementContains('.actions a', 'Restore'); @@ -226,13 +226,13 @@ class PageRevisionTest extends TestCase $page = $this->entities->page(); $this->createRevisions($page, 2); - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $this->actingAs($viewer); $respHtml = $this->withHtml($this->get($page->getUrl('/revisions'))); $respHtml->assertElementNotContains('.actions a', 'Delete'); $respHtml->assertElementNotExists('form[action$="/delete"]'); - $this->giveUserPermissions($viewer, ['page-delete-all']); + $this->permissions->grantUserRolePermissions($viewer, ['page-delete-all']); $respHtml = $this->withHtml($this->get($page->getUrl('/revisions'))); $respHtml->assertElementContains('.actions a', 'Delete'); diff --git a/tests/Entity/PageTemplateTest.php b/tests/Entity/PageTemplateTest.php index dc45fcfb8..6a68c3ab1 100644 --- a/tests/Entity/PageTemplateTest.php +++ b/tests/Entity/PageTemplateTest.php @@ -25,7 +25,7 @@ class PageTemplateTest extends TestCase public function test_manage_templates_permission_required_to_change_page_template_status() { $page = $this->entities->page(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $pageUpdateData = [ @@ -40,7 +40,7 @@ class PageTemplateTest extends TestCase 'template' => false, ]); - $this->giveUserPermissions($editor, ['templates-manage']); + $this->permissions->grantUserRolePermissions($editor, ['templates-manage']); $this->put($page->getUrl(), $pageUpdateData); $this->assertDatabaseHas('pages', [ @@ -53,7 +53,7 @@ class PageTemplateTest extends TestCase { $content = '
my_custom_template_content
'; $page = $this->entities->page(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $templateFetch = $this->get('/templates/' . $page->id); @@ -73,7 +73,7 @@ class PageTemplateTest extends TestCase public function test_template_endpoint_returns_paginated_list_of_templates() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $toBeTemplates = Page::query()->orderBy('name', 'asc')->take(12)->get(); diff --git a/tests/Entity/PageTest.php b/tests/Entity/PageTest.php index f481ffb61..370c4381c 100644 --- a/tests/Entity/PageTest.php +++ b/tests/Entity/PageTest.php @@ -38,8 +38,8 @@ class PageTest extends TestCase public function test_page_view_when_creator_is_deleted_but_owner_exists() { $page = $this->entities->page(); - $user = $this->getViewer(); - $owner = $this->getEditor(); + $user = $this->users->viewer(); + $owner = $this->users->editor(); $page->created_by = $user->id; $page->owned_by = $owner->id; $page->save(); @@ -190,15 +190,15 @@ class PageTest extends TestCase $page = $this->entities->page(); $currentBook = $page->book; $newBook = Book::where('id', '!=', $currentBook->id)->first(); - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $resp = $this->actingAs($viewer)->get($page->getUrl()); $resp->assertDontSee($page->getUrl('/copy')); $newBook->owned_by = $viewer->id; $newBook->save(); - $this->giveUserPermissions($viewer, ['page-create-own']); - $this->entities->regenPermissions($newBook); + $this->permissions->grantUserRolePermissions($viewer, ['page-create-own']); + $this->permissions->regenerateForEntity($newBook); $resp = $this->actingAs($viewer)->get($page->getUrl()); $resp->assertSee($page->getUrl('/copy')); @@ -249,7 +249,7 @@ class PageTest extends TestCase public function test_recently_updated_pages_view() { - $user = $this->getEditor(); + $user = $this->users->editor(); $content = $this->entities->createChainBelongingToUser($user); $resp = $this->asAdmin()->get('/pages/recently-updated'); @@ -258,7 +258,7 @@ class PageTest extends TestCase public function test_recently_updated_pages_view_shows_updated_by_details() { - $user = $this->getEditor(); + $user = $this->users->editor(); $page = $this->entities->page(); $this->actingAs($user)->put($page->getUrl(), [ @@ -272,7 +272,7 @@ class PageTest extends TestCase public function test_recently_updated_pages_view_shows_parent_chain() { - $user = $this->getEditor(); + $user = $this->users->editor(); $page = $this->entities->pageWithinChapter(); $this->actingAs($user)->put($page->getUrl(), [ @@ -287,7 +287,7 @@ class PageTest extends TestCase public function test_recently_updated_pages_view_does_not_show_parent_if_not_visible() { - $user = $this->getEditor(); + $user = $this->users->editor(); $page = $this->entities->pageWithinChapter(); $this->actingAs($user)->put($page->getUrl(), [ @@ -295,8 +295,8 @@ class PageTest extends TestCase 'html' => '

Updated content

', ]); - $this->entities->setPermissions($page->book); - $this->entities->setPermissions($page, ['view'], [$user->roles->first()]); + $this->permissions->setEntityPermissions($page->book); + $this->permissions->setEntityPermissions($page, ['view'], [$user->roles->first()]); $resp = $this->get('/pages/recently-updated'); $resp->assertDontSee($page->book->getShortName(42)); diff --git a/tests/Entity/SortTest.php b/tests/Entity/SortTest.php index f02e15d21..9a5a2fe17 100644 --- a/tests/Entity/SortTest.php +++ b/tests/Entity/SortTest.php @@ -53,7 +53,7 @@ class SortTest extends TestCase $newBook = Book::query()->where('id', '!=', $currentBook->id)->first(); $newChapter = $newBook->chapters()->first(); - $movePageResp = $this->actingAs($this->getEditor())->put($page->getUrl('/move'), [ + $movePageResp = $this->actingAs($this->users->editor())->put($page->getUrl('/move'), [ 'entity_selection' => 'chapter:' . $newChapter->id, ]); $page->refresh(); @@ -71,7 +71,7 @@ class SortTest extends TestCase $page = $oldChapter->pages()->first(); $newBook = Book::query()->where('id', '!=', $oldChapter->book_id)->first(); - $movePageResp = $this->actingAs($this->getEditor())->put($page->getUrl('/move'), [ + $movePageResp = $this->actingAs($this->users->editor())->put($page->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id, ]); $page->refresh(); @@ -89,16 +89,16 @@ class SortTest extends TestCase $page = $this->entities->page(); $currentBook = $page->book; $newBook = Book::query()->where('id', '!=', $currentBook->id)->first(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); - $this->entities->setPermissions($newBook, ['view', 'update', 'delete'], $editor->roles->all()); + $this->permissions->setEntityPermissions($newBook, ['view', 'update', 'delete'], $editor->roles->all()); $movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id, ]); $this->assertPermissionError($movePageResp); - $this->entities->setPermissions($newBook, ['view', 'update', 'delete', 'create'], $editor->roles->all()); + $this->permissions->setEntityPermissions($newBook, ['view', 'update', 'delete', 'create'], $editor->roles->all()); $movePageResp = $this->put($page->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id, ]); @@ -114,10 +114,10 @@ class SortTest extends TestCase $page = $this->entities->page(); $currentBook = $page->book; $newBook = Book::query()->where('id', '!=', $currentBook->id)->first(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); - $this->entities->setPermissions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all()); - $this->entities->setPermissions($page, ['view', 'update', 'create'], $editor->roles->all()); + $this->permissions->setEntityPermissions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all()); + $this->permissions->setEntityPermissions($page, ['view', 'update', 'create'], $editor->roles->all()); $movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id, @@ -126,7 +126,7 @@ class SortTest extends TestCase $pageView = $this->get($page->getUrl()); $pageView->assertDontSee($page->getUrl('/move')); - $this->entities->setPermissions($page, ['view', 'update', 'create', 'delete'], $editor->roles->all()); + $this->permissions->setEntityPermissions($page, ['view', 'update', 'create', 'delete'], $editor->roles->all()); $movePageResp = $this->put($page->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id, ]); @@ -169,10 +169,10 @@ class SortTest extends TestCase $chapter = $this->entities->chapter(); $currentBook = $chapter->book; $newBook = Book::query()->where('id', '!=', $currentBook->id)->first(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); - $this->entities->setPermissions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all()); - $this->entities->setPermissions($chapter, ['view', 'update', 'create'], $editor->roles->all()); + $this->permissions->setEntityPermissions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all()); + $this->permissions->setEntityPermissions($chapter, ['view', 'update', 'create'], $editor->roles->all()); $moveChapterResp = $this->actingAs($editor)->put($chapter->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id, @@ -181,7 +181,7 @@ class SortTest extends TestCase $pageView = $this->get($chapter->getUrl()); $pageView->assertDontSee($chapter->getUrl('/move')); - $this->entities->setPermissions($chapter, ['view', 'update', 'create', 'delete'], $editor->roles->all()); + $this->permissions->setEntityPermissions($chapter, ['view', 'update', 'create', 'delete'], $editor->roles->all()); $moveChapterResp = $this->put($chapter->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id, ]); @@ -196,17 +196,17 @@ class SortTest extends TestCase $chapter = $this->entities->chapter(); $currentBook = $chapter->book; $newBook = Book::query()->where('id', '!=', $currentBook->id)->first(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); - $this->entities->setPermissions($newBook, ['view', 'update', 'delete'], [$editor->roles->first()]); - $this->entities->setPermissions($chapter, ['view', 'update', 'create', 'delete'], [$editor->roles->first()]); + $this->permissions->setEntityPermissions($newBook, ['view', 'update', 'delete'], [$editor->roles->first()]); + $this->permissions->setEntityPermissions($chapter, ['view', 'update', 'create', 'delete'], [$editor->roles->first()]); $moveChapterResp = $this->actingAs($editor)->put($chapter->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id, ]); $this->assertPermissionError($moveChapterResp); - $this->entities->setPermissions($newBook, ['view', 'update', 'create', 'delete'], [$editor->roles->first()]); + $this->permissions->setEntityPermissions($newBook, ['view', 'update', 'create', 'delete'], [$editor->roles->first()]); $moveChapterResp = $this->put($chapter->getUrl('/move'), [ 'entity_selection' => 'book:' . $newBook->id, ]); @@ -313,7 +313,7 @@ class SortTest extends TestCase $page = $this->entities->pageWithinChapter(); /** @var Chapter $otherChapter */ $otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first(); - $this->entities->setPermissions($otherChapter); + $this->permissions->setEntityPermissions($otherChapter); $sortData = [ 'id' => $page->id, @@ -334,8 +334,8 @@ class SortTest extends TestCase $page = $this->entities->pageWithinChapter(); /** @var Chapter $otherChapter */ $otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first(); - $editor = $this->getEditor(); - $this->entities->setPermissions($otherChapter->book, ['update', 'delete'], [$editor->roles()->first()]); + $editor = $this->users->editor(); + $this->permissions->setEntityPermissions($otherChapter->book, ['update', 'delete'], [$editor->roles()->first()]); $sortData = [ 'id' => $page->id, @@ -356,8 +356,8 @@ class SortTest extends TestCase $page = $this->entities->pageWithinChapter(); /** @var Chapter $otherChapter */ $otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first(); - $editor = $this->getEditor(); - $this->entities->setPermissions($otherChapter, ['view', 'delete'], [$editor->roles()->first()]); + $editor = $this->users->editor(); + $this->permissions->setEntityPermissions($otherChapter, ['view', 'delete'], [$editor->roles()->first()]); $sortData = [ 'id' => $page->id, @@ -378,8 +378,8 @@ class SortTest extends TestCase $page = $this->entities->pageWithinChapter(); /** @var Chapter $otherChapter */ $otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first(); - $editor = $this->getEditor(); - $this->entities->setPermissions($page, ['view', 'delete'], [$editor->roles()->first()]); + $editor = $this->users->editor(); + $this->permissions->setEntityPermissions($page, ['view', 'delete'], [$editor->roles()->first()]); $sortData = [ 'id' => $page->id, @@ -400,8 +400,8 @@ class SortTest extends TestCase $page = $this->entities->pageWithinChapter(); /** @var Chapter $otherChapter */ $otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first(); - $editor = $this->getEditor(); - $this->entities->setPermissions($page, ['view', 'update'], [$editor->roles()->first()]); + $editor = $this->users->editor(); + $this->permissions->setEntityPermissions($page, ['view', 'update'], [$editor->roles()->first()]); $sortData = [ 'id' => $page->id, diff --git a/tests/Entity/TagTest.php b/tests/Entity/TagTest.php index ab06686e0..7e6674959 100644 --- a/tests/Entity/TagTest.php +++ b/tests/Entity/TagTest.php @@ -75,7 +75,7 @@ class TagTest extends TestCase $this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']); // Set restricted permission the page - $this->entities->setPermissions($page, [], []); + $this->permissions->setEntityPermissions($page, [], []); $this->asAdmin()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']); $this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson([]); @@ -178,7 +178,7 @@ class TagTest extends TestCase $resp = $this->get('/tags?name=SuperCategory'); $resp->assertSee('GreatTestContent'); - $this->entities->setPermissions($page, [], []); + $this->permissions->setEntityPermissions($page, [], []); $resp = $this->asEditor()->get('/tags'); $resp->assertDontSee('SuperCategory'); diff --git a/tests/ErrorTest.php b/tests/ErrorTest.php index ebd9874d3..6ba01dd88 100644 --- a/tests/ErrorTest.php +++ b/tests/ErrorTest.php @@ -11,7 +11,7 @@ class ErrorTest extends TestCase // Due to middleware being handled differently this will not fail // if our custom, middleware-loaded handler fails but this is here // as a reminder and as a general check in the event of other issues. - $editor = $this->getEditor(); + $editor = $this->users->editor(); $editor->name = 'tester'; $editor->save(); @@ -24,7 +24,7 @@ class ErrorTest extends TestCase public function test_item_not_found_does_not_get_logged_to_file() { - $this->actingAs($this->getViewer()); + $this->actingAs($this->users->viewer()); $handler = $this->withTestLogger(); $book = $this->entities->book(); @@ -41,7 +41,7 @@ class ErrorTest extends TestCase public function test_access_to_non_existing_image_location_provides_404_response() { - $resp = $this->actingAs($this->getViewer())->get('/uploads/images/gallery/2021-05/anonexistingimage.png'); + $resp = $this->actingAs($this->users->viewer())->get('/uploads/images/gallery/2021-05/anonexistingimage.png'); $resp->assertStatus(404); $resp->assertSeeText('Image Not Found'); } diff --git a/tests/FavouriteTest.php b/tests/FavouriteTest.php index 456f2213c..7778aa8e9 100644 --- a/tests/FavouriteTest.php +++ b/tests/FavouriteTest.php @@ -10,7 +10,7 @@ class FavouriteTest extends TestCase public function test_page_add_favourite_flow() { $page = $this->entities->page(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->actingAs($editor)->get($page->getUrl()); $this->withHtml($resp)->assertElementContains('button', 'Favourite'); @@ -33,7 +33,7 @@ class FavouriteTest extends TestCase public function test_page_remove_favourite_flow() { $page = $this->entities->page(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); Favourite::query()->forceCreate([ 'user_id' => $editor->id, 'favouritable_id' => $page->id, @@ -63,7 +63,7 @@ class FavouriteTest extends TestCase $book->owned_by = $user->id; $book->save(); - $this->giveUserPermissions($user, ['book-view-own']); + $this->permissions->grantUserRolePermissions($user, ['book-view-own']); $this->actingAs($user)->get($book->getUrl()); $resp = $this->post('/favourites/add', [ @@ -81,7 +81,7 @@ class FavouriteTest extends TestCase public function test_each_entity_type_shows_favourite_button() { - $this->actingAs($this->getEditor()); + $this->actingAs($this->users->editor()); foreach ($this->entities->all() as $entity) { $resp = $this->get($entity->getUrl()); @@ -94,13 +94,13 @@ class FavouriteTest extends TestCase $this->setSettings(['app-public' => 'true']); $resp = $this->get('/'); $this->withHtml($resp)->assertElementNotContains('header', 'My Favourites'); - $resp = $this->actingAs($this->getViewer())->get('/'); + $resp = $this->actingAs($this->users->viewer())->get('/'); $this->withHtml($resp)->assertElementContains('header a', 'My Favourites'); } public function test_favourites_shown_on_homepage() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->actingAs($editor)->get('/'); $this->withHtml($resp)->assertElementNotExists('#top-favourites'); @@ -116,7 +116,7 @@ class FavouriteTest extends TestCase public function test_favourites_list_page_shows_favourites_and_has_working_pagination() { $page = $this->entities->page(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->actingAs($editor)->get('/favourites'); $resp->assertDontSee($page->name); diff --git a/tests/Helpers/EntityProvider.php b/tests/Helpers/EntityProvider.php index 9e8cf0b73..d79015f75 100644 --- a/tests/Helpers/EntityProvider.php +++ b/tests/Helpers/EntityProvider.php @@ -2,8 +2,6 @@ namespace Tests\Helpers; -use BookStack\Auth\Permissions\EntityPermission; -use BookStack\Auth\Role; use BookStack\Auth\User; use BookStack\Entities\Models\Book; use BookStack\Entities\Models\Bookshelf; @@ -186,44 +184,6 @@ class EntityProvider return $pageRepo->publishDraft($draftPage, $input); } - /** - * Regenerate the permission for an entity. - * Centralised to manage clearing of cached elements between requests. - */ - public function regenPermissions(Entity $entity): void - { - $entity->rebuildPermissions(); - $entity->load('jointPermissions'); - } - - /** - * Set the given entity as having restricted permissions, and apply the given - * permissions for the given roles. - * @param string[] $actions - * @param Role[] $roles - */ - public function setPermissions(Entity $entity, array $actions = [], array $roles = []): void - { - $entity->permissions()->delete(); - - $permissions = [ - // Set default permissions to not allow actions so that only the provided role permissions are at play. - ['role_id' => 0, 'view' => false, 'create' => false, 'update' => false, 'delete' => false], - ]; - - foreach ($roles as $role) { - $permission = ['role_id' => $role->id]; - foreach (EntityPermission::PERMISSIONS as $possibleAction) { - $permission[$possibleAction] = in_array($possibleAction, $actions); - } - $permissions[] = $permission; - } - - $entity->permissions()->createMany($permissions); - $entity->load('permissions'); - $this->regenPermissions($entity); - } - /** * @param Entity|Entity[] $entities */ diff --git a/tests/Helpers/PermissionsProvider.php b/tests/Helpers/PermissionsProvider.php new file mode 100644 index 000000000..ac9a2a68a --- /dev/null +++ b/tests/Helpers/PermissionsProvider.php @@ -0,0 +1,136 @@ +userRoleProvider = $userRoleProvider; + } + + /** + * Grant role permissions to the provided user. + */ + public function grantUserRolePermissions(User $user, array $permissions): void + { + $newRole = $this->userRoleProvider->createRole($permissions); + $user->attachRole($newRole); + $user->load('roles'); + $user->clearPermissionCache(); + } + + /** + * Completely remove specific role permissions from the provided user. + */ + public function removeUserRolePermissions(User $user, array $permissions): void + { + foreach ($permissions as $permissionName) { + /** @var RolePermission $permission */ + $permission = RolePermission::query() + ->where('name', '=', $permissionName) + ->firstOrFail(); + + $roles = $user->roles()->whereHas('permissions', function ($query) use ($permission) { + $query->where('id', '=', $permission->id); + })->get(); + + /** @var Role $role */ + foreach ($roles as $role) { + $role->detachPermission($permission); + } + + $user->clearPermissionCache(); + } + } + + /** + * Change the owner of the given entity to the given user. + */ + public function changeEntityOwner(Entity $entity, User $newOwner): void + { + $entity->owned_by = $newOwner->id; + $entity->save(); + $entity->rebuildPermissions(); + } + + /** + * Regenerate the permission for an entity. + * Centralised to manage clearing of cached elements between requests. + */ + public function regenerateForEntity(Entity $entity): void + { + $entity->rebuildPermissions(); + } + + /** + * Set the given entity as having restricted permissions, and apply the given + * permissions for the given roles. + * @param string[] $actions + * @param Role[] $roles + */ + public function setEntityPermissions(Entity $entity, array $actions = [], array $roles = [], $inherit = false): void + { + $entity->permissions()->delete(); + + $permissions = []; + + if (!$inherit) { + // Set default permissions to not allow actions so that only the provided role permissions are at play. + $permissions[] = ['role_id' => null, 'user_id' => null, 'view' => false, 'create' => false, 'update' => false, 'delete' => false]; + } + + foreach ($roles as $role) { + $permissions[] = $this->actionListToEntityPermissionData($actions, $role->id); + } + + $this->addEntityPermissionEntries($entity, $permissions); + } + + public function addEntityPermission(Entity $entity, array $actionList, ?Role $role = null, ?User $user = null) + { + $permissionData = $this->actionListToEntityPermissionData($actionList, $role->id ?? null, $user->id ?? null); + $this->addEntityPermissionEntries($entity, [$permissionData]); + } + + /** + * Disable inherited permissions on the given entity. + * Effectively sets the "Other Users" UI permission option to not inherit, with no permissions. + */ + public function disableEntityInheritedPermissions(Entity $entity): void + { + $entity->permissions()->whereNull(['user_id', 'role_id'])->delete(); + $fallback = $this->actionListToEntityPermissionData([]); + $this->addEntityPermissionEntries($entity, [$fallback]); + } + + protected function addEntityPermissionEntries(Entity $entity, array $entityPermissionData): void + { + $entity->permissions()->createMany($entityPermissionData); + $entity->load('permissions'); + $this->regenerateForEntity($entity); + } + + /** + * For the given simple array of string actions (view, create, update, delete), convert + * the format to entity permission data, where permission is granted if the action is in the + * given actionList array. + */ + protected function actionListToEntityPermissionData(array $actionList, int $roleId = null, int $userId = null): array + { + $permissionData = ['role_id' => $roleId, 'user_id' => $userId]; + foreach (EntityPermission::PERMISSIONS as $possibleAction) { + $permissionData[$possibleAction] = in_array($possibleAction, $actionList); + } + + return $permissionData; + } +} diff --git a/tests/Helpers/UserRoleProvider.php b/tests/Helpers/UserRoleProvider.php new file mode 100644 index 000000000..355c1687c --- /dev/null +++ b/tests/Helpers/UserRoleProvider.php @@ -0,0 +1,97 @@ +admin)) { + $adminRole = Role::getSystemRole('admin'); + $this->admin = $adminRole->users->first(); + } + + return $this->admin; + } + + /** + * Get a typical "Editor" user. + */ + public function editor(): User + { + if ($this->editor === null) { + $editorRole = Role::getRole('editor'); + $this->editor = $editorRole->users->first(); + } + + return $this->editor; + } + + /** + * Get a typical "Viewer" user. + */ + public function viewer(array $attributes = []): User + { + $user = Role::getRole('viewer')->users()->first(); + if (!empty($attributes)) { + $user->forceFill($attributes)->save(); + } + + return $user; + } + + /** + * Create a new fresh user without any relations. + */ + public function newUser(array $attrs = []): User + { + return User::factory()->create($attrs); + } + + /** + * Create a new fresh user, with the given attrs, that has assigned a fresh role + * that has the given role permissions. + * Intended as a helper to create a blank slate baseline user and role. + * @return array{0: User, 1: Role} + */ + public function newUserWithRole(array $userAttrs = [], array $rolePermissions = []): array + { + $user = $this->newUser($userAttrs); + $role = $this->attachNewRole($user, $rolePermissions); + + return [$user, $role]; + } + + /** + * Attach a new role, with the given role permissions, to the given user + * and return that role. + */ + public function attachNewRole(User $user, array $rolePermissions = []): Role + { + $role = $this->createRole($rolePermissions); + $user->attachRole($role); + return $role; + } + + /** + * Create a new basic role with the given role permissions. + */ + public function createRole(array $rolePermissions = []): Role + { + $permissionRepo = app(PermissionsRepo::class); + $roleData = Role::factory()->make()->toArray(); + $roleData['permissions'] = array_flip($rolePermissions); + + return $permissionRepo->saveNewRole($roleData); + } +} diff --git a/tests/HomepageTest.php b/tests/HomepageTest.php index cf69425fb..c7e8b69bb 100644 --- a/tests/HomepageTest.php +++ b/tests/HomepageTest.php @@ -114,7 +114,7 @@ class HomepageTest extends TestCase public function test_set_book_homepage() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); setting()->putUser($editor, 'books_view_type', 'grid'); $this->setSettings(['app-homepage-type' => 'books']); @@ -133,7 +133,7 @@ class HomepageTest extends TestCase public function test_set_bookshelves_homepage() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); setting()->putUser($editor, 'bookshelves_view_type', 'grid'); $shelf = $this->entities->shelf(); @@ -152,7 +152,7 @@ class HomepageTest extends TestCase public function test_shelves_list_homepage_adheres_to_book_visibility_permissions() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); setting()->putUser($editor, 'bookshelves_view_type', 'list'); $this->setSettings(['app-homepage-type' => 'bookshelves']); $this->asEditor(); @@ -167,13 +167,13 @@ class HomepageTest extends TestCase // Ensure book no longer visible without view permission $editor->roles()->detach(); - $this->giveUserPermissions($editor, ['bookshelf-view-all']); + $this->permissions->grantUserRolePermissions($editor, ['bookshelf-view-all']); $homeVisit = $this->get('/'); $this->withHtml($homeVisit)->assertElementContains('.content-wrap', $shelf->name); $this->withHtml($homeVisit)->assertElementNotContains('.content-wrap', $book->name); // Ensure is visible again with entity-level view permission - $this->entities->setPermissions($book, ['view'], [$editor->roles()->first()]); + $this->permissions->setEntityPermissions($book, ['view'], [$editor->roles()->first()]); $homeVisit = $this->get('/'); $this->withHtml($homeVisit)->assertElementContains('.content-wrap', $shelf->name); $this->withHtml($homeVisit)->assertElementContains('.content-wrap', $book->name); diff --git a/tests/LanguageTest.php b/tests/LanguageTest.php index 27de5f875..ba522a74e 100644 --- a/tests/LanguageTest.php +++ b/tests/LanguageTest.php @@ -4,7 +4,7 @@ namespace Tests; class LanguageTest extends TestCase { - protected array $langs; + protected $langs; /** * LanguageTest constructor. @@ -77,20 +77,8 @@ class LanguageTest extends TestCase { $this->asEditor(); $this->assertFalse(config('app.rtl'), 'App RTL config should be false by default'); - setting()->putUser($this->getEditor(), 'language', 'ar'); + setting()->putUser($this->users->editor(), 'language', 'ar'); $this->get('/'); $this->assertTrue(config('app.rtl'), 'App RTL config should have been set to true by middleware'); } - - public function test_pluralisation_for_non_standard_locales() - { - $text = trans_choice('entities.x_pages', 1, [], 'de_informal'); - $this->assertEquals('1 Seite', $text); - - $text = trans_choice('entities.x_pages', 2, [], 'de_informal'); - $this->assertEquals('2 Seiten', $text); - - $text = trans_choice('entities.x_pages', 0, [], 'de_informal'); - $this->assertEquals('0 Seiten', $text); - } } diff --git a/tests/Permissions/EntityPermissionsTest.php b/tests/Permissions/EntityPermissionsTest.php index 4b613b49c..68a4ed244 100644 --- a/tests/Permissions/EntityPermissionsTest.php +++ b/tests/Permissions/EntityPermissionsTest.php @@ -2,6 +2,7 @@ namespace Tests\Permissions; +use BookStack\Auth\Role; use BookStack\Auth\User; use BookStack\Entities\Models\Book; use BookStack\Entities\Models\Bookshelf; @@ -20,8 +21,8 @@ class EntityPermissionsTest extends TestCase protected function setUp(): void { parent::setUp(); - $this->user = $this->getEditor(); - $this->viewer = $this->getViewer(); + $this->user = $this->users->editor(); + $this->viewer = $this->users->viewer(); } protected function setRestrictionsForTestRoles(Entity $entity, array $actions = []) @@ -30,7 +31,7 @@ class EntityPermissionsTest extends TestCase $this->user->roles->first(), $this->viewer->roles->first(), ]; - $this->entities->setPermissions($entity, $actions, $roles); + $this->permissions->setEntityPermissions($entity, $actions, $roles); } public function test_bookshelf_view_restriction() @@ -378,8 +379,10 @@ class EntityPermissionsTest extends TestCase $this->put($modelInstance->getUrl('/permissions'), [ 'permissions' => [ - $roleId => [ - $permission => 'true', + 'role' => [ + $roleId => [ + $permission => 'true', + ], ], ], ]); @@ -655,6 +658,34 @@ class EntityPermissionsTest extends TestCase $resp->assertRedirect($book->getUrl('/page/test-page')); } + public function test_access_to_item_prevented_if_inheritance_active_but_permission_prevented_via_role() + { + $user = $this->users->viewer(); + $viewerRole = $user->roles->first(); + $chapter = $this->entities->chapter(); + $book = $chapter->book; + + $this->permissions->setEntityPermissions($book, ['edit'], [$viewerRole], false); + $this->permissions->setEntityPermissions($chapter, [], [$viewerRole], true); + + $this->assertFalse(userCan('chapter-update', $chapter)); + } + + public function test_access_to_item_allowed_if_inheritance_active_and_permission_prevented_via_role_but_allowed_via_parent() + { + $user = $this->users->viewer(); + $viewerRole = $user->roles->first(); + $editorRole = Role::getRole('Editor'); + $user->attachRole($editorRole); + $chapter = $this->entities->chapter(); + $book = $chapter->book; + + $this->permissions->setEntityPermissions($book, ['edit'], [$editorRole], false); + $this->permissions->setEntityPermissions($chapter, [], [$viewerRole], true); + + $this->assertTrue(userCan('chapter-update', $chapter)); + } + public function test_book_permissions_can_be_generated_without_error_if_child_chapter_is_in_recycle_bin() { $book = $this->entities->bookHasChaptersAndPages(); @@ -665,7 +696,7 @@ class EntityPermissionsTest extends TestCase $error = null; try { - $this->entities->setPermissions($book, ['view'], []); + $this->permissions->setEntityPermissions($book, ['view'], []); } catch (Exception $e) { $error = $e; } diff --git a/tests/Permissions/ExportPermissionsTest.php b/tests/Permissions/ExportPermissionsTest.php index 642cf1beb..8072221e5 100644 --- a/tests/Permissions/ExportPermissionsTest.php +++ b/tests/Permissions/ExportPermissionsTest.php @@ -14,7 +14,7 @@ class ExportPermissionsTest extends TestCase $pageContent = Str::random(48); $page->html = '

' . $pageContent . '

'; $page->save(); - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $this->actingAs($viewer); $formats = ['html', 'plaintext']; @@ -25,7 +25,7 @@ class ExportPermissionsTest extends TestCase $resp->assertSee($pageContent); } - $this->entities->setPermissions($page, []); + $this->permissions->setEntityPermissions($page, []); foreach ($formats as $format) { $resp = $this->get($chapter->getUrl("export/{$format}")); @@ -42,7 +42,7 @@ class ExportPermissionsTest extends TestCase $pageContent = Str::random(48); $page->html = '

' . $pageContent . '

'; $page->save(); - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $this->actingAs($viewer); $formats = ['html', 'plaintext']; @@ -53,7 +53,7 @@ class ExportPermissionsTest extends TestCase $resp->assertSee($pageContent); } - $this->entities->setPermissions($page, []); + $this->permissions->setEntityPermissions($page, []); foreach ($formats as $format) { $resp = $this->get($book->getUrl("export/{$format}")); diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php index 88d400259..8bf700c07 100644 --- a/tests/Permissions/RolesTest.php +++ b/tests/Permissions/RolesTest.php @@ -22,7 +22,7 @@ class RolesTest extends TestCase protected function setUp(): void { parent::setUp(); - $this->user = $this->getViewer(); + $this->user = $this->users->viewer(); } public function test_admin_can_see_settings() @@ -42,7 +42,7 @@ class RolesTest extends TestCase public function test_role_cannot_be_deleted_if_default() { - $newRole = $this->createNewRole(); + $newRole = $this->users->createRole(); $this->setSettings(['registration-role' => $newRole->id]); $deletePageUrl = '/settings/roles/delete/' . $newRole->id; @@ -121,11 +121,11 @@ class RolesTest extends TestCase { /** @var Role $adminRole */ $adminRole = Role::query()->where('system_name', '=', 'admin')->first(); - $adminUser = $this->getAdmin(); + $adminUser = $this->users->admin(); $adminRole->users()->where('id', '!=', $adminUser->id)->delete(); $this->assertEquals(1, $adminRole->users()->count()); - $viewerRole = $this->getViewer()->roles()->first(); + $viewerRole = $this->users->viewer()->roles()->first(); $editUrl = '/settings/users/' . $adminUser->id; $resp = $this->actingAs($adminUser)->put($editUrl, [ @@ -169,7 +169,7 @@ class RolesTest extends TestCase $roleA = Role::query()->create(['display_name' => 'Entity Permissions Delete Test']); $page = $this->entities->page(); - $this->entities->setPermissions($page, ['view'], [$roleA]); + $this->permissions->setEntityPermissions($page, ['view'], [$roleA]); $this->assertDatabaseHas('entity_permissions', [ 'role_id' => $roleA->id, @@ -214,7 +214,7 @@ class RolesTest extends TestCase public function test_manage_user_permission() { $this->actingAs($this->user)->get('/settings/users')->assertRedirect('/'); - $this->giveUserPermissions($this->user, ['users-manage']); + $this->permissions->grantUserRolePermissions($this->user, ['users-manage']); $this->actingAs($this->user)->get('/settings/users')->assertOk(); } @@ -222,9 +222,9 @@ class RolesTest extends TestCase { $usersLink = 'href="' . url('/settings/users') . '"'; $this->actingAs($this->user)->get('/')->assertDontSee($usersLink, false); - $this->giveUserPermissions($this->user, ['users-manage']); + $this->permissions->grantUserRolePermissions($this->user, ['users-manage']); $this->actingAs($this->user)->get('/')->assertSee($usersLink, false); - $this->giveUserPermissions($this->user, ['settings-manage', 'users-manage']); + $this->permissions->grantUserRolePermissions($this->user, ['settings-manage', 'users-manage']); $this->actingAs($this->user)->get('/')->assertDontSee($usersLink, false); } @@ -247,7 +247,7 @@ class RolesTest extends TestCase 'name' => 'my_new_name', ]); - $this->giveUserPermissions($this->user, ['users-manage']); + $this->permissions->grantUserRolePermissions($this->user, ['users-manage']); $resp = $this->get($userProfileUrl) ->assertOk(); @@ -269,7 +269,7 @@ class RolesTest extends TestCase { $this->actingAs($this->user)->get('/settings/roles')->assertRedirect('/'); $this->get('/settings/roles/1')->assertRedirect('/'); - $this->giveUserPermissions($this->user, ['user-roles-manage']); + $this->permissions->grantUserRolePermissions($this->user, ['user-roles-manage']); $this->actingAs($this->user)->get('/settings/roles')->assertOk(); $this->get('/settings/roles/1') ->assertOk() @@ -279,7 +279,7 @@ class RolesTest extends TestCase public function test_settings_manage_permission() { $this->actingAs($this->user)->get('/settings/features')->assertRedirect('/'); - $this->giveUserPermissions($this->user, ['settings-manage']); + $this->permissions->grantUserRolePermissions($this->user, ['settings-manage']); $this->get('/settings/features')->assertOk(); $resp = $this->post('/settings/features', []); @@ -295,7 +295,7 @@ class RolesTest extends TestCase $this->actingAs($this->user)->get($page->getUrl())->assertDontSee('Permissions'); $this->get($page->getUrl('/permissions'))->assertRedirect('/'); - $this->giveUserPermissions($this->user, ['restrictions-manage-all']); + $this->permissions->grantUserRolePermissions($this->user, ['restrictions-manage-all']); $this->actingAs($this->user)->get($page->getUrl())->assertSee('Permissions'); @@ -325,7 +325,7 @@ class RolesTest extends TestCase $this->actingAs($this->user)->get($page->getUrl())->assertDontSee('Permissions'); $this->get($page->getUrl('/permissions'))->assertRedirect('/'); - $this->giveUserPermissions($this->user, ['restrictions-manage-own']); + $this->permissions->grantUserRolePermissions($this->user, ['restrictions-manage-own']); // Check can't restrict other's content $this->actingAs($this->user)->get($otherUsersPage->getUrl())->assertDontSee('Permissions'); @@ -350,7 +350,7 @@ class RolesTest extends TestCase $this->withHtml($resp)->assertElementNotContains('.action-buttons', $text); } - $this->giveUserPermissions($this->user, [$permission]); + $this->permissions->grantUserRolePermissions($this->user, [$permission]); foreach ($accessUrls as $url) { $this->actingAs($this->user)->get($url)->assertOk(); @@ -380,7 +380,7 @@ class RolesTest extends TestCase $otherShelf = Bookshelf::query()->first(); $ownShelf = $this->entities->newShelf(['name' => 'test-shelf', 'slug' => 'test-shelf']); $ownShelf->forceFill(['owned_by' => $this->user->id, 'updated_by' => $this->user->id])->save(); - $this->entities->regenPermissions($ownShelf); + $this->permissions->regenerateForEntity($ownShelf); $this->checkAccessPermission('bookshelf-update-own', [ $ownShelf->getUrl('/edit'), @@ -406,12 +406,12 @@ class RolesTest extends TestCase public function test_bookshelves_delete_own_permission() { - $this->giveUserPermissions($this->user, ['bookshelf-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['bookshelf-update-all']); /** @var Bookshelf $otherShelf */ $otherShelf = Bookshelf::query()->first(); $ownShelf = $this->entities->newShelf(['name' => 'test-shelf', 'slug' => 'test-shelf']); $ownShelf->forceFill(['owned_by' => $this->user->id, 'updated_by' => $this->user->id])->save(); - $this->entities->regenPermissions($ownShelf); + $this->permissions->regenerateForEntity($ownShelf); $this->checkAccessPermission('bookshelf-delete-own', [ $ownShelf->getUrl('/delete'), @@ -430,7 +430,7 @@ class RolesTest extends TestCase public function test_bookshelves_delete_all_permission() { - $this->giveUserPermissions($this->user, ['bookshelf-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['bookshelf-update-all']); /** @var Bookshelf $otherShelf */ $otherShelf = Bookshelf::query()->first(); $this->checkAccessPermission('bookshelf-delete-all', [ @@ -486,7 +486,7 @@ class RolesTest extends TestCase public function test_books_delete_own_permission() { - $this->giveUserPermissions($this->user, ['book-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['book-update-all']); /** @var Book $otherBook */ $otherBook = Book::query()->take(1)->get()->first(); $ownBook = $this->entities->createChainBelongingToUser($this->user)['book']; @@ -506,7 +506,7 @@ class RolesTest extends TestCase public function test_books_delete_all_permission() { - $this->giveUserPermissions($this->user, ['book-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['book-update-all']); /** @var Book $otherBook */ $otherBook = Book::query()->take(1)->get()->first(); $this->checkAccessPermission('book-delete-all', [ @@ -585,7 +585,7 @@ class RolesTest extends TestCase public function test_chapter_delete_own_permission() { - $this->giveUserPermissions($this->user, ['chapter-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['chapter-update-all']); /** @var Chapter $otherChapter */ $otherChapter = Chapter::query()->first(); $ownChapter = $this->entities->createChainBelongingToUser($this->user)['chapter']; @@ -607,7 +607,7 @@ class RolesTest extends TestCase public function test_chapter_delete_all_permission() { - $this->giveUserPermissions($this->user, ['chapter-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['chapter-update-all']); /** @var Chapter $otherChapter */ $otherChapter = Chapter::query()->first(); $this->checkAccessPermission('chapter-delete-all', [ @@ -645,7 +645,7 @@ class RolesTest extends TestCase $ownChapter->getUrl() => 'New Page', ]); - $this->giveUserPermissions($this->user, ['page-create-own']); + $this->permissions->grantUserRolePermissions($this->user, ['page-create-own']); foreach ($accessUrls as $index => $url) { $resp = $this->actingAs($this->user)->get($url); @@ -688,7 +688,7 @@ class RolesTest extends TestCase $chapter->getUrl() => 'New Page', ]); - $this->giveUserPermissions($this->user, ['page-create-all']); + $this->permissions->grantUserRolePermissions($this->user, ['page-create-all']); foreach ($accessUrls as $index => $url) { $resp = $this->actingAs($this->user)->get($url); @@ -742,7 +742,7 @@ class RolesTest extends TestCase public function test_page_delete_own_permission() { - $this->giveUserPermissions($this->user, ['page-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['page-update-all']); /** @var Page $otherPage */ $otherPage = Page::query()->first(); $ownPage = $this->entities->createChainBelongingToUser($this->user)['page']; @@ -764,7 +764,7 @@ class RolesTest extends TestCase public function test_page_delete_all_permission() { - $this->giveUserPermissions($this->user, ['page-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['page-update-all']); /** @var Page $otherPage */ $otherPage = Page::query()->first(); @@ -823,7 +823,7 @@ class RolesTest extends TestCase public function test_image_delete_own_permission() { - $this->giveUserPermissions($this->user, ['image-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['image-update-all']); $page = $this->entities->page(); $image = Image::factory()->create([ 'uploaded_to' => $page->id, @@ -833,7 +833,7 @@ class RolesTest extends TestCase $this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertStatus(403); - $this->giveUserPermissions($this->user, ['image-delete-own']); + $this->permissions->grantUserRolePermissions($this->user, ['image-delete-own']); $this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertOk(); $this->assertDatabaseMissing('images', ['id' => $image->id]); @@ -841,18 +841,18 @@ class RolesTest extends TestCase public function test_image_delete_all_permission() { - $this->giveUserPermissions($this->user, ['image-update-all']); - $admin = $this->getAdmin(); + $this->permissions->grantUserRolePermissions($this->user, ['image-update-all']); + $admin = $this->users->admin(); $page = $this->entities->page(); $image = Image::factory()->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]); $this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertStatus(403); - $this->giveUserPermissions($this->user, ['image-delete-own']); + $this->permissions->grantUserRolePermissions($this->user, ['image-delete-own']); $this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertStatus(403); - $this->giveUserPermissions($this->user, ['image-delete-all']); + $this->permissions->grantUserRolePermissions($this->user, ['image-delete-all']); $this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertOk(); $this->assertDatabaseMissing('images', ['id' => $image->id]); @@ -863,7 +863,7 @@ class RolesTest extends TestCase // To cover issue fixed in f99c8ff99aee9beb8c692f36d4b84dc6e651e50a. $page = $this->entities->page(); $viewerRole = Role::getRole('viewer'); - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $this->actingAs($viewer)->get($page->getUrl())->assertOk(); $this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [ @@ -877,18 +877,18 @@ class RolesTest extends TestCase public function test_empty_state_actions_not_visible_without_permission() { - $admin = $this->getAdmin(); + $admin = $this->users->admin(); // Book links $book = Book::factory()->create(['created_by' => $admin->id, 'updated_by' => $admin->id]); - $this->entities->regenPermissions($book); - $this->actingAs($this->getViewer())->get($book->getUrl()) + $this->permissions->regenerateForEntity($book); + $this->actingAs($this->users->viewer())->get($book->getUrl()) ->assertDontSee('Create a new page') ->assertDontSee('Add a chapter'); // Chapter links $chapter = Chapter::factory()->create(['created_by' => $admin->id, 'updated_by' => $admin->id, 'book_id' => $book->id]); - $this->entities->regenPermissions($chapter); - $this->actingAs($this->getViewer())->get($chapter->getUrl()) + $this->permissions->regenerateForEntity($chapter); + $this->actingAs($this->users->viewer())->get($chapter->getUrl()) ->assertDontSee('Create a new page') ->assertDontSee('Sort the current book'); } @@ -901,7 +901,7 @@ class RolesTest extends TestCase ->addComment($ownPage) ->assertStatus(403); - $this->giveUserPermissions($this->user, ['comment-create-all']); + $this->permissions->grantUserRolePermissions($this->user, ['comment-create-all']); $this->actingAs($this->user) ->addComment($ownPage) @@ -911,7 +911,7 @@ class RolesTest extends TestCase public function test_comment_update_own_permission() { $ownPage = $this->entities->createChainBelongingToUser($this->user)['page']; - $this->giveUserPermissions($this->user, ['comment-create-all']); + $this->permissions->grantUserRolePermissions($this->user, ['comment-create-all']); $this->actingAs($this->user)->addComment($ownPage); /** @var Comment $comment */ $comment = $ownPage->comments()->latest()->first(); @@ -919,7 +919,7 @@ class RolesTest extends TestCase // no comment-update-own $this->actingAs($this->user)->updateComment($comment)->assertStatus(403); - $this->giveUserPermissions($this->user, ['comment-update-own']); + $this->permissions->grantUserRolePermissions($this->user, ['comment-update-own']); // now has comment-update-own $this->actingAs($this->user)->updateComment($comment)->assertOk(); @@ -936,7 +936,7 @@ class RolesTest extends TestCase // no comment-update-all $this->actingAs($this->user)->updateComment($comment)->assertStatus(403); - $this->giveUserPermissions($this->user, ['comment-update-all']); + $this->permissions->grantUserRolePermissions($this->user, ['comment-update-all']); // now has comment-update-all $this->actingAs($this->user)->updateComment($comment)->assertOk(); @@ -946,7 +946,7 @@ class RolesTest extends TestCase { /** @var Page $ownPage */ $ownPage = $this->entities->createChainBelongingToUser($this->user)['page']; - $this->giveUserPermissions($this->user, ['comment-create-all']); + $this->permissions->grantUserRolePermissions($this->user, ['comment-create-all']); $this->actingAs($this->user)->addComment($ownPage); /** @var Comment $comment */ @@ -955,7 +955,7 @@ class RolesTest extends TestCase // no comment-delete-own $this->actingAs($this->user)->deleteComment($comment)->assertStatus(403); - $this->giveUserPermissions($this->user, ['comment-delete-own']); + $this->permissions->grantUserRolePermissions($this->user, ['comment-delete-own']); // now has comment-update-own $this->actingAs($this->user)->deleteComment($comment)->assertOk(); @@ -972,7 +972,7 @@ class RolesTest extends TestCase // no comment-delete-all $this->actingAs($this->user)->deleteComment($comment)->assertStatus(403); - $this->giveUserPermissions($this->user, ['comment-delete-all']); + $this->permissions->grantUserRolePermissions($this->user, ['comment-delete-all']); // now has comment-delete-all $this->actingAs($this->user)->deleteComment($comment)->assertOk(); diff --git a/tests/Permissions/Scenarios/EntityRolePermissionsTest.php b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php new file mode 100644 index 000000000..b92ce620b --- /dev/null +++ b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php @@ -0,0 +1,201 @@ +users->newUserWithRole(); + $page = $this->entities->page(); + $this->permissions->setEntityPermissions($page, ['view'], [$role], false); + + $this->assertVisibleToUser($page, $user); + } + + public function test_02_explicit_deny() + { + [$user, $role] = $this->users->newUserWithRole(); + $page = $this->entities->page(); + $this->permissions->setEntityPermissions($page, [], [$role], false); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_03_same_level_conflicting() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $roleB = $this->users->attachNewRole($user); + $page = $this->entities->page(); + + $this->permissions->disableEntityInheritedPermissions($page); + $this->permissions->addEntityPermission($page, [], $roleA); + $this->permissions->addEntityPermission($page, ['view'], $roleB); + + $this->assertVisibleToUser($page, $user); + } + + public function test_20_inherit_allow() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, ['view'], $roleA); + + $this->assertVisibleToUser($page, $user); + } + + public function test_21_inherit_deny() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, [], $roleA); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_22_same_level_conflict_inherit() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $roleB = $this->users->attachNewRole($user); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, [], $roleA); + $this->permissions->addEntityPermission($chapter, ['view'], $roleB); + + $this->assertVisibleToUser($page, $user); + } + + public function test_30_child_inherit_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, [], $roleA); + $this->permissions->addEntityPermission($page, ['view'], $roleA); + + $this->assertVisibleToUser($page, $user); + } + + public function test_31_child_inherit_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, ['view'], $roleA); + $this->permissions->addEntityPermission($page, [], $roleA); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_40_multi_role_inherit_conflict_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $roleB = $this->users->attachNewRole($user); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($page, [], $roleA); + $this->permissions->addEntityPermission($chapter, ['view'], $roleB); + + $this->assertVisibleToUser($page, $user); + } + + public function test_41_multi_role_inherit_conflict_retain_allow() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $roleB = $this->users->attachNewRole($user); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($page, ['view'], $roleA); + $this->permissions->addEntityPermission($chapter, [], $roleB); + + $this->assertVisibleToUser($page, $user); + } + + public function test_50_role_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, ['view'], $roleA); + + $this->assertVisibleToUser($page, $user); + } + + public function test_51_role_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, [], $roleA); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_60_inherited_role_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole([], []); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, ['view'], $roleA); + + $this->assertVisibleToUser($page, $user); + } + + public function test_61_inherited_role_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], $roleA); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_62_inherited_role_override_deny_on_own() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], $roleA); + $this->permissions->changeEntityOwner($page, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_70_multi_role_inheriting_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $roleB = $this->users->attachNewRole($user); + $page = $this->entities->page(); + + $this->permissions->addEntityPermission($page, [], $roleB); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_80_multi_role_inherited_deny_via_parent() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $roleB = $this->users->attachNewRole($user); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + + $this->permissions->addEntityPermission($chapter, [], $roleB); + + $this->assertNotVisibleToUser($page, $user); + } +} diff --git a/tests/Permissions/Scenarios/EntityUserPermissionsTest.php b/tests/Permissions/Scenarios/EntityUserPermissionsTest.php new file mode 100644 index 000000000..4fa805805 --- /dev/null +++ b/tests/Permissions/Scenarios/EntityUserPermissionsTest.php @@ -0,0 +1,209 @@ +users->newUser(); + $page = $this->entities->page(); + $this->permissions->disableEntityInheritedPermissions($page); + $this->permissions->addEntityPermission($page, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_02_explicit_deny() + { + $user = $this->users->newUser(); + $page = $this->entities->page(); + $this->permissions->disableEntityInheritedPermissions($page); + $this->permissions->addEntityPermission($page, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_10_allow_inherit() + { + $user = $this->users->newUser(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_11_deny_inherit() + { + $user = $this->users->newUser(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_12_allow_inherit_override() + { + $user = $this->users->newUser(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, [], null, $user); + $this->permissions->addEntityPermission($page, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_13_deny_inherit_override() + { + $user = $this->users->newUser(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, ['view'], null, $user); + $this->permissions->addEntityPermission($page, ['deny'], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_40_entity_role_override_allow() + { + [$user, $role] = $this->users->newUserWithRole(); + $page = $this->entities->page(); + $this->permissions->disableEntityInheritedPermissions($page); + $this->permissions->addEntityPermission($page, ['view'], null, $user); + $this->permissions->addEntityPermission($page, [], $role); + + $this->assertVisibleToUser($page, $user); + } + + public function test_41_entity_role_override_deny() + { + [$user, $role] = $this->users->newUserWithRole(); + $page = $this->entities->page(); + $this->permissions->disableEntityInheritedPermissions($page); + $this->permissions->addEntityPermission($page, [], null, $user); + $this->permissions->addEntityPermission($page, ['view'], $role); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_42_entity_role_override_allow_via_inherit() + { + [$user, $role] = $this->users->newUserWithRole(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, ['view'], null, $user); + $this->permissions->addEntityPermission($page, [], $role); + + $this->assertVisibleToUser($page, $user); + } + + public function test_43_entity_role_override_deny_via_inherit() + { + [$user, $role] = $this->users->newUserWithRole(); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->disableEntityInheritedPermissions($chapter); + $this->permissions->addEntityPermission($chapter, [], null, $user); + $this->permissions->addEntityPermission($page, ['view'], $role); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_50_role_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole(); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_51_role_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_60_inherited_role_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole([], []); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_61_inherited_role_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_61_inherited_role_override_deny_on_own() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], null, $user); + $this->permissions->changeEntityOwner($page, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_70_all_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole([], []); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, [], $roleA, null); + $this->permissions->addEntityPermission($page, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_71_all_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->page(); + $this->permissions->addEntityPermission($page, ['view'], $roleA, null); + $this->permissions->addEntityPermission($page, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_80_inherited_all_override_allow() + { + [$user, $roleA] = $this->users->newUserWithRole([], []); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, [], $roleA, null); + $this->permissions->addEntityPermission($chapter, ['view'], null, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_81_inherited_all_override_deny() + { + [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->pageWithinChapter(); + $chapter = $page->chapter; + $this->permissions->addEntityPermission($chapter, ['view'], $roleA, null); + $this->permissions->addEntityPermission($chapter, [], null, $user); + + $this->assertNotVisibleToUser($page, $user); + } +} diff --git a/tests/Permissions/Scenarios/PermissionScenarioTestCase.php b/tests/Permissions/Scenarios/PermissionScenarioTestCase.php new file mode 100644 index 000000000..5352f468a --- /dev/null +++ b/tests/Permissions/Scenarios/PermissionScenarioTestCase.php @@ -0,0 +1,38 @@ +actingAs($user); + $funcView = userCan($entity->getMorphClass() . '-view', $entity); + $queryView = $entity->newQuery()->scopes(['visible'])->find($entity->id) !== null; + + $id = $entity->getMorphClass() . ':' . $entity->id; + $msg = "Item [{$id}] should be visible but was not found via "; + $msg .= implode(' and ', array_filter([!$funcView ? 'userCan' : '', !$queryView ? 'query' : ''])); + + static::assertTrue($funcView && $queryView, $msg); + } + + protected function assertNotVisibleToUser(Entity $entity, User $user) + { + $this->actingAs($user); + $funcView = userCan($entity->getMorphClass() . '-view', $entity); + $queryView = $entity->newQuery()->scopes(['visible'])->find($entity->id) !== null; + + $id = $entity->getMorphClass() . ':' . $entity->id; + $msg = "Item [{$id}] should not be visible but was found via "; + $msg .= implode(' and ', array_filter([$funcView ? 'userCan' : '', $queryView ? 'query' : ''])); + + static::assertTrue(!$funcView && !$queryView, $msg); + } +} diff --git a/tests/Permissions/Scenarios/RoleContentPermissionsTest.php b/tests/Permissions/Scenarios/RoleContentPermissionsTest.php new file mode 100644 index 000000000..8b8c9031c --- /dev/null +++ b/tests/Permissions/Scenarios/RoleContentPermissionsTest.php @@ -0,0 +1,59 @@ +users->newUserWithRole([], ['page-view-all']); + $page = $this->entities->page(); + + $this->assertVisibleToUser($page, $user); + } + + public function test_02_deny() + { + [$user] = $this->users->newUserWithRole([], []); + $page = $this->entities->page(); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_10_allow_on_own_with_own() + { + [$user] = $this->users->newUserWithRole([], ['page-view-own']); + $page = $this->entities->page(); + $this->permissions->changeEntityOwner($page, $user); + + $this->assertVisibleToUser($page, $user); + } + + public function test_11_deny_on_other_with_own() + { + [$user] = $this->users->newUserWithRole([], ['page-view-own']); + $page = $this->entities->page(); + $this->permissions->changeEntityOwner($page, $this->users->editor()); + + $this->assertNotVisibleToUser($page, $user); + } + + public function test_20_multiple_role_conflicting_all() + { + [$user] = $this->users->newUserWithRole([], ['page-view-all']); + $this->users->attachNewRole($user, []); + $page = $this->entities->page(); + + $this->assertVisibleToUser($page, $user); + } + + public function test_21_multiple_role_conflicting_own() + { + [$user] = $this->users->newUserWithRole([], ['page-view-own']); + $this->users->attachNewRole($user, []); + $page = $this->entities->page(); + $this->permissions->changeEntityOwner($page, $user); + + $this->assertVisibleToUser($page, $user); + } +} diff --git a/tests/PublicActionTest.php b/tests/PublicActionTest.php index 7e3f7be00..afc7fcef3 100644 --- a/tests/PublicActionTest.php +++ b/tests/PublicActionTest.php @@ -2,7 +2,6 @@ namespace Tests; -use BookStack\Auth\Permissions\JointPermissionBuilder; use BookStack\Auth\Permissions\RolePermission; use BookStack\Auth\Role; use BookStack\Auth\User; @@ -89,7 +88,6 @@ class PublicActionTest extends TestCase foreach (RolePermission::all() as $perm) { $publicRole->attachPermission($perm); } - $this->app->make(JointPermissionBuilder::class)->rebuildForRole($publicRole); user()->clearPermissionCache(); $chapter = $this->entities->chapter(); @@ -173,7 +171,7 @@ class PublicActionTest extends TestCase { $this->setSettings(['app-public' => 'true']); $book = $this->entities->book(); - $this->entities->setPermissions($book); + $this->permissions->setEntityPermissions($book); $resp = $this->get($book->getUrl()); $resp->assertSee('Book not found'); diff --git a/tests/References/ReferencesTest.php b/tests/References/ReferencesTest.php index 148b2197c..4330598ba 100644 --- a/tests/References/ReferencesTest.php +++ b/tests/References/ReferencesTest.php @@ -91,7 +91,7 @@ class ReferencesTest extends TestCase $pageB = $this->entities->page(); $this->createReference($pageB, $page); - $this->entities->setPermissions($pageB); + $this->permissions->setEntityPermissions($pageB); $this->asEditor()->get($page->getUrl('/references'))->assertDontSee($pageB->name); $this->asAdmin()->get($page->getUrl('/references'))->assertSee($pageB->name); diff --git a/tests/Settings/RecycleBinTest.php b/tests/Settings/RecycleBinTest.php index 990df607e..8adc92f25 100644 --- a/tests/Settings/RecycleBinTest.php +++ b/tests/Settings/RecycleBinTest.php @@ -14,7 +14,7 @@ class RecycleBinTest extends TestCase public function test_recycle_bin_routes_permissions() { $page = $this->entities->page(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor)->delete($page->getUrl()); $deletion = Deletion::query()->firstOrFail(); @@ -33,7 +33,7 @@ class RecycleBinTest extends TestCase $this->assertPermissionError($resp); } - $this->giveUserPermissions($editor, ['restrictions-manage-all']); + $this->permissions->grantUserRolePermissions($editor, ['restrictions-manage-all']); foreach ($routes as $route) { [$method, $url] = explode(':', $route); @@ -41,7 +41,7 @@ class RecycleBinTest extends TestCase $this->assertPermissionError($resp); } - $this->giveUserPermissions($editor, ['settings-manage']); + $this->permissions->grantUserRolePermissions($editor, ['settings-manage']); foreach ($routes as $route) { DB::beginTransaction(); @@ -56,7 +56,7 @@ class RecycleBinTest extends TestCase { $page = $this->entities->page(); $book = Book::query()->whereHas('pages')->whereHas('chapters')->withCount(['pages', 'chapters'])->first(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor)->delete($page->getUrl()); $this->actingAs($editor)->delete($book->getUrl()); @@ -73,7 +73,7 @@ class RecycleBinTest extends TestCase { $page = $this->entities->page(); $book = Book::query()->where('id', '!=', $page->book_id)->whereHas('pages')->whereHas('chapters')->with(['pages', 'chapters'])->firstOrFail(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor)->delete($page->getUrl()); $this->actingAs($editor)->delete($book->getUrl()); diff --git a/tests/Settings/RegenerateReferencesTest.php b/tests/Settings/RegenerateReferencesTest.php index 0f3122074..239f50e76 100644 --- a/tests/Settings/RegenerateReferencesTest.php +++ b/tests/Settings/RegenerateReferencesTest.php @@ -32,11 +32,11 @@ class RegenerateReferencesTest extends TestCase public function test_settings_manage_permission_required() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->actingAs($editor)->post('/settings/maintenance/regenerate-references'); $this->assertPermissionError($resp); - $this->giveUserPermissions($editor, ['settings-manage']); + $this->permissions->grantUserRolePermissions($editor, ['settings-manage']); $resp = $this->actingAs($editor)->post('/settings/maintenance/regenerate-references'); $this->assertNotPermissionError($resp); diff --git a/tests/Settings/TestEmailTest.php b/tests/Settings/TestEmailTest.php index 31c51158f..322f90107 100644 --- a/tests/Settings/TestEmailTest.php +++ b/tests/Settings/TestEmailTest.php @@ -20,7 +20,7 @@ class TestEmailTest extends TestCase public function test_send_test_email_endpoint_sends_email_and_redirects_user_and_shows_notification() { Notification::fake(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $sendReq = $this->actingAs($admin)->post('/settings/maintenance/send-test-email'); $sendReq->assertRedirect('/settings/maintenance#image-cleanup'); @@ -37,7 +37,7 @@ class TestEmailTest extends TestCase $exception = new \Exception('A random error occurred when testing an email'); $mockDispatcher->shouldReceive('sendNow')->andThrow($exception); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $sendReq = $this->actingAs($admin)->post('/settings/maintenance/send-test-email'); $sendReq->assertRedirect('/settings/maintenance#image-cleanup'); $this->assertSessionHas('error'); @@ -50,12 +50,12 @@ class TestEmailTest extends TestCase public function test_send_test_email_requires_settings_manage_permission() { Notification::fake(); - $user = $this->getViewer(); + $user = $this->users->viewer(); $sendReq = $this->actingAs($user)->post('/settings/maintenance/send-test-email'); Notification::assertNothingSent(); - $this->giveUserPermissions($user, ['settings-manage']); + $this->permissions->grantUserRolePermissions($user, ['settings-manage']); $sendReq = $this->actingAs($user)->post('/settings/maintenance/send-test-email'); Notification::assertSentTo($user, TestEmail::class); } diff --git a/tests/TestCase.php b/tests/TestCase.php index d0dd7d772..70fd0da1d 100644 --- a/tests/TestCase.php +++ b/tests/TestCase.php @@ -2,11 +2,6 @@ namespace Tests; -use BookStack\Auth\Permissions\JointPermissionBuilder; -use BookStack\Auth\Permissions\PermissionsRepo; -use BookStack\Auth\Permissions\RolePermission; -use BookStack\Auth\Role; -use BookStack\Auth\User; use BookStack\Entities\Models\Entity; use BookStack\Settings\SettingService; use BookStack\Uploads\HttpFetcher; @@ -22,12 +17,15 @@ use Illuminate\Support\Env; use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\Log; use Illuminate\Testing\Assert as PHPUnit; +use Mockery; use Monolog\Handler\TestHandler; use Monolog\Logger; use Psr\Http\Client\ClientInterface; use Ssddanbrown\AssertHtml\TestsHtml; use Tests\Helpers\EntityProvider; +use Tests\Helpers\PermissionsProvider; use Tests\Helpers\TestServiceProvider; +use Tests\Helpers\UserRoleProvider; abstract class TestCase extends BaseTestCase { @@ -35,13 +33,16 @@ abstract class TestCase extends BaseTestCase use DatabaseTransactions; use TestsHtml; - protected ?User $admin = null; - protected ?User $editor = null; protected EntityProvider $entities; + protected UserRoleProvider $users; + protected PermissionsProvider $permissions; protected function setUp(): void { $this->entities = new EntityProvider(); + $this->users = new UserRoleProvider(); + $this->permissions = new PermissionsProvider($this->users); + parent::setUp(); } @@ -70,20 +71,7 @@ abstract class TestCase extends BaseTestCase */ public function asAdmin() { - return $this->actingAs($this->getAdmin()); - } - - /** - * Get the current admin user. - */ - public function getAdmin(): User - { - if (is_null($this->admin)) { - $adminRole = Role::getSystemRole('admin'); - $this->admin = $adminRole->users->first(); - } - - return $this->admin; + return $this->actingAs($this->users->admin()); } /** @@ -91,20 +79,7 @@ abstract class TestCase extends BaseTestCase */ public function asEditor() { - return $this->actingAs($this->getEditor()); - } - - /** - * Get a editor user. - */ - protected function getEditor(): User - { - if ($this->editor === null) { - $editorRole = Role::getRole('editor'); - $this->editor = $editorRole->users->first(); - } - - return $this->editor; + return $this->actingAs($this->users->editor()); } /** @@ -112,28 +87,7 @@ abstract class TestCase extends BaseTestCase */ public function asViewer() { - return $this->actingAs($this->getViewer()); - } - - /** - * Get an instance of a user with 'viewer' permissions. - */ - protected function getViewer(array $attributes = []): User - { - $user = Role::getRole('viewer')->users()->first(); - if (!empty($attributes)) { - $user->forceFill($attributes)->save(); - } - - return $user; - } - - /** - * Get a user that's not a system user such as the guest user. - */ - public function getNormalUser(): User - { - return User::query()->where('system_name', '=', null)->get()->last(); + return $this->actingAs($this->users->viewer()); } /** @@ -147,52 +101,6 @@ abstract class TestCase extends BaseTestCase } } - /** - * Give the given user some permissions. - */ - protected function giveUserPermissions(User $user, array $permissions = []): void - { - $newRole = $this->createNewRole($permissions); - $user->attachRole($newRole); - $user->load('roles'); - $user->clearPermissionCache(); - } - - /** - * Completely remove the given permission name from the given user. - */ - protected function removePermissionFromUser(User $user, string $permissionName) - { - $permissionBuilder = app()->make(JointPermissionBuilder::class); - - /** @var RolePermission $permission */ - $permission = RolePermission::query()->where('name', '=', $permissionName)->firstOrFail(); - - $roles = $user->roles()->whereHas('permissions', function ($query) use ($permission) { - $query->where('id', '=', $permission->id); - })->get(); - - /** @var Role $role */ - foreach ($roles as $role) { - $role->detachPermission($permission); - $permissionBuilder->rebuildForRole($role); - } - - $user->clearPermissionCache(); - } - - /** - * Create a new basic role for testing purposes. - */ - protected function createNewRole(array $permissions = []): Role - { - $permissionRepo = app(PermissionsRepo::class); - $roleData = Role::factory()->make()->toArray(); - $roleData['permissions'] = array_flip($permissions); - - return $permissionRepo->saveNewRole($roleData); - } - /** * Mock the HttpFetcher service and return the given data on fetch. */ diff --git a/tests/ThemeTest.php b/tests/ThemeTest.php index efab53379..ee4f20f30 100644 --- a/tests/ThemeTest.php +++ b/tests/ThemeTest.php @@ -36,7 +36,7 @@ class ThemeTest extends TestCase '; file_put_contents($translationPath . '/entities.php', $customTranslations); - $homeRequest = $this->actingAs($this->getViewer())->get('/'); + $homeRequest = $this->actingAs($this->users->viewer())->get('/'); $this->withHtml($homeRequest)->assertElementContains('header nav', 'Sandwiches'); }); } diff --git a/tests/Unit/FrameworkAssumptionTest.php b/tests/Unit/FrameworkAssumptionTest.php index 54d315de9..d4feff60c 100644 --- a/tests/Unit/FrameworkAssumptionTest.php +++ b/tests/Unit/FrameworkAssumptionTest.php @@ -25,7 +25,7 @@ class FrameworkAssumptionTest extends TestCase // Page has SoftDeletes trait by default, so we apply our custom scope and ensure // it stacks on the global scope to filter out deleted items. $query = Page::query()->scopes('visible')->toSql(); - $this->assertStringContainsString('joint_permissions', $query); + $this->assertStringContainsString('entity_permissions_collapsed', $query); $this->assertStringContainsString('`deleted_at` is null', $query); } } diff --git a/tests/Uploads/AttachmentTest.php b/tests/Uploads/AttachmentTest.php index b6fcb8f69..f2f30ff2e 100644 --- a/tests/Uploads/AttachmentTest.php +++ b/tests/Uploads/AttachmentTest.php @@ -75,7 +75,7 @@ class AttachmentTest extends TestCase { $page = $this->entities->page(); $this->asAdmin(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $fileName = 'upload_test_file.txt'; $expectedResp = [ @@ -137,7 +137,7 @@ class AttachmentTest extends TestCase public function test_attaching_link_to_page() { $page = $this->entities->page(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $this->asAdmin(); $linkReq = $this->call('POST', 'attachments/link', [ @@ -245,15 +245,15 @@ class AttachmentTest extends TestCase public function test_attachment_access_without_permission_shows_404() { - $admin = $this->getAdmin(); - $viewer = $this->getViewer(); + $admin = $this->users->admin(); + $viewer = $this->users->viewer(); $page = $this->entities->page(); /** @var Page $page */ $this->actingAs($admin); $fileName = 'permission_test.txt'; $this->uploadFile($fileName, $page->id); $attachment = Attachment::orderBy('id', 'desc')->take(1)->first(); - $this->entities->setPermissions($page, [], []); + $this->permissions->setEntityPermissions($page, [], []); $this->actingAs($viewer); $attachmentGet = $this->get($attachment->getUrl()); diff --git a/tests/Uploads/DrawioTest.php b/tests/Uploads/DrawioTest.php index 2ed4da7ca..080f05d74 100644 --- a/tests/Uploads/DrawioTest.php +++ b/tests/Uploads/DrawioTest.php @@ -30,7 +30,7 @@ class DrawioTest extends TestCase public function test_drawing_base64_upload() { $page = Page::first(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $upload = $this->postJson('images/drawio', [ @@ -58,7 +58,7 @@ class DrawioTest extends TestCase { config()->set('services.drawio', 'http://cats.com?dog=tree'); $page = Page::first(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->actingAs($editor)->get($page->getUrl('/edit')); $resp->assertSee('drawio-url="http://cats.com?dog=tree"', false); @@ -68,7 +68,7 @@ class DrawioTest extends TestCase { config()->set('services.drawio', true); $page = Page::first(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->actingAs($editor)->get($page->getUrl('/edit')); $resp->assertSee('drawio-url="https://embed.diagrams.net/?embed=1&proto=json&spin=1&configure=1"', false); diff --git a/tests/Uploads/ImageTest.php b/tests/Uploads/ImageTest.php index 0e4065a82..c6e678ff2 100644 --- a/tests/Uploads/ImageTest.php +++ b/tests/Uploads/ImageTest.php @@ -16,7 +16,7 @@ class ImageTest extends TestCase public function test_image_upload() { $page = $this->entities->page(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $this->actingAs($admin); $imgDetails = $this->uploadGalleryImage($page); @@ -40,7 +40,7 @@ class ImageTest extends TestCase public function test_image_display_thumbnail_generation_does_not_increase_image_size() { $page = $this->entities->page(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $this->actingAs($admin); $originalFile = $this->getTestImageFilePath('compressed.png'); @@ -64,7 +64,7 @@ class ImageTest extends TestCase public function test_image_display_thumbnail_generation_for_apng_images_uses_original_file() { $page = $this->entities->page(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $this->actingAs($admin); $imgDetails = $this->uploadGalleryImage($page, 'animated.png'); @@ -76,7 +76,7 @@ class ImageTest extends TestCase public function test_image_edit() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $imgDetails = $this->uploadGalleryImage(); @@ -126,7 +126,7 @@ class ImageTest extends TestCase public function test_image_usage() { $page = $this->entities->page(); - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $imgDetails = $this->uploadGalleryImage($page); @@ -146,7 +146,7 @@ class ImageTest extends TestCase public function test_php_files_cannot_be_uploaded() { $page = $this->entities->page(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $this->actingAs($admin); $fileName = 'bad.php'; @@ -168,7 +168,7 @@ class ImageTest extends TestCase public function test_php_like_files_cannot_be_uploaded() { $page = $this->entities->page(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $this->actingAs($admin); $fileName = 'bad.phtml'; @@ -185,7 +185,7 @@ class ImageTest extends TestCase public function test_files_with_double_extensions_will_get_sanitized() { $page = $this->entities->page(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $this->actingAs($admin); $fileName = 'bad.phtml.png'; @@ -358,7 +358,7 @@ class ImageTest extends TestCase $this->get($expectedUrl)->assertOk(); - $this->entities->setPermissions($page, [], []); + $this->permissions->setEntityPermissions($page, [], []); $resp = $this->get($expectedUrl); $resp->assertNotFound(); @@ -382,7 +382,7 @@ class ImageTest extends TestCase $this->get($expectedUrl)->assertOk(); - $this->entities->setPermissions($page, [], []); + $this->permissions->setEntityPermissions($page, [], []); $resp = $this->get($expectedUrl); $resp->assertNotFound(); @@ -415,7 +415,7 @@ class ImageTest extends TestCase $export = $this->get($pageB->getUrl('/export/html')); $this->assertStringContainsString($encodedImageContent, $export->getContent()); - $this->entities->setPermissions($pageA, [], []); + $this->permissions->setEntityPermissions($pageA, [], []); $export = $this->get($pageB->getUrl('/export/html')); $this->assertStringNotContainsString($encodedImageContent, $export->getContent()); @@ -479,7 +479,7 @@ class ImageTest extends TestCase $imageName = 'first-image.png'; $relPath = $this->getTestImagePath('gallery', $imageName); $this->deleteImage($relPath); - $viewer = $this->getViewer(); + $viewer = $this->users->viewer(); $this->uploadImage($imageName, $page->id); $image = Image::first(); @@ -490,7 +490,7 @@ class ImageTest extends TestCase $resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}"); $this->withHtml($resp)->assertElementNotExists('button#image-manager-delete[title="Delete"]'); - $this->giveUserPermissions($viewer, ['image-delete-all']); + $this->permissions->grantUserRolePermissions($viewer, ['image-delete-all']); $resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}"); $this->withHtml($resp)->assertElementExists('button#image-manager-delete[title="Delete"]'); @@ -509,8 +509,8 @@ class ImageTest extends TestCase public function test_user_image_upload() { - $editor = $this->getEditor(); - $admin = $this->getAdmin(); + $editor = $this->users->editor(); + $admin = $this->users->admin(); $this->actingAs($admin); $file = $this->getTestProfileImage(); @@ -525,7 +525,7 @@ class ImageTest extends TestCase public function test_user_images_deleted_on_user_deletion() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $file = $this->getTestProfileImage(); @@ -555,7 +555,7 @@ class ImageTest extends TestCase public function test_deleted_unused_images() { $page = $this->entities->page(); - $admin = $this->getAdmin(); + $admin = $this->users->admin(); $this->actingAs($admin); $imageName = 'unused-image.png'; diff --git a/tests/User/UserApiTokenTest.php b/tests/User/UserApiTokenTest.php index 716f3614c..93070b712 100644 --- a/tests/User/UserApiTokenTest.php +++ b/tests/User/UserApiTokenTest.php @@ -16,12 +16,12 @@ class UserApiTokenTest extends TestCase public function test_tokens_section_not_visible_without_access_api_permission() { - $user = $this->getViewer(); + $user = $this->users->viewer(); $resp = $this->actingAs($user)->get($user->getEditUrl()); $resp->assertDontSeeText('API Tokens'); - $this->giveUserPermissions($user, ['access-api']); + $this->permissions->grantUserRolePermissions($user, ['access-api']); $resp = $this->actingAs($user)->get($user->getEditUrl()); $resp->assertSeeText('API Tokens'); @@ -30,9 +30,9 @@ class UserApiTokenTest extends TestCase public function test_those_with_manage_users_can_view_other_user_tokens_but_not_create() { - $viewer = $this->getViewer(); - $editor = $this->getEditor(); - $this->giveUserPermissions($viewer, ['users-manage']); + $viewer = $this->users->viewer(); + $editor = $this->users->editor(); + $this->permissions->grantUserRolePermissions($viewer, ['users-manage']); $resp = $this->actingAs($viewer)->get($editor->getEditUrl()); $resp->assertSeeText('API Tokens'); @@ -41,7 +41,7 @@ class UserApiTokenTest extends TestCase public function test_create_api_token() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->asAdmin()->get($editor->getEditUrl('/create-api-token')); $resp->assertStatus(200); @@ -74,7 +74,7 @@ class UserApiTokenTest extends TestCase public function test_create_with_no_expiry_sets_expiry_hundred_years_away() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token', 'expires_at' => '']); $token = ApiToken::query()->latest()->first(); @@ -88,7 +88,7 @@ class UserApiTokenTest extends TestCase public function test_created_token_displays_on_profile_page() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); $token = ApiToken::query()->latest()->first(); @@ -101,7 +101,7 @@ class UserApiTokenTest extends TestCase public function test_secret_shown_once_after_creation() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->asAdmin()->followingRedirects()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); $resp->assertSeeText('Token Secret'); @@ -114,7 +114,7 @@ class UserApiTokenTest extends TestCase public function test_token_update() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); $token = ApiToken::query()->latest()->first(); $updateData = [ @@ -132,7 +132,7 @@ class UserApiTokenTest extends TestCase public function test_token_update_with_blank_expiry_sets_to_hundred_years_away() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); $token = ApiToken::query()->latest()->first(); @@ -152,7 +152,7 @@ class UserApiTokenTest extends TestCase public function test_token_delete() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData); $token = ApiToken::query()->latest()->first(); @@ -171,9 +171,9 @@ class UserApiTokenTest extends TestCase public function test_user_manage_can_delete_token_without_api_permission_themselves() { - $viewer = $this->getViewer(); - $editor = $this->getEditor(); - $this->giveUserPermissions($editor, ['users-manage']); + $viewer = $this->users->viewer(); + $editor = $this->users->editor(); + $this->permissions->grantUserRolePermissions($editor, ['users-manage']); $this->asAdmin()->post($viewer->getEditUrl('/create-api-token'), $this->testTokenData); $token = ApiToken::query()->latest()->first(); diff --git a/tests/User/UserManagementTest.php b/tests/User/UserManagementTest.php index b5cd764da..1c5c040da 100644 --- a/tests/User/UserManagementTest.php +++ b/tests/User/UserManagementTest.php @@ -46,7 +46,7 @@ class UserManagementTest extends TestCase public function test_user_updating() { - $user = $this->getNormalUser(); + $user = $this->users->viewer(); $password = $user->password; $resp = $this->asAdmin()->get('/settings/users/' . $user->id); @@ -65,7 +65,7 @@ class UserManagementTest extends TestCase public function test_user_password_update() { - $user = $this->getNormalUser(); + $user = $this->users->viewer(); $userProfilePage = '/settings/users/' . $user->id; $this->asAdmin()->get($userProfilePage); @@ -113,7 +113,7 @@ class UserManagementTest extends TestCase public function test_delete() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->asAdmin()->delete("settings/users/{$editor->id}"); $resp->assertRedirect('/settings/users'); $resp = $this->followRedirects($resp); @@ -126,7 +126,7 @@ class UserManagementTest extends TestCase public function test_delete_offers_migrate_option() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->asAdmin()->get("settings/users/{$editor->id}/delete"); $resp->assertSee('Migrate Ownership'); $resp->assertSee('new_owner_id'); @@ -134,13 +134,13 @@ class UserManagementTest extends TestCase public function test_migrate_option_hidden_if_user_cannot_manage_users() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $resp = $this->asEditor()->get("settings/users/{$editor->id}/delete"); $resp->assertDontSee('Migrate Ownership'); $resp->assertDontSee('new_owner_id'); - $this->giveUserPermissions($editor, ['users-manage']); + $this->permissions->grantUserRolePermissions($editor, ['users-manage']); $resp = $this->asEditor()->get("settings/users/{$editor->id}/delete"); $resp->assertSee('Migrate Ownership'); @@ -162,7 +162,7 @@ class UserManagementTest extends TestCase public function test_delete_removes_user_preferences() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); setting()->putUser($editor, 'dark-mode-enabled', 'true'); $this->assertDatabaseHas('settings', [ @@ -253,7 +253,7 @@ class UserManagementTest extends TestCase public function test_user_create_update_fails_if_locale_is_invalid() { - $user = $this->getEditor(); + $user = $this->users->editor(); // Too long $resp = $this->asAdmin()->put($user->getEditUrl(), ['language' => 'this_is_too_long']); @@ -274,34 +274,4 @@ class UserManagementTest extends TestCase $resp->assertSessionHasErrors(['language' => 'The language may not be greater than 15 characters.']); $resp->assertSessionHasErrors(['language' => 'The language may only contain letters, numbers, dashes and underscores.']); } - - public function test_role_removal_on_user_edit_removes_all_role_assignments() - { - $user = $this->getEditor(); - - $this->assertEquals(1, $user->roles()->count()); - - // A roles[0] hidden fields is used to indicate the existence of role selection in the submission - // of the user edit form. We check that field is used and emulate its submission. - $resp = $this->asAdmin()->get("/settings/users/{$user->id}"); - $this->withHtml($resp)->assertElementExists('input[type="hidden"][name="roles[0]"][value="0"]'); - - $resp = $this->asAdmin()->put("/settings/users/{$user->id}", [ - 'name' => $user->name, - 'email' => $user->email, - 'roles' => ['0' => '0'], - ]); - $resp->assertRedirect("/settings/users"); - - $this->assertEquals(0, $user->roles()->count()); - } - - public function test_role_form_hidden_indicator_field_does_not_exist_where_roles_cannot_be_managed() - { - $user = $this->getEditor(); - $resp = $this->actingAs($user)->get("/settings/users/{$user->id}"); - $html = $this->withHtml($resp); - $html->assertElementExists('input[name="email"]'); - $html->assertElementNotExists('input[type="hidden"][name="roles[0]"]'); - } } diff --git a/tests/User/UserPreferencesTest.php b/tests/User/UserPreferencesTest.php index 03dad7990..e47a259a5 100644 --- a/tests/User/UserPreferencesTest.php +++ b/tests/User/UserPreferencesTest.php @@ -36,7 +36,7 @@ class UserPreferencesTest extends TestCase public function test_body_has_shortcuts_component_when_active() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $this->withHtml($this->get('/'))->assertElementNotExists('body[component="shortcuts"]'); @@ -47,7 +47,7 @@ class UserPreferencesTest extends TestCase public function test_update_sort_preference() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $updateRequest = $this->patch('/preferences/change-sort/books', [ @@ -70,7 +70,7 @@ class UserPreferencesTest extends TestCase public function test_update_sort_bad_entity_type_handled() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $updateRequest = $this->patch('/preferences/change-sort/dogs', [ @@ -85,7 +85,7 @@ class UserPreferencesTest extends TestCase public function test_update_expansion_preference() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $this->actingAs($editor); $updateRequest = $this->patch('/preferences/change-expansion/home-details', ['expand' => 'true']); @@ -103,7 +103,7 @@ class UserPreferencesTest extends TestCase public function test_toggle_dark_mode() { - $home = $this->actingAs($this->getEditor())->get('/'); + $home = $this->actingAs($this->users->editor())->get('/'); $home->assertSee('Dark Mode'); $this->withHtml($home)->assertElementNotExists('.dark-mode'); @@ -112,7 +112,7 @@ class UserPreferencesTest extends TestCase $prefChange->assertRedirect(); $this->assertEquals(true, setting()->getForCurrentUser('dark-mode-enabled')); - $home = $this->actingAs($this->getEditor())->get('/'); + $home = $this->actingAs($this->users->editor())->get('/'); $this->withHtml($home)->assertElementExists('.dark-mode'); $home->assertDontSee('Dark Mode'); $home->assertSee('Light Mode'); @@ -133,7 +133,7 @@ class UserPreferencesTest extends TestCase public function test_books_view_type_preferences_when_list() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); setting()->putUser($editor, 'books_view_type', 'list'); $resp = $this->actingAs($editor)->get('/books'); @@ -144,7 +144,7 @@ class UserPreferencesTest extends TestCase public function test_books_view_type_preferences_when_grid() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); setting()->putUser($editor, 'books_view_type', 'grid'); $resp = $this->actingAs($editor)->get('/books'); @@ -153,7 +153,7 @@ class UserPreferencesTest extends TestCase public function test_shelf_view_type_change() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $shelf = $this->entities->shelf(); setting()->putUser($editor, 'bookshelf_view_type', 'list'); @@ -175,7 +175,7 @@ class UserPreferencesTest extends TestCase public function test_update_code_language_favourite() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); $page = $this->entities->page(); $this->actingAs($editor); diff --git a/tests/User/UserProfileTest.php b/tests/User/UserProfileTest.php index 77f1644a5..c507e8fa6 100644 --- a/tests/User/UserProfileTest.php +++ b/tests/User/UserProfileTest.php @@ -88,8 +88,8 @@ class UserProfileTest extends TestCase public function test_profile_has_search_links_in_created_entity_lists() { - $user = $this->getEditor(); - $resp = $this->actingAs($this->getAdmin())->get('/user/' . $user->slug); + $user = $this->users->editor(); + $resp = $this->actingAs($this->users->admin())->get('/user/' . $user->slug); $expectedLinks = [ '/search?term=%7Bcreated_by%3A' . $user->slug . '%7D+%7Btype%3Apage%7D', diff --git a/tests/User/UserSearchTest.php b/tests/User/UserSearchTest.php index 243af1186..1b3ca8a35 100644 --- a/tests/User/UserSearchTest.php +++ b/tests/User/UserSearchTest.php @@ -9,8 +9,8 @@ class UserSearchTest extends TestCase { public function test_select_search_matches_by_name() { - $viewer = $this->getViewer(); - $admin = $this->getAdmin(); + $viewer = $this->users->viewer(); + $admin = $this->users->admin(); $resp = $this->actingAs($admin)->get('/search/users/select?search=' . urlencode($viewer->name)); $resp->assertOk(); @@ -30,8 +30,8 @@ class UserSearchTest extends TestCase public function test_select_search_does_not_match_by_email() { - $viewer = $this->getViewer(); - $editor = $this->getEditor(); + $viewer = $this->users->viewer(); + $editor = $this->users->editor(); $resp = $this->actingAs($editor)->get('/search/users/select?search=' . urlencode($viewer->email)); $resp->assertDontSee($viewer->name); @@ -40,13 +40,13 @@ class UserSearchTest extends TestCase public function test_select_requires_right_permission() { $permissions = ['users-manage', 'restrictions-manage-own', 'restrictions-manage-all']; - $user = $this->getViewer(); + $user = $this->users->viewer(); foreach ($permissions as $permission) { $resp = $this->actingAs($user)->get('/search/users/select?search=a'); $this->assertPermissionError($resp); - $this->giveUserPermissions($user, [$permission]); + $this->permissions->grantUserRolePermissions($user, [$permission]); $resp = $this->actingAs($user)->get('/search/users/select?search=a'); $resp->assertOk(); $user->roles()->delete(); @@ -58,7 +58,7 @@ class UserSearchTest extends TestCase { $this->setSettings(['app-public' => true]); $defaultUser = User::getDefault(); - $this->giveUserPermissions($defaultUser, ['users-manage']); + $this->permissions->grantUserRolePermissions($defaultUser, ['users-manage']); $resp = $this->get('/search/users/select?search=a'); $this->assertPermissionError($resp);