github-mirror/BookStack
github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-03-25 07:55:11 +08:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Create additional test helper classes

Browse Source 
Following recent similar actions done for entities.
Required at this stage to provider better & cleaner helpers
for common user and permission actions to built out permission testing.
This commit is contained in:
Dan Brown 2022-12-15 12:29:10 +00:00
parent d54ea1b3ed
commit f844ae0902
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
66 changed files with 595 additions and 514 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
tests/Actions/AuditLogTest.php
View File

@ -23,17 +23,17 @@ class AuditLogTest extends TestCase
public function test_only_accessible_with_right_permissions()
{
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$this->actingAs($viewer);
$resp = $this->get('/settings/audit');
$this->assertPermissionError($resp);
$this->giveUserPermissions($viewer, ['settings-manage']);
$this->permissions->grantUserRolePermissions($viewer, ['settings-manage']);
$resp = $this->get('/settings/audit');
$this->assertPermissionError($resp);
$this->giveUserPermissions($viewer, ['users-manage']);
$this->permissions->grantUserRolePermissions($viewer, ['users-manage']);
$resp = $this->get('/settings/audit');
$resp->assertStatus(200);
$resp->assertSeeText('Audit Log');
@ -41,7 +41,7 @@ class AuditLogTest extends TestCase
public function test_shows_activity()
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
$this->actingAs($admin);
$page = $this->entities->page();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
@ -56,7 +56,7 @@ class AuditLogTest extends TestCase
public function test_shows_name_for_deleted_items()
{
$this->actingAs($this->getAdmin());
$this->actingAs($this->users->admin());
$page = $this->entities->page();
$pageName = $page->name;
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
@ -71,12 +71,12 @@ class AuditLogTest extends TestCase
public function test_shows_activity_for_deleted_users()
{
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$this->actingAs($viewer);
$page = $this->entities->page();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
$this->actingAs($this->getAdmin());
$this->actingAs($this->users->admin());
app(UserRepo::class)->destroy($viewer);
$resp = $this->get('settings/audit');
@ -85,7 +85,7 @@ class AuditLogTest extends TestCase
public function test_filters_by_key()
{
$this->actingAs($this->getAdmin());
$this->actingAs($this->users->admin());
$page = $this->entities->page();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
@ -98,7 +98,7 @@ class AuditLogTest extends TestCase
public function test_date_filters()
{
$this->actingAs($this->getAdmin());
$this->actingAs($this->users->admin());
$page = $this->entities->page();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
@ -120,8 +120,8 @@ class AuditLogTest extends TestCase
public function test_user_filter()
{
$admin = $this->getAdmin();
$editor = $this->getEditor();
$admin = $this->users->admin();
$editor = $this->users->editor();
$this->actingAs($admin);
$page = $this->entities->page();
$this->activityService->add(ActivityType::PAGE_CREATE, $page);
@ -142,7 +142,7 @@ class AuditLogTest extends TestCase
public function test_ip_address_logged_and_visible()
{
config()->set('app.proxies', '*');
$editor = $this->getEditor();
$editor = $this->users->editor();
$page = $this->entities->page();
$this->actingAs($editor)->put($page->getUrl(), [
@ -166,7 +166,7 @@ class AuditLogTest extends TestCase
public function test_ip_address_is_searchable()
{
config()->set('app.proxies', '*');
$editor = $this->getEditor();
$editor = $this->users->editor();
$page = $this->entities->page();
$this->actingAs($editor)->put($page->getUrl(), [
@ -192,7 +192,7 @@ class AuditLogTest extends TestCase
{
config()->set('app.proxies', '*');
config()->set('app.env', 'demo');
$editor = $this->getEditor();
$editor = $this->users->editor();
$page = $this->entities->page();
$this->actingAs($editor)->put($page->getUrl(), [
@ -215,7 +215,7 @@ class AuditLogTest extends TestCase
{
config()->set('app.proxies', '*');
config()->set('app.ip_address_precision', 2);
$editor = $this->getEditor();
$editor = $this->users->editor();
$page = $this->entities->page();
$this->actingAs($editor)->put($page->getUrl(), [

4
tests/Actions/WebhookCallTest.php
View File

@ -88,7 +88,7 @@ class WebhookCallTest extends TestCase
]);
$webhook = $this->newWebhook(['active' => true, 'endpoint' => 'https://wh.example.com'], ['all']);
$page = $this->entities->page();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->runEvent(ActivityType::PAGE_UPDATE, $page, $editor);
@ -111,7 +111,7 @@ class WebhookCallTest extends TestCase
protected function runEvent(string $event, $detail = '', ?User $user = null)
{
if (is_null($user)) {
$user = $this->getEditor();
$user = $this->users->editor();
}
$this->actingAs($user);

2
tests/Actions/WebhookFormatTesting.php
View File

@ -41,7 +41,7 @@ class WebhookFormatTesting extends TestCase
protected function getWebhookData(string $event, $detail): array
{
$webhook = Webhook::factory()->make();
$user = $this->getEditor();
$user = $this->users->editor();
$formatter = WebhookFormatter::getDefault($event, $webhook, $detail, $user, time());
return $formatter->format();

4
tests/Actions/WebhookManagementTest.php
View File

@ -135,7 +135,7 @@ class WebhookManagementTest extends TestCase
public function test_settings_manage_permission_required_for_webhook_routes()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$routes = [
@ -153,7 +153,7 @@ class WebhookManagementTest extends TestCase
$this->assertPermissionError($resp);
}
$this->giveUserPermissions($editor, ['settings-manage']);
$this->permissions->grantUserRolePermissions($editor, ['settings-manage']);
foreach ($routes as [$method, $endpoint]) {
$resp = $this->call($method, $endpoint);

14
tests/Api/ApiAuthTest.php
View File

@ -16,8 +16,8 @@ class ApiAuthTest extends TestCase
public function test_requests_succeed_with_default_auth()
{
$viewer = $this->getViewer();
$this->giveUserPermissions($viewer, ['access-api']);
$viewer = $this->users->viewer();
$this->permissions->grantUserRolePermissions($viewer, ['access-api']);
$resp = $this->get($this->endpoint);
$resp->assertStatus(401);
@ -63,7 +63,7 @@ class ApiAuthTest extends TestCase
auth()->logout();
$accessApiPermission = RolePermission::getByName('access-api');
$editorRole = $this->getEditor()->roles()->first();
$editorRole = $this->users->editor()->roles()->first();
$editorRole->detachPermission($accessApiPermission);
$resp = $this->get($this->endpoint, $this->apiAuthHeader());
@ -73,7 +73,7 @@ class ApiAuthTest extends TestCase
public function test_api_access_permission_required_to_access_api_with_session_auth()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor, 'standard');
$resp = $this->get($this->endpoint);
@ -81,7 +81,7 @@ class ApiAuthTest extends TestCase
auth('standard')->logout();
$accessApiPermission = RolePermission::getByName('access-api');
$editorRole = $this->getEditor()->roles()->first();
$editorRole = $this->users->editor()->roles()->first();
$editorRole->detachPermission($accessApiPermission);
$editor = User::query()->where('id', '=', $editor->id)->first();
@ -114,7 +114,7 @@ class ApiAuthTest extends TestCase
public function test_token_expiry_checked()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$token = $editor->apiTokens()->first();
$resp = $this->get($this->endpoint, $this->apiAuthHeader());
@ -130,7 +130,7 @@ class ApiAuthTest extends TestCase
public function test_email_confirmation_checked_using_api_auth()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$editor->email_confirmed = false;
$editor->save();

8
tests/Api/AttachmentsApiTest.php
View File

@ -50,7 +50,7 @@ class AttachmentsApiTest extends TestCase
],
]]);
$this->entities->setPermissions($page, [], []);
$this->permissions->setEntityPermissions($page, [], []);
$resp = $this->getJson($this->baseEndpoint . '?count=1&sort=+id');
$resp->assertJsonMissing(['data' => [
@ -246,13 +246,13 @@ class AttachmentsApiTest extends TestCase
public function test_attachment_not_visible_on_other_users_draft()
{
$this->actingAsApiAdmin();
$editor = $this->getEditor();
$editor = $this->users->editor();
$page = $this->entities->page();
$page->draft = true;
$page->owned_by = $editor->id;
$page->save();
$this->entities->regenPermissions($page);
$this->permissions->regenerateForEntity($page);
$attachment = $this->createAttachmentForPage($page, [
'name' => 'my attachment',
@ -342,7 +342,7 @@ class AttachmentsApiTest extends TestCase
protected function createAttachmentForPage(Page $page, $attributes = []): Attachment
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
/** @var Attachment $attachment */
$attachment = $page->attachments()->forceCreate(array_merge([
'uploaded_to' => $page->id,

2
tests/Api/BooksApiTest.php
View File

@ -246,7 +246,7 @@ class BooksApiTest extends TestCase
{
$types = ['html', 'plaintext', 'pdf', 'markdown'];
$this->actingAsApiEditor();
$this->removePermissionFromUser($this->getEditor(), 'content-export');
$this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);
$book = $this->entities->book();
foreach ($types as $type) {

2
tests/Api/ChaptersApiTest.php
View File

@ -221,7 +221,7 @@ class ChaptersApiTest extends TestCase
{
$types = ['html', 'plaintext', 'pdf', 'markdown'];
$this->actingAsApiEditor();
$this->removePermissionFromUser($this->getEditor(), 'content-export');
$this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);
$chapter = Chapter::visible()->has('pages')->first();
foreach ($types as $type) {

4
tests/Api/PagesApiTest.php
View File

@ -209,7 +209,7 @@ class PagesApiTest extends TestCase
$this->actingAsApiEditor();
$page = $this->entities->page();
$chapter = Chapter::visible()->where('book_id', '!=', $page->book_id)->first();
$this->entities->setPermissions($chapter, ['view'], [$this->getEditor()->roles()->first()]);
$this->permissions->setEntityPermissions($chapter, ['view'], [$this->users->editor()->roles()->first()]);
$details = [
'name' => 'My updated API page',
'chapter_id' => $chapter->id,
@ -315,7 +315,7 @@ class PagesApiTest extends TestCase
{
$types = ['html', 'plaintext', 'pdf', 'markdown'];
$this->actingAsApiEditor();
$this->removePermissionFromUser($this->getEditor(), 'content-export');
$this->permissions->removeUserRolePermissions($this->users->editor(), ['content-export']);
$page = $this->entities->page();
foreach ($types as $type) {

14
tests/Api/RecycleBinApiTest.php
View File

@ -21,8 +21,8 @@ class RecycleBinApiTest extends TestCase
public function test_settings_manage_permission_needed_for_all_endpoints()
{
$editor = $this->getEditor();
$this->giveUserPermissions($editor, ['settings-manage']);
$editor = $this->users->editor();
$this->permissions->grantUserRolePermissions($editor, ['settings-manage']);
$this->actingAs($editor);
foreach ($this->endpointMap as [$method, $uri]) {
@ -34,8 +34,8 @@ class RecycleBinApiTest extends TestCase
public function test_restrictions_manage_all_permission_needed_for_all_endpoints()
{
$editor = $this->getEditor();
$this->giveUserPermissions($editor, ['restrictions-manage-all']);
$editor = $this->users->editor();
$this->permissions->grantUserRolePermissions($editor, ['restrictions-manage-all']);
$this->actingAs($editor);
foreach ($this->endpointMap as [$method, $uri]) {
@ -47,7 +47,7 @@ class RecycleBinApiTest extends TestCase
public function test_index_endpoint_returns_expected_page()
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
$page = $this->entities->page();
$book = $this->entities->book();
@ -82,7 +82,7 @@ class RecycleBinApiTest extends TestCase
public function test_index_endpoint_returns_children_count()
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
$book = Book::query()->whereHas('pages')->whereHas('chapters')->withCount(['pages', 'chapters'])->first();
$this->actingAs($admin)->delete($book->getUrl());
@ -109,7 +109,7 @@ class RecycleBinApiTest extends TestCase
public function test_index_endpoint_returns_parent()
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
$page = $this->entities->pageWithinChapter();
$this->actingAs($admin)->delete($page->getUrl());

4
tests/Api/TestsApi.php
View File

@ -12,7 +12,7 @@ trait TestsApi
*/
protected function actingAsApiEditor()
{
$this->actingAs($this->getEditor(), 'api');
$this->actingAs($this->users->editor(), 'api');
return $this;
}
@ -22,7 +22,7 @@ trait TestsApi
*/
protected function actingAsApiAdmin()
{
$this->actingAs($this->getAdmin(), 'api');
$this->actingAs($this->users->admin(), 'api');
return $this;
}

8
tests/Api/UsersApiTest.php
View File

@ -175,7 +175,7 @@ class UsersApiTest extends TestCase
{
$this->actingAsApiAdmin();
/** @var User $user */
$user = $this->getAdmin();
$user = $this->users->admin();
$roles = Role::query()->pluck('id');
$resp = $this->putJson($this->baseEndpoint . "/{$user->id}", [
'name' => 'My updated user',
@ -204,7 +204,7 @@ class UsersApiTest extends TestCase
{
$this->actingAsApiAdmin();
/** @var User $user */
$user = $this->getAdmin();
$user = $this->users->admin();
$roleCount = $user->roles()->count();
$resp = $this->putJson($this->baseEndpoint . "/{$user->id}", []);
@ -222,7 +222,7 @@ class UsersApiTest extends TestCase
{
$this->actingAsApiAdmin();
/** @var User $user */
$user = User::query()->where('id', '!=', $this->getAdmin()->id)
$user = User::query()->where('id', '!=', $this->users->admin()->id)
->whereNull('system_name')
->first();
@ -236,7 +236,7 @@ class UsersApiTest extends TestCase
{
$this->actingAsApiAdmin();
/** @var User $user */
$user = User::query()->where('id', '!=', $this->getAdmin()->id)
$user = User::query()->where('id', '!=', $this->users->admin()->id)
->whereNull('system_name')
->first();
$entityChain = $this->entities->createChainBelongingToUser($user);

6
tests/Auth/AuthTest.php
View File

@ -44,7 +44,7 @@ class AuthTest extends TestCase
public function test_mfa_session_cleared_on_logout()
{
$user = $this->getEditor();
$user = $this->users->editor();
$mfaSession = $this->app->make(MfaSession::class);
$mfaSession->markVerifiedForUser($user);
@ -94,7 +94,7 @@ class AuthTest extends TestCase
public function test_login_authenticates_nonadmins_on_default_guard_only()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$editor->password = bcrypt('password');
$editor->save();
@ -120,7 +120,7 @@ class AuthTest extends TestCase
public function test_logged_in_user_with_unconfirmed_email_is_logged_out()
{
$this->setSettings(['registration-confirmation' => 'true']);
$user = $this->getEditor();
$user = $this->users->editor();
$user->email_confirmed = false;
$user->save();

8
tests/Auth/GroupSyncServiceTest.php
View File

@ -11,7 +11,7 @@ class GroupSyncServiceTest extends TestCase
{
public function test_user_is_assigned_to_matching_roles()
{
$user = $this->getViewer();
$user = $this->users->viewer();
$roleA = Role::factory()->create(['display_name' => 'Wizards']);
$roleB = Role::factory()->create(['display_name' => 'Gremlins']);
@ -33,7 +33,7 @@ class GroupSyncServiceTest extends TestCase
public function test_multiple_values_in_role_external_auth_id_handled()
{
$user = $this->getViewer();
$user = $this->users->viewer();
$role = Role::factory()->create(['display_name' => 'ABC123', 'external_auth_id' => 'sales, engineering, developers, marketers']);
$this->assertFalse($user->hasRole($role->id));
@ -45,7 +45,7 @@ class GroupSyncServiceTest extends TestCase
public function test_commas_can_be_used_in_external_auth_id_if_escaped()
{
$user = $this->getViewer();
$user = $this->users->viewer();
$role = Role::factory()->create(['display_name' => 'ABC123', 'external_auth_id' => 'sales\,-developers, marketers']);
$this->assertFalse($user->hasRole($role->id));
@ -57,7 +57,7 @@ class GroupSyncServiceTest extends TestCase
public function test_external_auth_id_matches_ignoring_case()
{
$user = $this->getViewer();
$user = $this->users->viewer();
$role = Role::factory()->create(['display_name' => 'ABC123', 'external_auth_id' => 'WaRRioRs']);
$this->assertFalse($user->hasRole($role->id));

4
tests/Auth/LdapTest.php
View File

@ -235,7 +235,7 @@ class LdapTest extends TestCase
public function test_user_edit_form()
{
$editUser = $this->getNormalUser();
$editUser = $this->users->viewer();
$editPage = $this->asAdmin()->get("/settings/users/{$editUser->id}");
$editPage->assertSee('Edit User');
$editPage->assertDontSee('Password');
@ -257,7 +257,7 @@ class LdapTest extends TestCase
public function test_non_admins_cannot_change_auth_id()
{
$testUser = $this->getNormalUser();
$testUser = $this->users->viewer();
$this->actingAs($testUser)
->get('/settings/users/' . $testUser->id)
->assertDontSee('External Authentication');

2
tests/Auth/LoginAutoInitiateTest.php
View File

@ -70,7 +70,7 @@ class LoginAutoInitiateTest extends TestCase
config()->set([
'auth.method' => 'oidc',
]);
$this->actingAs($this->getEditor());
$this->actingAs($this->users->editor());
$req = $this->post('/logout');
$req->assertRedirect('/login?prevent_auto_init=true');

18
tests/Auth/MfaConfigurationTest.php
View File

@ -13,7 +13,7 @@ class MfaConfigurationTest extends TestCase
{
public function test_totp_setup()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->assertDatabaseMissing('mfa_values', ['user_id' => $editor->id]);
// Setup page state
@ -66,7 +66,7 @@ class MfaConfigurationTest extends TestCase
public function test_backup_codes_setup()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->assertDatabaseMissing('mfa_values', ['user_id' => $editor->id]);
// Setup page state
@ -112,8 +112,8 @@ class MfaConfigurationTest extends TestCase
public function test_mfa_method_count_is_visible_on_user_edit_page()
{
$user = $this->getEditor();
$resp = $this->actingAs($this->getAdmin())->get($user->getEditUrl());
$user = $this->users->editor();
$resp = $this->actingAs($this->users->admin())->get($user->getEditUrl());
$resp->assertSee('0 methods configured');
MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, 'test');
@ -127,17 +127,17 @@ class MfaConfigurationTest extends TestCase
public function test_mfa_setup_link_only_shown_when_viewing_own_user_edit_page()
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
$resp = $this->actingAs($admin)->get($admin->getEditUrl());
$this->withHtml($resp)->assertElementExists('a[href$="/mfa/setup"]');
$resp = $this->actingAs($admin)->get($this->getEditor()->getEditUrl());
$resp = $this->actingAs($admin)->get($this->users->editor()->getEditUrl());
$this->withHtml($resp)->assertElementNotExists('a[href$="/mfa/setup"]');
}
public function test_mfa_indicator_shows_in_user_list()
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
User::query()->where('id', '!=', $admin->id)->delete();
$resp = $this->actingAs($admin)->get('/settings/users');
@ -150,7 +150,7 @@ class MfaConfigurationTest extends TestCase
public function test_remove_mfa_method()
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test');
$this->assertEquals(1, $admin->mfaValues()->count());
@ -168,7 +168,7 @@ class MfaConfigurationTest extends TestCase
public function test_totp_setup_url_shows_correct_user_when_setup_forced_upon_login()
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
/** @var Role $role */
$role = $admin->roles()->first();
$role->mfa_enforced = true;

10
tests/Auth/MfaVerificationTest.php
View File

@ -140,7 +140,7 @@ class MfaVerificationTest extends TestCase
public function test_both_mfa_options_available_if_set_on_profile()
{
$user = $this->getEditor();
$user = $this->users->editor();
$user->password = Hash::make('password');
$user->save();
@ -165,7 +165,7 @@ class MfaVerificationTest extends TestCase
public function test_mfa_required_with_no_methods_leads_to_setup()
{
$user = $this->getEditor();
$user = $this->users->editor();
$user->password = Hash::make('password');
$user->save();
/** @var Role $role */
@ -222,7 +222,7 @@ class MfaVerificationTest extends TestCase
// Attempted login user, who has configured mfa, access
// Sets up user that has MFA required after attempted login.
$loginService = $this->app->make(LoginService::class);
$user = $this->getEditor();
$user = $this->users->editor();
/** @var Role $role */
$role = $user->roles->first();
$role->mfa_enforced = true;
@ -257,7 +257,7 @@ class MfaVerificationTest extends TestCase
protected function startTotpLogin(): array
{
$secret = $this->app->make(TotpService::class)->generateSecret();
$user = $this->getEditor();
$user = $this->users->editor();
$user->password = Hash::make('password');
$user->save();
MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, $secret);
@ -274,7 +274,7 @@ class MfaVerificationTest extends TestCase
*/
protected function startBackupCodeLogin($codes = ['kzzu6-1pgll', 'bzxnf-plygd', 'bwdsp-ysl51', '1vo93-ioy7n', 'lf7nw-wdyka', 'xmtrd-oplac']): array
{
$user = $this->getEditor();
$user = $this->users->editor();
$user->password = Hash::make('password');
$user->save();
MfaValue::upsertWithValue($user, MfaValue::METHOD_BACKUP_CODES, json_encode($codes));

6
tests/Auth/OidcTest.php
View File

@ -93,7 +93,7 @@ class OidcTest extends TestCase
public function test_logout_route_functions()
{
$this->actingAs($this->getEditor());
$this->actingAs($this->users->editor());
$this->post('/logout');
$this->assertFalse(auth()->check());
}
@ -228,7 +228,7 @@ class OidcTest extends TestCase
public function test_auth_login_as_existing_user()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$editor->external_auth_id = 'benny505';
$editor->save();
@ -245,7 +245,7 @@ class OidcTest extends TestCase
public function test_auth_login_as_existing_user_email_with_different_auth_id_fails()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$editor->external_auth_id = 'editor101';
$editor->save();

2
tests/Auth/ResetPasswordTest.php
View File

@ -85,7 +85,7 @@ class ResetPasswordTest extends TestCase
public function test_reset_request_is_throttled()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
Notification::fake();
$this->get('/password/email');
$this->followingRedirects()->post('/password/email', [

2
tests/Auth/Saml2Test.php
View File

@ -170,7 +170,7 @@ class Saml2Test extends TestCase
'saml2.onelogin.strict' => false,
]);
$resp = $this->actingAs($this->getEditor())->get('/');
$resp = $this->actingAs($this->users->editor())->get('/');
$this->withHtml($resp)->assertElementContains('form[action$="/saml2/logout"] button', 'Logout');
}

6
tests/Auth/SocialAuthTest.php
View File

@ -77,18 +77,18 @@ class SocialAuthTest extends TestCase
// Test social callback with matching social account
DB::table('social_accounts')->insert([
'user_id' => $this->getAdmin()->id,
'user_id' => $this->users->admin()->id,
'driver' => 'github',
'driver_id' => 'logintest123',
]);
$resp = $this->followingRedirects()->get('/login/service/github/callback');
$resp->assertDontSee('login-form');
$this->assertActivityExists(ActivityType::AUTH_LOGIN, null, 'github; (' . $this->getAdmin()->id . ') ' . $this->getAdmin()->name);
$this->assertActivityExists(ActivityType::AUTH_LOGIN, null, 'github; (' . $this->users->admin()->id . ') ' . $this->users->admin()->name);
}
public function test_social_account_detach()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
config([
'GITHUB_APP_ID' => 'abc123', 'GITHUB_APP_SECRET' => '123abc',
'APP_URL' => 'http://localhost',

10
tests/Auth/UserInviteTest.php
View File

@ -17,7 +17,7 @@ class UserInviteTest extends TestCase
public function test_user_creation_creates_invite()
{
Notification::fake();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$email = Str::random(16) . '@example.com';
$resp = $this->actingAs($admin)->post('/settings/users/create', [
@ -38,7 +38,7 @@ class UserInviteTest extends TestCase
public function test_user_invite_sent_in_selected_language()
{
Notification::fake();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$email = Str::random(16) . '@example.com';
$resp = $this->actingAs($admin)->post('/settings/users/create', [
@ -62,7 +62,7 @@ class UserInviteTest extends TestCase
public function test_invite_set_password()
{
Notification::fake();
$user = $this->getViewer();
$user = $this->users->viewer();
$inviteService = app(UserInviteService::class);
$inviteService->sendInvitation($user);
@ -91,7 +91,7 @@ class UserInviteTest extends TestCase
public function test_invite_set_has_password_validation()
{
Notification::fake();
$user = $this->getViewer();
$user = $this->users->viewer();
$inviteService = app(UserInviteService::class);
$inviteService->sendInvitation($user);
@ -126,7 +126,7 @@ class UserInviteTest extends TestCase
public function test_token_expires_after_two_weeks()
{
Notification::fake();
$user = $this->getViewer();
$user = $this->users->viewer();
$inviteService = app(UserInviteService::class);
$inviteService->sendInvitation($user);

2
tests/Commands/ClearActivityCommandTest.php
View File

@ -19,7 +19,7 @@ class ClearActivityCommandTest extends TestCase
$this->assertDatabaseHas('activities', [
'type' => 'page_update',
'entity_id' => $page->id,
'user_id' => $this->getEditor()->id,
'user_id' => $this->users->editor()->id,
]);
DB::rollBack();

4
tests/Commands/ClearViewsCommandTest.php
View File

@ -16,7 +16,7 @@ class ClearViewsCommandTest extends TestCase
$this->get($page->getUrl());
$this->assertDatabaseHas('views', [
'user_id' => $this->getEditor()->id,
'user_id' => $this->users->editor()->id,
'viewable_id' => $page->id,
'views' => 1,
]);
@ -27,7 +27,7 @@ class ClearViewsCommandTest extends TestCase
$this->assertTrue($exitCode === 0, 'Command executed successfully');
$this->assertDatabaseMissing('views', [
'user_id' => $this->getEditor()->id,
'user_id' => $this->users->editor()->id,
]);
}
}

8
tests/Commands/CopyShelfPermissionsCommandTest.php
View File

@ -18,11 +18,11 @@ class CopyShelfPermissionsCommandTest extends TestCase
{
$shelf = $this->entities->shelf();
$child = $shelf->books()->first();
$editorRole = $this->getEditor()->roles()->first();
$editorRole = $this->users->editor()->roles()->first();
$this->assertFalse($child->hasPermissions(), 'Child book should not be restricted by default');
$this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default');
$this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]);
$this->permissions->setEntityPermissions($shelf, ['view', 'update'], [$editorRole]);
$this->artisan('bookstack:copy-shelf-permissions', [
'--slug' => $shelf->slug,
]);
@ -43,11 +43,11 @@ class CopyShelfPermissionsCommandTest extends TestCase
$shelf = $this->entities->shelf();
Bookshelf::query()->where('id', '!=', $shelf->id)->delete();
$child = $shelf->books()->first();
$editorRole = $this->getEditor()->roles()->first();
$editorRole = $this->users->editor()->roles()->first();
$this->assertFalse($child->hasPermissions(), 'Child book should not be restricted by default');
$this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default');
$this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]);
$this->permissions->setEntityPermissions($shelf, ['view', 'update'], [$editorRole]);
$this->artisan('bookstack:copy-shelf-permissions --all')
->expectsQuestion('Permission settings for all shelves will be cascaded. Books assigned to multiple shelves will receive only the permissions of it\'s last processed shelf. Are you sure you want to proceed?', 'y');
$child = $shelf->books()->first();

28
tests/Entity/BookShelfTest.php
View File

@ -16,21 +16,21 @@ class BookShelfTest extends TestCase
public function test_shelves_shows_in_header_if_have_view_permissions()
{
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$resp = $this->actingAs($viewer)->get('/');
$this->withHtml($resp)->assertElementContains('header', 'Shelves');
$viewer->roles()->delete();
$this->giveUserPermissions($viewer);
$this->permissions->grantUserRolePermissions($viewer);
$resp = $this->actingAs($viewer)->get('/');
$this->withHtml($resp)->assertElementNotContains('header', 'Shelves');
$this->giveUserPermissions($viewer, ['bookshelf-view-all']);
$this->permissions->grantUserRolePermissions($viewer, ['bookshelf-view-all']);
$resp = $this->actingAs($viewer)->get('/');
$this->withHtml($resp)->assertElementContains('header', 'Shelves');
$viewer->roles()->delete();
$this->giveUserPermissions($viewer, ['bookshelf-view-own']);
$this->permissions->grantUserRolePermissions($viewer, ['bookshelf-view-own']);
$resp = $this->actingAs($viewer)->get('/');
$this->withHtml($resp)->assertElementContains('header', 'Shelves');
}
@ -38,14 +38,14 @@ class BookShelfTest extends TestCase
public function test_shelves_shows_in_header_if_have_any_shelve_view_permission()
{
$user = User::factory()->create();
$this->giveUserPermissions($user, ['image-create-all']);
$this->permissions->grantUserRolePermissions($user, ['image-create-all']);
$shelf = $this->entities->shelf();
$userRole = $user->roles()->first();
$resp = $this->actingAs($user)->get('/');
$this->withHtml($resp)->assertElementNotContains('header', 'Shelves');
$this->entities->setPermissions($shelf, ['view'], [$userRole]);
$this->permissions->setEntityPermissions($shelf, ['view'], [$userRole]);
$resp = $this->get('/');
$this->withHtml($resp)->assertElementContains('header', 'Shelves');
@ -69,7 +69,7 @@ class BookShelfTest extends TestCase
$resp->assertSee($book->name);
$resp->assertSee($book->getUrl());
$this->entities->setPermissions($book, []);
$this->permissions->setEntityPermissions($book, []);
$resp = $this->asEditor()->get('/shelves');
$resp->assertDontSee($book->name);
@ -93,7 +93,7 @@ class BookShelfTest extends TestCase
],
]));
$resp->assertRedirect();
$editorId = $this->getEditor()->id;
$editorId = $this->users->editor()->id;
$this->assertDatabaseHas('bookshelves', array_merge($shelfInfo, ['created_by' => $editorId, 'updated_by' => $editorId]));
$shelf = Bookshelf::where('name', '=', $shelfInfo['name'])->first();
@ -186,13 +186,13 @@ class BookShelfTest extends TestCase
$this->withHtml($resp)->assertElementContains('.book-content a.grid-card:nth-child(1)', $books[0]->name);
$this->withHtml($resp)->assertElementNotContains('.book-content a.grid-card:nth-child(3)', $books[0]->name);
setting()->putUser($this->getEditor(), 'shelf_books_sort_order', 'desc');
setting()->putUser($this->users->editor(), 'shelf_books_sort_order', 'desc');
$resp = $this->asEditor()->get($shelf->getUrl());
$this->withHtml($resp)->assertElementNotContains('.book-content a.grid-card:nth-child(1)', $books[0]->name);
$this->withHtml($resp)->assertElementContains('.book-content a.grid-card:nth-child(3)', $books[0]->name);
setting()->putUser($this->getEditor(), 'shelf_books_sort_order', 'desc');
setting()->putUser($this->getEditor(), 'shelf_books_sort', 'name');
setting()->putUser($this->users->editor(), 'shelf_books_sort_order', 'desc');
setting()->putUser($this->users->editor(), 'shelf_books_sort', 'name');
$resp = $this->asEditor()->get($shelf->getUrl());
$this->withHtml($resp)->assertElementContains('.book-content a.grid-card:nth-child(1)', 'hdgfgdfg');
$this->withHtml($resp)->assertElementContains('.book-content a.grid-card:nth-child(2)', 'bsfsdfsdfsd');
@ -224,7 +224,7 @@ class BookShelfTest extends TestCase
$resp->assertRedirect($shelf->getUrl());
$this->assertSessionHas('success');
$editorId = $this->getEditor()->id;
$editorId = $this->users->editor()->id;
$this->assertDatabaseHas('bookshelves', array_merge($shelfInfo, ['id' => $shelf->id, 'created_by' => $editorId, 'updated_by' => $editorId]));
$shelfPage = $this->get($shelf->getUrl());
@ -294,11 +294,11 @@ class BookShelfTest extends TestCase
$resp->assertSee("action=\"{$shelf->getUrl('/copy-permissions')}\"", false);
$child = $shelf->books()->first();
$editorRole = $this->getEditor()->roles()->first();
$editorRole = $this->users->editor()->roles()->first();
$this->assertFalse($child->hasPermissions(), 'Child book should not be restricted by default');
$this->assertTrue($child->permissions()->count() === 0, 'Child book should have no permissions by default');
$this->entities->setPermissions($shelf, ['view', 'update'], [$editorRole]);
$this->permissions->setEntityPermissions($shelf, ['view', 'update'], [$editorRole]);
$resp = $this->post($shelf->getUrl('/copy-permissions'));
$child = $shelf->books()->first();

14
tests/Entity/BookTest.php
View File

@ -221,7 +221,7 @@ class BookTest extends TestCase
public function test_books_view_shows_view_toggle_option()
{
/** @var Book $book */
$editor = $this->getEditor();
$editor = $this->users->editor();
setting()->putUser($editor, 'books_view_type', 'list');
$resp = $this->actingAs($editor)->get('/books');
@ -304,7 +304,7 @@ class BookTest extends TestCase
// Hide child content
/** @var BookChild $page */
foreach ($book->getDirectChildren() as $child) {
$this->entities->setPermissions($child, [], []);
$this->permissions->setEntityPermissions($child, [], []);
}
$this->asEditor()->post($book->getUrl('/copy'), ['name' => 'My copy book']);
@ -318,8 +318,8 @@ class BookTest extends TestCase
{
/** @var Book $book */
$book = Book::query()->whereHas('chapters')->whereHas('directPages')->whereHas('chapters')->first();
$viewer = $this->getViewer();
$this->giveUserPermissions($viewer, ['book-create-all']);
$viewer = $this->users->viewer();
$this->permissions->grantUserRolePermissions($viewer, ['book-create-all']);
$this->actingAs($viewer)->post($book->getUrl('/copy'), ['name' => 'My copy book']);
/** @var Book $copy */
@ -354,9 +354,9 @@ class BookTest extends TestCase
$shelfA->appendBook($book);
$shelfB->appendBook($book);
$viewer = $this->getViewer();
$this->giveUserPermissions($viewer, ['book-update-all', 'book-create-all', 'bookshelf-update-all']);
$this->entities->setPermissions($shelfB);
$viewer = $this->users->viewer();
$this->permissions->grantUserRolePermissions($viewer, ['book-update-all', 'book-create-all', 'bookshelf-update-all']);
$this->permissions->setEntityPermissions($shelfB);
$this->asEditor()->post($book->getUrl('/copy'), ['name' => 'My copy book']);

10
tests/Entity/ChapterTest.php
View File

@ -101,7 +101,7 @@ class ChapterTest extends TestCase
// Hide pages to all non-admin roles
/** @var Page $page */
foreach ($chapter->pages as $page) {
$this->entities->setPermissions($page, [], []);
$this->permissions->setEntityPermissions($page, [], []);
}
$this->asEditor()->post($chapter->getUrl('/copy'), [
@ -116,8 +116,8 @@ class ChapterTest extends TestCase
public function test_copy_does_not_copy_pages_if_user_cant_page_create()
{
$chapter = $this->entities->chapterHasPages();
$viewer = $this->getViewer();
$this->giveUserPermissions($viewer, ['chapter-create-all']);
$viewer = $this->users->viewer();
$this->permissions->grantUserRolePermissions($viewer, ['chapter-create-all']);
// Lacking permission results in no copied pages
$this->actingAs($viewer)->post($chapter->getUrl('/copy'), [
@ -128,7 +128,7 @@ class ChapterTest extends TestCase
$newChapter = Chapter::query()->where('name', '=', 'My copied chapter')->first();
$this->assertEquals(0, $newChapter->pages()->count());
$this->giveUserPermissions($viewer, ['page-create-all']);
$this->permissions->grantUserRolePermissions($viewer, ['page-create-all']);
// Having permission rules in copied pages
$this->actingAs($viewer)->post($chapter->getUrl('/copy'), [
@ -144,7 +144,7 @@ class ChapterTest extends TestCase
{
$chapter = $this->entities->chapter();
$resp = $this->actingAs($this->getViewer())->get($chapter->getUrl());
$resp = $this->actingAs($this->users->viewer())->get($chapter->getUrl());
$this->withHtml($resp)->assertLinkNotExists($chapter->book->getUrl('sort'));
$resp = $this->asEditor()->get($chapter->getUrl());

16
tests/Entity/ConvertTest.php
View File

@ -49,16 +49,16 @@ class ConvertTest extends TestCase
public function test_convert_chapter_to_book_requires_permissions()
{
$chapter = $this->entities->chapter();
$user = $this->getViewer();
$user = $this->users->viewer();
$permissions = ['chapter-delete-all', 'book-create-all', 'chapter-update-all'];
$this->giveUserPermissions($user, $permissions);
$this->permissions->grantUserRolePermissions($user, $permissions);
foreach ($permissions as $permission) {
$this->removePermissionFromUser($user, $permission);
$this->permissions->removeUserRolePermissions($user, [$permission]);
$resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
$this->assertPermissionError($resp);
$this->giveUserPermissions($user, [$permission]);
$this->permissions->grantUserRolePermissions($user, [$permission]);
}
$resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
@ -122,16 +122,16 @@ class ConvertTest extends TestCase
public function test_book_convert_to_shelf_requires_permissions()
{
$book = $this->entities->book();
$user = $this->getViewer();
$user = $this->users->viewer();
$permissions = ['book-delete-all', 'bookshelf-create-all', 'book-update-all', 'book-create-all'];
$this->giveUserPermissions($user, $permissions);
$this->permissions->grantUserRolePermissions($user, $permissions);
foreach ($permissions as $permission) {
$this->removePermissionFromUser($user, $permission);
$this->permissions->removeUserRolePermissions($user, [$permission]);
$resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));
$this->assertPermissionError($resp);
$this->giveUserPermissions($user, [$permission]);
$this->permissions->grantUserRolePermissions($user, [$permission]);
}
$resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));

8
tests/Entity/EntityAccessTest.php
View File

@ -11,8 +11,8 @@ class EntityAccessTest extends TestCase
public function test_entities_viewable_after_creator_deletion()
{
// Create required assets and revisions
$creator = $this->getEditor();
$updater = $this->getViewer();
$creator = $this->users->editor();
$updater = $this->users->viewer();
$entities = $this->entities->createChainBelongingToUser($creator, $updater);
app()->make(UserRepo::class)->destroy($creator);
$this->entities->updatePage($entities['page'], ['html' => '<p>hello!</p>>']);
@ -23,8 +23,8 @@ class EntityAccessTest extends TestCase
public function test_entities_viewable_after_updater_deletion()
{
// Create required assets and revisions
$creator = $this->getViewer();
$updater = $this->getEditor();
$creator = $this->users->viewer();
$updater = $this->users->editor();
$entities = $this->entities->createChainBelongingToUser($creator, $updater);
app()->make(UserRepo::class)->destroy($updater);
$this->entities->updatePage($entities['page'], ['html' => '<p>Hello there!</p>']);

16
tests/Entity/EntitySearchTest.php
View File

@ -132,7 +132,7 @@ class EntitySearchTest extends TestCase
public function test_search_filters()
{
$page = $this->entities->newPage(['name' => 'My new test quaffleachits', 'html' => 'this is about an orange donkey danzorbhsing']);
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
// Viewed filter searches
@ -171,7 +171,7 @@ class EntitySearchTest extends TestCase
// Restricted filter
$this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertDontSee($page->name);
$this->entities->setPermissions($page, ['view'], [$editor->roles->first()]);
$this->permissions->setEntityPermissions($page, ['view'], [$editor->roles->first()]);
$this->get('/search?term=' . urlencode('danzorbhsing {is_restricted}'))->assertSee($page->name);
// Date filters
@ -235,7 +235,7 @@ class EntitySearchTest extends TestCase
$this->withHtml($resp)->assertElementContains($baseSelector, $page->name);
$this->withHtml($resp)->assertElementNotContains($baseSelector, "You don't have the required permissions to select this item");
$resp = $this->actingAs($this->getViewer())->get($searchUrl);
$resp = $this->actingAs($this->users->viewer())->get($searchUrl);
$this->withHtml($resp)->assertElementContains($baseSelector, $page->name);
$this->withHtml($resp)->assertElementContains($baseSelector, "You don't have the required permissions to select this item");
}
@ -246,7 +246,7 @@ class EntitySearchTest extends TestCase
$this->assertGreaterThan(2, count($chapter->pages), 'Ensure we\'re testing with at least 1 sibling');
$page = $chapter->pages->first();
$search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$page->id}&entity_type=page");
$search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$page->id}&entity_type=page");
$search->assertSuccessful();
foreach ($chapter->pages as $page) {
$search->assertSee($page->name);
@ -261,7 +261,7 @@ class EntitySearchTest extends TestCase
$bookChildren = $page->book->getDirectChildren();
$this->assertGreaterThan(2, count($bookChildren), 'Ensure we\'re testing with at least 1 sibling');
$search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$page->id}&entity_type=page");
$search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$page->id}&entity_type=page");
$search->assertSuccessful();
foreach ($bookChildren as $child) {
$search->assertSee($child->name);
@ -276,7 +276,7 @@ class EntitySearchTest extends TestCase
$bookChildren = $chapter->book->getDirectChildren();
$this->assertGreaterThan(2, count($bookChildren), 'Ensure we\'re testing with at least 1 sibling');
$search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$chapter->id}&entity_type=chapter");
$search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$chapter->id}&entity_type=chapter");
$search->assertSuccessful();
foreach ($bookChildren as $child) {
$search->assertSee($child->name);
@ -291,7 +291,7 @@ class EntitySearchTest extends TestCase
$book = $books->first();
$this->assertGreaterThan(2, count($books), 'Ensure we\'re testing with at least 1 sibling');
$search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$book->id}&entity_type=book");
$search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$book->id}&entity_type=book");
$search->assertSuccessful();
foreach ($books as $expectedBook) {
$search->assertSee($expectedBook->name);
@ -304,7 +304,7 @@ class EntitySearchTest extends TestCase
$shelf = $shelves->first();
$this->assertGreaterThan(2, count($shelves), 'Ensure we\'re testing with at least 1 sibling');
$search = $this->actingAs($this->getViewer())->get("/search/entity/siblings?entity_id={$shelf->id}&entity_type=bookshelf");
$search = $this->actingAs($this->users->viewer())->get("/search/entity/siblings?entity_id={$shelf->id}&entity_type=bookshelf");
$search->assertSuccessful();
foreach ($shelves as $expectedShelf) {
$search->assertSee($expectedShelf->name);

7
tests/Entity/ExportTest.php
View File

@ -275,7 +275,7 @@ class ExportTest extends TestCase
public function test_page_export_with_deleted_creator_and_updater()
{
$user = $this->getViewer(['name' => 'ExportWizardTheFifth']);
$user = $this->users->viewer(['name' => 'ExportWizardTheFifth']);
$page = $this->entities->page();
$page->created_by = $user->id;
$page->updated_by = $user->id;
@ -409,7 +409,7 @@ class ExportTest extends TestCase
$chapter = $book->chapters()->first();
$page = $chapter->pages()->first();
$entities = [$book, $chapter, $page];
$user = $this->getViewer();
$user = $this->users->viewer();
$this->actingAs($user);
foreach ($entities as $entity) {
@ -417,8 +417,7 @@ class ExportTest extends TestCase
$resp->assertSee('/export/pdf');
}
/** @var Role $role */
$this->removePermissionFromUser($user, 'content-export');
$this->permissions->removeUserRolePermissions($user, ['content-export']);
foreach ($entities as $entity) {
$resp = $this->get($entity->getUrl());

2
tests/Entity/PageContentTest.php
View File

@ -483,7 +483,7 @@ class PageContentTest extends TestCase
{
$page = $this->entities->page();
$this->actingAs($this->getAdmin())
$this->actingAs($this->users->admin())
->put($page->getUrl(''), [
'name' => 'Testing',
'html' => '<p>&quot;Hello &amp; welcome&quot;</p>',

14
tests/Entity/PageDraftTest.php
View File

@ -39,7 +39,7 @@ class PageDraftTest extends TestCase
$this->withHtml($resp)->assertElementNotContains('[name="html"]', $addedContent);
$newContent = $this->page->html . $addedContent;
$newUser = $this->getEditor();
$newUser = $this->users->editor();
$this->pageRepo->updatePageDraft($this->page, ['html' => $newContent]);
$resp = $this->actingAs($newUser)->get($this->page->getUrl('/edit'));
@ -62,7 +62,7 @@ class PageDraftTest extends TestCase
$this->withHtml($resp)->assertElementNotContains('[name="html"]', $addedContent);
$newContent = $this->page->html . $addedContent;
$newUser = $this->getEditor();
$newUser = $this->users->editor();
$this->pageRepo->updatePageDraft($this->page, ['html' => $newContent]);
$this->actingAs($newUser)
@ -75,8 +75,8 @@ class PageDraftTest extends TestCase
public function test_draft_save_shows_alert_if_draft_older_than_last_page_update()
{
$admin = $this->getAdmin();
$editor = $this->getEditor();
$admin = $this->users->admin();
$editor = $this->users->editor();
$page = $this->entities->page();
$this->actingAs($editor)->put('/ajax/page/' . $page->id . '/save-draft', [
@ -109,8 +109,8 @@ class PageDraftTest extends TestCase
public function test_draft_save_shows_alert_if_draft_edit_started_by_someone_else()
{
$admin = $this->getAdmin();
$editor = $this->getEditor();
$admin = $this->users->admin();
$editor = $this->users->editor();
$page = $this->entities->page();
$this->actingAs($admin)->put('/ajax/page/' . $page->id . '/save-draft', [
@ -143,7 +143,7 @@ class PageDraftTest extends TestCase
{
$book = $this->entities->book();
$chapter = $book->chapters->first();
$newUser = $this->getEditor();
$newUser = $this->users->editor();
$this->actingAs($newUser)->get($book->getUrl('/create-page'));
$this->get($chapter->getUrl('/create-page'));

8
tests/Entity/PageRevisionTest.php
View File

@ -208,13 +208,13 @@ class PageRevisionTest extends TestCase
$page = $this->entities->page();
$this->createRevisions($page, 2);
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$this->actingAs($viewer);
$respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
$respHtml->assertElementNotContains('.actions a', 'Restore');
$respHtml->assertElementNotExists('form[action$="/restore"]');
$this->giveUserPermissions($viewer, ['page-update-all']);
$this->permissions->grantUserRolePermissions($viewer, ['page-update-all']);
$respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
$respHtml->assertElementContains('.actions a', 'Restore');
@ -226,13 +226,13 @@ class PageRevisionTest extends TestCase
$page = $this->entities->page();
$this->createRevisions($page, 2);
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$this->actingAs($viewer);
$respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
$respHtml->assertElementNotContains('.actions a', 'Delete');
$respHtml->assertElementNotExists('form[action$="/delete"]');
$this->giveUserPermissions($viewer, ['page-delete-all']);
$this->permissions->grantUserRolePermissions($viewer, ['page-delete-all']);
$respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
$respHtml->assertElementContains('.actions a', 'Delete');

8
tests/Entity/PageTemplateTest.php
View File

@ -25,7 +25,7 @@ class PageTemplateTest extends TestCase
public function test_manage_templates_permission_required_to_change_page_template_status()
{
$page = $this->entities->page();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$pageUpdateData = [
@ -40,7 +40,7 @@ class PageTemplateTest extends TestCase
'template' => false,
]);
$this->giveUserPermissions($editor, ['templates-manage']);
$this->permissions->grantUserRolePermissions($editor, ['templates-manage']);
$this->put($page->getUrl(), $pageUpdateData);
$this->assertDatabaseHas('pages', [
@ -53,7 +53,7 @@ class PageTemplateTest extends TestCase
{
$content = '<div>my_custom_template_content</div>';
$page = $this->entities->page();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$templateFetch = $this->get('/templates/' . $page->id);
@ -73,7 +73,7 @@ class PageTemplateTest extends TestCase
public function test_template_endpoint_returns_paginated_list_of_templates()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$toBeTemplates = Page::query()->orderBy('name', 'asc')->take(12)->get();

22
tests/Entity/PageTest.php
View File

@ -38,8 +38,8 @@ class PageTest extends TestCase
public function test_page_view_when_creator_is_deleted_but_owner_exists()
{
$page = $this->entities->page();
$user = $this->getViewer();
$owner = $this->getEditor();
$user = $this->users->viewer();
$owner = $this->users->editor();
$page->created_by = $user->id;
$page->owned_by = $owner->id;
$page->save();
@ -190,15 +190,15 @@ class PageTest extends TestCase
$page = $this->entities->page();
$currentBook = $page->book;
$newBook = Book::where('id', '!=', $currentBook->id)->first();
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$resp = $this->actingAs($viewer)->get($page->getUrl());
$resp->assertDontSee($page->getUrl('/copy'));
$newBook->owned_by = $viewer->id;
$newBook->save();
$this->giveUserPermissions($viewer, ['page-create-own']);
$this->entities->regenPermissions($newBook);
$this->permissions->grantUserRolePermissions($viewer, ['page-create-own']);
$this->permissions->regenerateForEntity($newBook);
$resp = $this->actingAs($viewer)->get($page->getUrl());
$resp->assertSee($page->getUrl('/copy'));
@ -249,7 +249,7 @@ class PageTest extends TestCase
public function test_recently_updated_pages_view()
{
$user = $this->getEditor();
$user = $this->users->editor();
$content = $this->entities->createChainBelongingToUser($user);
$resp = $this->asAdmin()->get('/pages/recently-updated');
@ -258,7 +258,7 @@ class PageTest extends TestCase
public function test_recently_updated_pages_view_shows_updated_by_details()
{
$user = $this->getEditor();
$user = $this->users->editor();
$page = $this->entities->page();
$this->actingAs($user)->put($page->getUrl(), [
@ -272,7 +272,7 @@ class PageTest extends TestCase
public function test_recently_updated_pages_view_shows_parent_chain()
{
$user = $this->getEditor();
$user = $this->users->editor();
$page = $this->entities->pageWithinChapter();
$this->actingAs($user)->put($page->getUrl(), [
@ -287,7 +287,7 @@ class PageTest extends TestCase
public function test_recently_updated_pages_view_does_not_show_parent_if_not_visible()
{
$user = $this->getEditor();
$user = $this->users->editor();
$page = $this->entities->pageWithinChapter();
$this->actingAs($user)->put($page->getUrl(), [
@ -295,8 +295,8 @@ class PageTest extends TestCase
'html' => '<p>Updated content</p>',
]);
$this->entities->setPermissions($page->book);
$this->entities->setPermissions($page, ['view'], [$user->roles->first()]);
$this->permissions->setEntityPermissions($page->book);
$this->permissions->setEntityPermissions($page, ['view'], [$user->roles->first()]);
$resp = $this->get('/pages/recently-updated');
$resp->assertDontSee($page->book->getShortName(42));

52
tests/Entity/SortTest.php
View File

@ -53,7 +53,7 @@ class SortTest extends TestCase
$newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$newChapter = $newBook->chapters()->first();
$movePageResp = $this->actingAs($this->getEditor())->put($page->getUrl('/move'), [
$movePageResp = $this->actingAs($this->users->editor())->put($page->getUrl('/move'), [
'entity_selection' => 'chapter:' . $newChapter->id,
]);
$page->refresh();
@ -71,7 +71,7 @@ class SortTest extends TestCase
$page = $oldChapter->pages()->first();
$newBook = Book::query()->where('id', '!=', $oldChapter->book_id)->first();
$movePageResp = $this->actingAs($this->getEditor())->put($page->getUrl('/move'), [
$movePageResp = $this->actingAs($this->users->editor())->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
]);
$page->refresh();
@ -89,16 +89,16 @@ class SortTest extends TestCase
$page = $this->entities->page();
$currentBook = $page->book;
$newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->entities->setPermissions($newBook, ['view', 'update', 'delete'], $editor->roles->all());
$this->permissions->setEntityPermissions($newBook, ['view', 'update', 'delete'], $editor->roles->all());
$movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
]);
$this->assertPermissionError($movePageResp);
$this->entities->setPermissions($newBook, ['view', 'update', 'delete', 'create'], $editor->roles->all());
$this->permissions->setEntityPermissions($newBook, ['view', 'update', 'delete', 'create'], $editor->roles->all());
$movePageResp = $this->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
]);
@ -114,10 +114,10 @@ class SortTest extends TestCase
$page = $this->entities->page();
$currentBook = $page->book;
$newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->entities->setPermissions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all());
$this->entities->setPermissions($page, ['view', 'update', 'create'], $editor->roles->all());
$this->permissions->setEntityPermissions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all());
$this->permissions->setEntityPermissions($page, ['view', 'update', 'create'], $editor->roles->all());
$movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
@ -126,7 +126,7 @@ class SortTest extends TestCase
$pageView = $this->get($page->getUrl());
$pageView->assertDontSee($page->getUrl('/move'));
$this->entities->setPermissions($page, ['view', 'update', 'create', 'delete'], $editor->roles->all());
$this->permissions->setEntityPermissions($page, ['view', 'update', 'create', 'delete'], $editor->roles->all());
$movePageResp = $this->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
]);
@ -169,10 +169,10 @@ class SortTest extends TestCase
$chapter = $this->entities->chapter();
$currentBook = $chapter->book;
$newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->entities->setPermissions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all());
$this->entities->setPermissions($chapter, ['view', 'update', 'create'], $editor->roles->all());
$this->permissions->setEntityPermissions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all());
$this->permissions->setEntityPermissions($chapter, ['view', 'update', 'create'], $editor->roles->all());
$moveChapterResp = $this->actingAs($editor)->put($chapter->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
@ -181,7 +181,7 @@ class SortTest extends TestCase
$pageView = $this->get($chapter->getUrl());
$pageView->assertDontSee($chapter->getUrl('/move'));
$this->entities->setPermissions($chapter, ['view', 'update', 'create', 'delete'], $editor->roles->all());
$this->permissions->setEntityPermissions($chapter, ['view', 'update', 'create', 'delete'], $editor->roles->all());
$moveChapterResp = $this->put($chapter->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
]);
@ -196,17 +196,17 @@ class SortTest extends TestCase
$chapter = $this->entities->chapter();
$currentBook = $chapter->book;
$newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->entities->setPermissions($newBook, ['view', 'update', 'delete'], [$editor->roles->first()]);
$this->entities->setPermissions($chapter, ['view', 'update', 'create', 'delete'], [$editor->roles->first()]);
$this->permissions->setEntityPermissions($newBook, ['view', 'update', 'delete'], [$editor->roles->first()]);
$this->permissions->setEntityPermissions($chapter, ['view', 'update', 'create', 'delete'], [$editor->roles->first()]);
$moveChapterResp = $this->actingAs($editor)->put($chapter->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
]);
$this->assertPermissionError($moveChapterResp);
$this->entities->setPermissions($newBook, ['view', 'update', 'create', 'delete'], [$editor->roles->first()]);
$this->permissions->setEntityPermissions($newBook, ['view', 'update', 'create', 'delete'], [$editor->roles->first()]);
$moveChapterResp = $this->put($chapter->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
]);
@ -313,7 +313,7 @@ class SortTest extends TestCase
$page = $this->entities->pageWithinChapter();
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first();
$this->entities->setPermissions($otherChapter);
$this->permissions->setEntityPermissions($otherChapter);
$sortData = [
'id' => $page->id,
@ -334,8 +334,8 @@ class SortTest extends TestCase
$page = $this->entities->pageWithinChapter();
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first();
$editor = $this->getEditor();
$this->entities->setPermissions($otherChapter->book, ['update', 'delete'], [$editor->roles()->first()]);
$editor = $this->users->editor();
$this->permissions->setEntityPermissions($otherChapter->book, ['update', 'delete'], [$editor->roles()->first()]);
$sortData = [
'id' => $page->id,
@ -356,8 +356,8 @@ class SortTest extends TestCase
$page = $this->entities->pageWithinChapter();
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first();
$editor = $this->getEditor();
$this->entities->setPermissions($otherChapter, ['view', 'delete'], [$editor->roles()->first()]);
$editor = $this->users->editor();
$this->permissions->setEntityPermissions($otherChapter, ['view', 'delete'], [$editor->roles()->first()]);
$sortData = [
'id' => $page->id,
@ -378,8 +378,8 @@ class SortTest extends TestCase
$page = $this->entities->pageWithinChapter();
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first();
$editor = $this->getEditor();
$this->entities->setPermissions($page, ['view', 'delete'], [$editor->roles()->first()]);
$editor = $this->users->editor();
$this->permissions->setEntityPermissions($page, ['view', 'delete'], [$editor->roles()->first()]);
$sortData = [
'id' => $page->id,
@ -400,8 +400,8 @@ class SortTest extends TestCase
$page = $this->entities->pageWithinChapter();
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first();
$editor = $this->getEditor();
$this->entities->setPermissions($page, ['view', 'update'], [$editor->roles()->first()]);
$editor = $this->users->editor();
$this->permissions->setEntityPermissions($page, ['view', 'update'], [$editor->roles()->first()]);
$sortData = [
'id' => $page->id,

4
tests/Entity/TagTest.php
View File

@ -75,7 +75,7 @@ class TagTest extends TestCase
$this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']);
// Set restricted permission the page
$this->entities->setPermissions($page, [], []);
$this->permissions->setEntityPermissions($page, [], []);
$this->asAdmin()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson(['color', 'country']);
$this->asEditor()->get('/ajax/tags/suggest/names?search=co')->assertSimilarJson([]);
@ -178,7 +178,7 @@ class TagTest extends TestCase
$resp = $this->get('/tags?name=SuperCategory');
$resp->assertSee('GreatTestContent');
$this->entities->setPermissions($page, [], []);
$this->permissions->setEntityPermissions($page, [], []);
$resp = $this->asEditor()->get('/tags');
$resp->assertDontSee('SuperCategory');

6
tests/ErrorTest.php
View File

@ -11,7 +11,7 @@ class ErrorTest extends TestCase
// Due to middleware being handled differently this will not fail
// if our custom, middleware-loaded handler fails but this is here
// as a reminder and as a general check in the event of other issues.
$editor = $this->getEditor();
$editor = $this->users->editor();
$editor->name = 'tester';
$editor->save();
@ -24,7 +24,7 @@ class ErrorTest extends TestCase
public function test_item_not_found_does_not_get_logged_to_file()
{
$this->actingAs($this->getViewer());
$this->actingAs($this->users->viewer());
$handler = $this->withTestLogger();
$book = $this->entities->book();
@ -41,7 +41,7 @@ class ErrorTest extends TestCase
public function test_access_to_non_existing_image_location_provides_404_response()
{
$resp = $this->actingAs($this->getViewer())->get('/uploads/images/gallery/2021-05/anonexistingimage.png');
$resp = $this->actingAs($this->users->viewer())->get('/uploads/images/gallery/2021-05/anonexistingimage.png');
$resp->assertStatus(404);
$resp->assertSeeText('Image Not Found');
}

14
tests/FavouriteTest.php
View File

@ -10,7 +10,7 @@ class FavouriteTest extends TestCase
public function test_page_add_favourite_flow()
{
$page = $this->entities->page();
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->actingAs($editor)->get($page->getUrl());
$this->withHtml($resp)->assertElementContains('button', 'Favourite');
@ -33,7 +33,7 @@ class FavouriteTest extends TestCase
public function test_page_remove_favourite_flow()
{
$page = $this->entities->page();
$editor = $this->getEditor();
$editor = $this->users->editor();
Favourite::query()->forceCreate([
'user_id' => $editor->id,
'favouritable_id' => $page->id,
@ -63,7 +63,7 @@ class FavouriteTest extends TestCase
$book->owned_by = $user->id;
$book->save();
$this->giveUserPermissions($user, ['book-view-own']);
$this->permissions->grantUserRolePermissions($user, ['book-view-own']);
$this->actingAs($user)->get($book->getUrl());
$resp = $this->post('/favourites/add', [
@ -81,7 +81,7 @@ class FavouriteTest extends TestCase
public function test_each_entity_type_shows_favourite_button()
{
$this->actingAs($this->getEditor());
$this->actingAs($this->users->editor());
foreach ($this->entities->all() as $entity) {
$resp = $this->get($entity->getUrl());
@ -94,13 +94,13 @@ class FavouriteTest extends TestCase
$this->setSettings(['app-public' => 'true']);
$resp = $this->get('/');
$this->withHtml($resp)->assertElementNotContains('header', 'My Favourites');
$resp = $this->actingAs($this->getViewer())->get('/');
$resp = $this->actingAs($this->users->viewer())->get('/');
$this->withHtml($resp)->assertElementContains('header a', 'My Favourites');
}
public function test_favourites_shown_on_homepage()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->actingAs($editor)->get('/');
$this->withHtml($resp)->assertElementNotExists('#top-favourites');
@ -116,7 +116,7 @@ class FavouriteTest extends TestCase
public function test_favourites_list_page_shows_favourites_and_has_working_pagination()
{
$page = $this->entities->page();
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->actingAs($editor)->get('/favourites');
$resp->assertDontSee($page->name);

42
tests/Helpers/EntityProvider.php
View File

@ -2,8 +2,6 @@
namespace Tests\Helpers;
use BookStack\Auth\Permissions\EntityPermission;
use BookStack\Auth\Role;
use BookStack\Auth\User;
use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Bookshelf;
@ -186,46 +184,6 @@ class EntityProvider
return $pageRepo->publishDraft($draftPage, $input);
}
/**
* Regenerate the permission for an entity.
* Centralised to manage clearing of cached elements between requests.
*/
public function regenPermissions(Entity $entity): void
{
$entity->rebuildPermissions();
$entity->load('jointPermissions');
}
/**
* Set the given entity as having restricted permissions, and apply the given
* permissions for the given roles.
* @param string[] $actions
* @param Role[] $roles
*/
public function setPermissions(Entity $entity, array $actions = [], array $roles = [], $inherit = false): void
{
$entity->permissions()->delete();
$permissions = [];
if (!$inherit) {
// Set default permissions to not allow actions so that only the provided role permissions are at play.
$permissions[] = ['role_id' => null, 'user_id' => null, 'view' => false, 'create' => false, 'update' => false, 'delete' => false];
}
foreach ($roles as $role) {
$permission = ['role_id' => $role->id];
foreach (EntityPermission::PERMISSIONS as $possibleAction) {
$permission[$possibleAction] = in_array($possibleAction, $actions);
}
$permissions[] = $permission;
}
$entity->permissions()->createMany($permissions);
$entity->load('permissions');
$this->regenPermissions($entity);
}
/**
* @param Entity|Entity[] $entities
*/

131
tests/Helpers/PermissionsProvider.php Normal file
View File

@ -0,0 +1,131 @@
<?php
namespace Tests\Helpers;
use BookStack\Auth\Permissions\EntityPermission;
use BookStack\Auth\Permissions\JointPermissionBuilder;
use BookStack\Auth\Permissions\RolePermission;
use BookStack\Auth\Role;
use BookStack\Auth\User;
use BookStack\Entities\Models\Entity;
class PermissionsProvider
{
protected UserRoleProvider $userRoleProvider;
public function __construct(UserRoleProvider $userRoleProvider)
{
$this->userRoleProvider = $userRoleProvider;
}
/**
* Grant role permissions to the provided user.
*/
public function grantUserRolePermissions(User $user, array $permissions): void
{
$newRole = $this->userRoleProvider->createRole($permissions);
$user->attachRole($newRole);
$user->load('roles');
$user->clearPermissionCache();
}
/**
* Completely remove specific role permissions from the provided user.
*/
public function removeUserRolePermissions(User $user, array $permissions): void
{
$permissionBuilder = app()->make(JointPermissionBuilder::class);
foreach ($permissions as $permissionName) {
/** @var RolePermission $permission */
$permission = RolePermission::query()
->where('name', '=', $permissionName)
->firstOrFail();
$roles = $user->roles()->whereHas('permissions', function ($query) use ($permission) {
$query->where('id', '=', $permission->id);
})->get();
/** @var Role $role */
foreach ($roles as $role) {
$role->detachPermission($permission);
$permissionBuilder->rebuildForRole($role);
}
$user->clearPermissionCache();
}
}
/**
* Regenerate the permission for an entity.
* Centralised to manage clearing of cached elements between requests.
*/
public function regenerateForEntity(Entity $entity): void
{
$entity->rebuildPermissions();
$entity->load('jointPermissions');
}
/**
* Set the given entity as having restricted permissions, and apply the given
* permissions for the given roles.
* @param string[] $actions
* @param Role[] $roles
*/
public function setEntityPermissions(Entity $entity, array $actions = [], array $roles = [], $inherit = false): void
{
$entity->permissions()->delete();
$permissions = [];
if (!$inherit) {
// Set default permissions to not allow actions so that only the provided role permissions are at play.
$permissions[] = ['role_id' => null, 'user_id' => null, 'view' => false, 'create' => false, 'update' => false, 'delete' => false];
}
foreach ($roles as $role) {
$permissions[] = $this->actionListToEntityPermissionData($actions, $role->id);
}
$this->addEntityPermissionEntries($entity, $permissions);
}
public function addEntityPermission(Entity $entity, array $actionList, int $roleId = null, int $userId = null)
{
$permissionData = $this->actionListToEntityPermissionData($actionList, $roleId, $userId);
$this->addEntityPermissionEntries($entity, [$permissionData]);
}
/**
* Disable inherited permissions on the given entity.
* Effectively sets the "Other Users" UI permission option to not inherit, with no permissions.
*/
public function disableEntityInheritedPermissions(Entity $entity): void
{
$entity->permissions()->whereNull(['user_id', 'role_id'])->delete();
$fallback = $this->actionListToEntityPermissionData([]);
$this->addEntityPermissionEntries($entity, [$fallback]);
}
protected function addEntityPermissionEntries(Entity $entity, array $entityPermissionData): void
{
$entity->permissions()->createMany($entityPermissionData);
$entity->load('permissions');
$this->regenerateForEntity($entity);
}
/**
* For the given simple array of string actions (view, create, update, delete), convert
* the format to entity permission data, where permission is granted if the action is in the
* given actionList array.
*/
protected function actionListToEntityPermissionData(array $actionList, int $roleId = null, int $userId = null): array
{
$permissionData = ['role_id' => $roleId, 'user_id' => $userId];
foreach (EntityPermission::PERMISSIONS as $possibleAction) {
$permissionData[$possibleAction] = in_array($possibleAction, $actionList);
}
return $permissionData;
}
}

89
tests/Helpers/UserRoleProvider.php Normal file
View File

@ -0,0 +1,89 @@
<?php
namespace Tests\Helpers;
use BookStack\Auth\Permissions\PermissionsRepo;
use BookStack\Auth\Role;
use BookStack\Auth\User;
class UserRoleProvider
{
protected ?User $admin = null;
protected ?User $editor = null;
/**
* Get a typical "Admin" user.
*/
public function admin(): User
{
if (is_null($this->admin)) {
$adminRole = Role::getSystemRole('admin');
$this->admin = $adminRole->users->first();
}
return $this->admin;
}
/**
* Get a typical "Editor" user.
*/
public function editor(): User
{
if ($this->editor === null) {
$editorRole = Role::getRole('editor');
$this->editor = $editorRole->users->first();
}
return $this->editor;
}
/**
* Get a typical "Viewer" user.
*/
public function viewer(array $attributes = []): User
{
$user = Role::getRole('viewer')->users()->first();
if (!empty($attributes)) {
$user->forceFill($attributes)->save();
}
return $user;
}
/**
* Create a new fresh user, with the given attrs, that has assigned a fresh role
* that has the given role permissions.
* Intended as a helper to create a blank slate baseline user and role.
* @return array{0: User, 1: Role}
*/
public function newUserWithRole(array $userAttrs = [], array $rolePermissions = []): array
{
$user = User::factory()->create($userAttrs);
$role = $this->attachRole($user, $rolePermissions);
return [$user, $role];
}
/**
* Attach a new role, with the given role permissions, to the given user
* and return that role.
*/
public function attachRole(User $user, array $rolePermissions = []): Role
{
$role = $this->createRole($rolePermissions);
$user->attachRole($role);
return $role;
}
/**
* Create a new basic role with the given role permissions.
*/
public function createRole(array $rolePermissions = []): Role
{
$permissionRepo = app(PermissionsRepo::class);
$roleData = Role::factory()->make()->toArray();
$roleData['permissions'] = array_flip($rolePermissions);
return $permissionRepo->saveNewRole($roleData);
}
}

10
tests/HomepageTest.php
View File

@ -114,7 +114,7 @@ class HomepageTest extends TestCase
public function test_set_book_homepage()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
setting()->putUser($editor, 'books_view_type', 'grid');
$this->setSettings(['app-homepage-type' => 'books']);
@ -133,7 +133,7 @@ class HomepageTest extends TestCase
public function test_set_bookshelves_homepage()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
setting()->putUser($editor, 'bookshelves_view_type', 'grid');
$shelf = $this->entities->shelf();
@ -152,7 +152,7 @@ class HomepageTest extends TestCase
public function test_shelves_list_homepage_adheres_to_book_visibility_permissions()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
setting()->putUser($editor, 'bookshelves_view_type', 'list');
$this->setSettings(['app-homepage-type' => 'bookshelves']);
$this->asEditor();
@ -167,13 +167,13 @@ class HomepageTest extends TestCase
// Ensure book no longer visible without view permission
$editor->roles()->detach();
$this->giveUserPermissions($editor, ['bookshelf-view-all']);
$this->permissions->grantUserRolePermissions($editor, ['bookshelf-view-all']);
$homeVisit = $this->get('/');
$this->withHtml($homeVisit)->assertElementContains('.content-wrap', $shelf->name);
$this->withHtml($homeVisit)->assertElementNotContains('.content-wrap', $book->name);
// Ensure is visible again with entity-level view permission
$this->entities->setPermissions($book, ['view'], [$editor->roles()->first()]);
$this->permissions->setEntityPermissions($book, ['view'], [$editor->roles()->first()]);
$homeVisit = $this->get('/');
$this->withHtml($homeVisit)->assertElementContains('.content-wrap', $shelf->name);
$this->withHtml($homeVisit)->assertElementContains('.content-wrap', $book->name);

2
tests/LanguageTest.php
View File

@ -77,7 +77,7 @@ class LanguageTest extends TestCase
{
$this->asEditor();
$this->assertFalse(config('app.rtl'), 'App RTL config should be false by default');
setting()->putUser($this->getEditor(), 'language', 'ar');
setting()->putUser($this->users->editor(), 'language', 'ar');
$this->get('/');
$this->assertTrue(config('app.rtl'), 'App RTL config should have been set to true by middleware');
}

20
tests/Permissions/EntityPermissionsTest.php
View File

@ -21,8 +21,8 @@ class EntityPermissionsTest extends TestCase
protected function setUp(): void
{
parent::setUp();
$this->user = $this->getEditor();
$this->viewer = $this->getViewer();
$this->user = $this->users->editor();
$this->viewer = $this->users->viewer();
}
protected function setRestrictionsForTestRoles(Entity $entity, array $actions = [])
@ -31,7 +31,7 @@ class EntityPermissionsTest extends TestCase
$this->user->roles->first(),
$this->viewer->roles->first(),
];
$this->entities->setPermissions($entity, $actions, $roles);
$this->permissions->setEntityPermissions($entity, $actions, $roles);
}
public function test_bookshelf_view_restriction()
@ -660,28 +660,28 @@ class EntityPermissionsTest extends TestCase
public function test_access_to_item_prevented_if_inheritance_active_but_permission_prevented_via_role()
{
$user = $this->getViewer();
$user = $this->users->viewer();
$viewerRole = $user->roles->first();
$chapter = $this->entities->chapter();
$book = $chapter->book;
$this->entities->setPermissions($book, ['edit'], [$viewerRole], false);
$this->entities->setPermissions($chapter, [], [$viewerRole], true);
$this->permissions->setEntityPermissions($book, ['edit'], [$viewerRole], false);
$this->permissions->setEntityPermissions($chapter, [], [$viewerRole], true);
$this->assertFalse(userCan('chapter-update', $chapter));
}
public function test_access_to_item_allowed_if_inheritance_active_and_permission_prevented_via_role_but_allowed_via_parent()
{
$user = $this->getViewer();
$user = $this->users->viewer();
$viewerRole = $user->roles->first();
$editorRole = Role::getRole('Editor');
$user->attachRole($editorRole);
$chapter = $this->entities->chapter();
$book = $chapter->book;
$this->entities->setPermissions($book, ['edit'], [$editorRole], false);
$this->entities->setPermissions($chapter, [], [$viewerRole], true);
$this->permissions->setEntityPermissions($book, ['edit'], [$editorRole], false);
$this->permissions->setEntityPermissions($chapter, [], [$viewerRole], true);
$this->assertTrue(userCan('chapter-update', $chapter));
}
@ -696,7 +696,7 @@ class EntityPermissionsTest extends TestCase
$error = null;
try {
$this->entities->setPermissions($book, ['view'], []);
$this->permissions->setEntityPermissions($book, ['view'], []);
} catch (Exception $e) {
$error = $e;
}

8
tests/Permissions/ExportPermissionsTest.php
View File

@ -14,7 +14,7 @@ class ExportPermissionsTest extends TestCase
$pageContent = Str::random(48);
$page->html = '<p>' . $pageContent . '</p>';
$page->save();
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$this->actingAs($viewer);
$formats = ['html', 'plaintext'];
@ -25,7 +25,7 @@ class ExportPermissionsTest extends TestCase
$resp->assertSee($pageContent);
}
$this->entities->setPermissions($page, []);
$this->permissions->setEntityPermissions($page, []);
foreach ($formats as $format) {
$resp = $this->get($chapter->getUrl("export/{$format}"));
@ -42,7 +42,7 @@ class ExportPermissionsTest extends TestCase
$pageContent = Str::random(48);
$page->html = '<p>' . $pageContent . '</p>';
$page->save();
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$this->actingAs($viewer);
$formats = ['html', 'plaintext'];
@ -53,7 +53,7 @@ class ExportPermissionsTest extends TestCase
$resp->assertSee($pageContent);
}
$this->entities->setPermissions($page, []);
$this->permissions->setEntityPermissions($page, []);
foreach ($formats as $format) {
$resp = $this->get($book->getUrl("export/{$format}"));

90
tests/Permissions/RolesTest.php
View File

@ -22,7 +22,7 @@ class RolesTest extends TestCase
protected function setUp(): void
{
parent::setUp();
$this->user = $this->getViewer();
$this->user = $this->users->viewer();
}
public function test_admin_can_see_settings()
@ -42,7 +42,7 @@ class RolesTest extends TestCase
public function test_role_cannot_be_deleted_if_default()
{
$newRole = $this->createNewRole();
$newRole = $this->users->createRole();
$this->setSettings(['registration-role' => $newRole->id]);
$deletePageUrl = '/settings/roles/delete/' . $newRole->id;
@ -121,11 +121,11 @@ class RolesTest extends TestCase
{
/** @var Role $adminRole */
$adminRole = Role::query()->where('system_name', '=', 'admin')->first();
$adminUser = $this->getAdmin();
$adminUser = $this->users->admin();
$adminRole->users()->where('id', '!=', $adminUser->id)->delete();
$this->assertEquals(1, $adminRole->users()->count());
$viewerRole = $this->getViewer()->roles()->first();
$viewerRole = $this->users->viewer()->roles()->first();
$editUrl = '/settings/users/' . $adminUser->id;
$resp = $this->actingAs($adminUser)->put($editUrl, [
@ -169,7 +169,7 @@ class RolesTest extends TestCase
$roleA = Role::query()->create(['display_name' => 'Entity Permissions Delete Test']);
$page = $this->entities->page();
$this->entities->setPermissions($page, ['view'], [$roleA]);
$this->permissions->setEntityPermissions($page, ['view'], [$roleA]);
$this->assertDatabaseHas('entity_permissions', [
'role_id' => $roleA->id,
@ -214,7 +214,7 @@ class RolesTest extends TestCase
public function test_manage_user_permission()
{
$this->actingAs($this->user)->get('/settings/users')->assertRedirect('/');
$this->giveUserPermissions($this->user, ['users-manage']);
$this->permissions->grantUserRolePermissions($this->user, ['users-manage']);
$this->actingAs($this->user)->get('/settings/users')->assertOk();
}
@ -222,9 +222,9 @@ class RolesTest extends TestCase
{
$usersLink = 'href="' . url('/settings/users') . '"';
$this->actingAs($this->user)->get('/')->assertDontSee($usersLink, false);
$this->giveUserPermissions($this->user, ['users-manage']);
$this->permissions->grantUserRolePermissions($this->user, ['users-manage']);
$this->actingAs($this->user)->get('/')->assertSee($usersLink, false);
$this->giveUserPermissions($this->user, ['settings-manage', 'users-manage']);
$this->permissions->grantUserRolePermissions($this->user, ['settings-manage', 'users-manage']);
$this->actingAs($this->user)->get('/')->assertDontSee($usersLink, false);
}
@ -247,7 +247,7 @@ class RolesTest extends TestCase
'name' => 'my_new_name',
]);
$this->giveUserPermissions($this->user, ['users-manage']);
$this->permissions->grantUserRolePermissions($this->user, ['users-manage']);
$resp = $this->get($userProfileUrl)
->assertOk();
@ -269,7 +269,7 @@ class RolesTest extends TestCase
{
$this->actingAs($this->user)->get('/settings/roles')->assertRedirect('/');
$this->get('/settings/roles/1')->assertRedirect('/');
$this->giveUserPermissions($this->user, ['user-roles-manage']);
$this->permissions->grantUserRolePermissions($this->user, ['user-roles-manage']);
$this->actingAs($this->user)->get('/settings/roles')->assertOk();
$this->get('/settings/roles/1')
->assertOk()
@ -279,7 +279,7 @@ class RolesTest extends TestCase
public function test_settings_manage_permission()
{
$this->actingAs($this->user)->get('/settings/features')->assertRedirect('/');
$this->giveUserPermissions($this->user, ['settings-manage']);
$this->permissions->grantUserRolePermissions($this->user, ['settings-manage']);
$this->get('/settings/features')->assertOk();
$resp = $this->post('/settings/features', []);
@ -295,7 +295,7 @@ class RolesTest extends TestCase
$this->actingAs($this->user)->get($page->getUrl())->assertDontSee('Permissions');
$this->get($page->getUrl('/permissions'))->assertRedirect('/');
$this->giveUserPermissions($this->user, ['restrictions-manage-all']);
$this->permissions->grantUserRolePermissions($this->user, ['restrictions-manage-all']);
$this->actingAs($this->user)->get($page->getUrl())->assertSee('Permissions');
@ -325,7 +325,7 @@ class RolesTest extends TestCase
$this->actingAs($this->user)->get($page->getUrl())->assertDontSee('Permissions');
$this->get($page->getUrl('/permissions'))->assertRedirect('/');
$this->giveUserPermissions($this->user, ['restrictions-manage-own']);
$this->permissions->grantUserRolePermissions($this->user, ['restrictions-manage-own']);
// Check can't restrict other's content
$this->actingAs($this->user)->get($otherUsersPage->getUrl())->assertDontSee('Permissions');
@ -350,7 +350,7 @@ class RolesTest extends TestCase
$this->withHtml($resp)->assertElementNotContains('.action-buttons', $text);
}
$this->giveUserPermissions($this->user, [$permission]);
$this->permissions->grantUserRolePermissions($this->user, [$permission]);
foreach ($accessUrls as $url) {
$this->actingAs($this->user)->get($url)->assertOk();
@ -380,7 +380,7 @@ class RolesTest extends TestCase
$otherShelf = Bookshelf::query()->first();
$ownShelf = $this->entities->newShelf(['name' => 'test-shelf', 'slug' => 'test-shelf']);
$ownShelf->forceFill(['owned_by' => $this->user->id, 'updated_by' => $this->user->id])->save();
$this->entities->regenPermissions($ownShelf);
$this->permissions->regenerateForEntity($ownShelf);
$this->checkAccessPermission('bookshelf-update-own', [
$ownShelf->getUrl('/edit'),
@ -406,12 +406,12 @@ class RolesTest extends TestCase
public function test_bookshelves_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['bookshelf-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['bookshelf-update-all']);
/** @var Bookshelf $otherShelf */
$otherShelf = Bookshelf::query()->first();
$ownShelf = $this->entities->newShelf(['name' => 'test-shelf', 'slug' => 'test-shelf']);
$ownShelf->forceFill(['owned_by' => $this->user->id, 'updated_by' => $this->user->id])->save();
$this->entities->regenPermissions($ownShelf);
$this->permissions->regenerateForEntity($ownShelf);
$this->checkAccessPermission('bookshelf-delete-own', [
$ownShelf->getUrl('/delete'),
@ -430,7 +430,7 @@ class RolesTest extends TestCase
public function test_bookshelves_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['bookshelf-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['bookshelf-update-all']);
/** @var Bookshelf $otherShelf */
$otherShelf = Bookshelf::query()->first();
$this->checkAccessPermission('bookshelf-delete-all', [
@ -486,7 +486,7 @@ class RolesTest extends TestCase
public function test_books_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['book-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['book-update-all']);
/** @var Book $otherBook */
$otherBook = Book::query()->take(1)->get()->first();
$ownBook = $this->entities->createChainBelongingToUser($this->user)['book'];
@ -506,7 +506,7 @@ class RolesTest extends TestCase
public function test_books_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['book-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['book-update-all']);
/** @var Book $otherBook */
$otherBook = Book::query()->take(1)->get()->first();
$this->checkAccessPermission('book-delete-all', [
@ -585,7 +585,7 @@ class RolesTest extends TestCase
public function test_chapter_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['chapter-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['chapter-update-all']);
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->first();
$ownChapter = $this->entities->createChainBelongingToUser($this->user)['chapter'];
@ -607,7 +607,7 @@ class RolesTest extends TestCase
public function test_chapter_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['chapter-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['chapter-update-all']);
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->first();
$this->checkAccessPermission('chapter-delete-all', [
@ -645,7 +645,7 @@ class RolesTest extends TestCase
$ownChapter->getUrl() => 'New Page',
]);
$this->giveUserPermissions($this->user, ['page-create-own']);
$this->permissions->grantUserRolePermissions($this->user, ['page-create-own']);
foreach ($accessUrls as $index => $url) {
$resp = $this->actingAs($this->user)->get($url);
@ -688,7 +688,7 @@ class RolesTest extends TestCase
$chapter->getUrl() => 'New Page',
]);
$this->giveUserPermissions($this->user, ['page-create-all']);
$this->permissions->grantUserRolePermissions($this->user, ['page-create-all']);
foreach ($accessUrls as $index => $url) {
$resp = $this->actingAs($this->user)->get($url);
@ -742,7 +742,7 @@ class RolesTest extends TestCase
public function test_page_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['page-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['page-update-all']);
/** @var Page $otherPage */
$otherPage = Page::query()->first();
$ownPage = $this->entities->createChainBelongingToUser($this->user)['page'];
@ -764,7 +764,7 @@ class RolesTest extends TestCase
public function test_page_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['page-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['page-update-all']);
/** @var Page $otherPage */
$otherPage = Page::query()->first();
@ -823,7 +823,7 @@ class RolesTest extends TestCase
public function test_image_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['image-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['image-update-all']);
$page = $this->entities->page();
$image = Image::factory()->create([
'uploaded_to' => $page->id,
@ -833,7 +833,7 @@ class RolesTest extends TestCase
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertStatus(403);
$this->giveUserPermissions($this->user, ['image-delete-own']);
$this->permissions->grantUserRolePermissions($this->user, ['image-delete-own']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertOk();
$this->assertDatabaseMissing('images', ['id' => $image->id]);
@ -841,18 +841,18 @@ class RolesTest extends TestCase
public function test_image_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['image-update-all']);
$admin = $this->getAdmin();
$this->permissions->grantUserRolePermissions($this->user, ['image-update-all']);
$admin = $this->users->admin();
$page = $this->entities->page();
$image = Image::factory()->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertStatus(403);
$this->giveUserPermissions($this->user, ['image-delete-own']);
$this->permissions->grantUserRolePermissions($this->user, ['image-delete-own']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertStatus(403);
$this->giveUserPermissions($this->user, ['image-delete-all']);
$this->permissions->grantUserRolePermissions($this->user, ['image-delete-all']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)->assertOk();
$this->assertDatabaseMissing('images', ['id' => $image->id]);
@ -863,7 +863,7 @@ class RolesTest extends TestCase
// To cover issue fixed in f99c8ff99aee9beb8c692f36d4b84dc6e651e50a.
$page = $this->entities->page();
$viewerRole = Role::getRole('viewer');
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$this->actingAs($viewer)->get($page->getUrl())->assertOk();
$this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [
@ -877,18 +877,18 @@ class RolesTest extends TestCase
public function test_empty_state_actions_not_visible_without_permission()
{
$admin = $this->getAdmin();
$admin = $this->users->admin();
// Book links
$book = Book::factory()->create(['created_by' => $admin->id, 'updated_by' => $admin->id]);
$this->entities->regenPermissions($book);
$this->actingAs($this->getViewer())->get($book->getUrl())
$this->permissions->regenerateForEntity($book);
$this->actingAs($this->users->viewer())->get($book->getUrl())
->assertDontSee('Create a new page')
->assertDontSee('Add a chapter');
// Chapter links
$chapter = Chapter::factory()->create(['created_by' => $admin->id, 'updated_by' => $admin->id, 'book_id' => $book->id]);
$this->entities->regenPermissions($chapter);
$this->actingAs($this->getViewer())->get($chapter->getUrl())
$this->permissions->regenerateForEntity($chapter);
$this->actingAs($this->users->viewer())->get($chapter->getUrl())
->assertDontSee('Create a new page')
->assertDontSee('Sort the current book');
}
@ -901,7 +901,7 @@ class RolesTest extends TestCase
->addComment($ownPage)
->assertStatus(403);
$this->giveUserPermissions($this->user, ['comment-create-all']);
$this->permissions->grantUserRolePermissions($this->user, ['comment-create-all']);
$this->actingAs($this->user)
->addComment($ownPage)
@ -911,7 +911,7 @@ class RolesTest extends TestCase
public function test_comment_update_own_permission()
{
$ownPage = $this->entities->createChainBelongingToUser($this->user)['page'];
$this->giveUserPermissions($this->user, ['comment-create-all']);
$this->permissions->grantUserRolePermissions($this->user, ['comment-create-all']);
$this->actingAs($this->user)->addComment($ownPage);
/** @var Comment $comment */
$comment = $ownPage->comments()->latest()->first();
@ -919,7 +919,7 @@ class RolesTest extends TestCase
// no comment-update-own
$this->actingAs($this->user)->updateComment($comment)->assertStatus(403);
$this->giveUserPermissions($this->user, ['comment-update-own']);
$this->permissions->grantUserRolePermissions($this->user, ['comment-update-own']);
// now has comment-update-own
$this->actingAs($this->user)->updateComment($comment)->assertOk();
@ -936,7 +936,7 @@ class RolesTest extends TestCase
// no comment-update-all
$this->actingAs($this->user)->updateComment($comment)->assertStatus(403);
$this->giveUserPermissions($this->user, ['comment-update-all']);
$this->permissions->grantUserRolePermissions($this->user, ['comment-update-all']);
// now has comment-update-all
$this->actingAs($this->user)->updateComment($comment)->assertOk();
@ -946,7 +946,7 @@ class RolesTest extends TestCase
{
/** @var Page $ownPage */
$ownPage = $this->entities->createChainBelongingToUser($this->user)['page'];
$this->giveUserPermissions($this->user, ['comment-create-all']);
$this->permissions->grantUserRolePermissions($this->user, ['comment-create-all']);
$this->actingAs($this->user)->addComment($ownPage);
/** @var Comment $comment */
@ -955,7 +955,7 @@ class RolesTest extends TestCase
// no comment-delete-own
$this->actingAs($this->user)->deleteComment($comment)->assertStatus(403);
$this->giveUserPermissions($this->user, ['comment-delete-own']);
$this->permissions->grantUserRolePermissions($this->user, ['comment-delete-own']);
// now has comment-update-own
$this->actingAs($this->user)->deleteComment($comment)->assertOk();
@ -972,7 +972,7 @@ class RolesTest extends TestCase
// no comment-delete-all
$this->actingAs($this->user)->deleteComment($comment)->assertStatus(403);
$this->giveUserPermissions($this->user, ['comment-delete-all']);
$this->permissions->grantUserRolePermissions($this->user, ['comment-delete-all']);
// now has comment-delete-all
$this->actingAs($this->user)->deleteComment($comment)->assertOk();

28
tests/Permissions/Scenarios/EntityRolePermissions.php
View File

@ -11,10 +11,9 @@ class EntityRolePermissions extends TestCase
{
public function test_01_explicit_allow()
{
$user = $this->getViewer();
$role = $user->roles->first();
[$user, $role] = $this->users->newUserWithRole();
$page = $this->entities->page();
$this->entities->setPermissions($page, ['view'], [$role], false);
$this->permissions->setEntityPermissions($page, ['view'], [$role], false);
$this->actingAs($user);
$this->assertTrue(userCan('page-view', $page));
@ -23,10 +22,9 @@ class EntityRolePermissions extends TestCase
public function test_02_explicit_deny()
{
$user = $this->getViewer();
$role = $user->roles->first();
[$user, $role] = $this->users->newUserWithRole();
$page = $this->entities->page();
$this->entities->setPermissions($page, ['edit'], [$role], false);
$this->permissions->setEntityPermissions($page, ['edit'], [$role], false);
$this->actingAs($user);
$this->assertFalse(userCan('page-view', $page));
@ -35,18 +33,16 @@ class EntityRolePermissions extends TestCase
public function test_03_same_level_conflicting()
{
$user = $this->getViewer();
$roleA = $user->roles->first();
$roleB = $this->createNewRole();
$user->attachRole($roleB);
[$user, $roleA] = $this->users->newUserWithRole();
$roleB = $this->users->attachRole($user);
$page = $this->entities->page();
// TODO - Can't do this as second call will overwrite first
$this->entities->setPermissions($page, ['edit'], [$roleA], false);
$this->entities->setPermissions($page, ['view'], [$roleB], false);
$this->permissions->disableEntityInheritedPermissions($page);
$this->permissions->addEntityPermission($page, ['update'], $roleA->id);
$this->permissions->addEntityPermission($page, ['view'], $roleB->id);
$this->actingAs($user);
$this->assertFalse(userCan('page-view', $page));
$this->assertNull(Page::visible()->find($page->id));
$this->assertTrue(userCan('page-view', $page));
$this->assertNotNull(Page::visible()->find($page->id));
}
}

2
tests/PublicActionTest.php
View File

@ -173,7 +173,7 @@ class PublicActionTest extends TestCase
{
$this->setSettings(['app-public' => 'true']);
$book = $this->entities->book();
$this->entities->setPermissions($book);
$this->permissions->setEntityPermissions($book);
$resp = $this->get($book->getUrl());
$resp->assertSee('Book not found');

2
tests/References/ReferencesTest.php
View File

@ -91,7 +91,7 @@ class ReferencesTest extends TestCase
$pageB = $this->entities->page();
$this->createReference($pageB, $page);
$this->entities->setPermissions($pageB);
$this->permissions->setEntityPermissions($pageB);
$this->asEditor()->get($page->getUrl('/references'))->assertDontSee($pageB->name);
$this->asAdmin()->get($page->getUrl('/references'))->assertSee($pageB->name);

10
tests/Settings/RecycleBinTest.php
View File

@ -14,7 +14,7 @@ class RecycleBinTest extends TestCase
public function test_recycle_bin_routes_permissions()
{
$page = $this->entities->page();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor)->delete($page->getUrl());
$deletion = Deletion::query()->firstOrFail();
@ -33,7 +33,7 @@ class RecycleBinTest extends TestCase
$this->assertPermissionError($resp);
}
$this->giveUserPermissions($editor, ['restrictions-manage-all']);
$this->permissions->grantUserRolePermissions($editor, ['restrictions-manage-all']);
foreach ($routes as $route) {
[$method, $url] = explode(':', $route);
@ -41,7 +41,7 @@ class RecycleBinTest extends TestCase
$this->assertPermissionError($resp);
}
$this->giveUserPermissions($editor, ['settings-manage']);
$this->permissions->grantUserRolePermissions($editor, ['settings-manage']);
foreach ($routes as $route) {
DB::beginTransaction();
@ -56,7 +56,7 @@ class RecycleBinTest extends TestCase
{
$page = $this->entities->page();
$book = Book::query()->whereHas('pages')->whereHas('chapters')->withCount(['pages', 'chapters'])->first();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor)->delete($page->getUrl());
$this->actingAs($editor)->delete($book->getUrl());
@ -73,7 +73,7 @@ class RecycleBinTest extends TestCase
{
$page = $this->entities->page();
$book = Book::query()->where('id', '!=', $page->book_id)->whereHas('pages')->whereHas('chapters')->with(['pages', 'chapters'])->firstOrFail();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor)->delete($page->getUrl());
$this->actingAs($editor)->delete($book->getUrl());

4
tests/Settings/RegenerateReferencesTest.php
View File

@ -32,11 +32,11 @@ class RegenerateReferencesTest extends TestCase
public function test_settings_manage_permission_required()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->actingAs($editor)->post('/settings/maintenance/regenerate-references');
$this->assertPermissionError($resp);
$this->giveUserPermissions($editor, ['settings-manage']);
$this->permissions->grantUserRolePermissions($editor, ['settings-manage']);
$resp = $this->actingAs($editor)->post('/settings/maintenance/regenerate-references');
$this->assertNotPermissionError($resp);

8
tests/Settings/TestEmailTest.php
View File

@ -20,7 +20,7 @@ class TestEmailTest extends TestCase
public function test_send_test_email_endpoint_sends_email_and_redirects_user_and_shows_notification()
{
Notification::fake();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$sendReq = $this->actingAs($admin)->post('/settings/maintenance/send-test-email');
$sendReq->assertRedirect('/settings/maintenance#image-cleanup');
@ -37,7 +37,7 @@ class TestEmailTest extends TestCase
$exception = new \Exception('A random error occurred when testing an email');
$mockDispatcher->shouldReceive('sendNow')->andThrow($exception);
$admin = $this->getAdmin();
$admin = $this->users->admin();
$sendReq = $this->actingAs($admin)->post('/settings/maintenance/send-test-email');
$sendReq->assertRedirect('/settings/maintenance#image-cleanup');
$this->assertSessionHas('error');
@ -50,12 +50,12 @@ class TestEmailTest extends TestCase
public function test_send_test_email_requires_settings_manage_permission()
{
Notification::fake();
$user = $this->getViewer();
$user = $this->users->viewer();
$sendReq = $this->actingAs($user)->post('/settings/maintenance/send-test-email');
Notification::assertNothingSent();
$this->giveUserPermissions($user, ['settings-manage']);
$this->permissions->grantUserRolePermissions($user, ['settings-manage']);
$sendReq = $this->actingAs($user)->post('/settings/maintenance/send-test-email');
Notification::assertSentTo($user, TestEmail::class);
}

114
tests/TestCase.php
View File

@ -2,11 +2,6 @@
namespace Tests;
use BookStack\Auth\Permissions\JointPermissionBuilder;
use BookStack\Auth\Permissions\PermissionsRepo;
use BookStack\Auth\Permissions\RolePermission;
use BookStack\Auth\Role;
use BookStack\Auth\User;
use BookStack\Entities\Models\Entity;
use BookStack\Settings\SettingService;
use BookStack\Uploads\HttpFetcher;
@ -22,12 +17,15 @@ use Illuminate\Support\Env;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;
use Illuminate\Testing\Assert as PHPUnit;
use Mockery;
use Monolog\Handler\TestHandler;
use Monolog\Logger;
use Psr\Http\Client\ClientInterface;
use Ssddanbrown\AssertHtml\TestsHtml;
use Tests\Helpers\EntityProvider;
use Tests\Helpers\PermissionsProvider;
use Tests\Helpers\TestServiceProvider;
use Tests\Helpers\UserRoleProvider;
abstract class TestCase extends BaseTestCase
{
@ -35,13 +33,16 @@ abstract class TestCase extends BaseTestCase
use DatabaseTransactions;
use TestsHtml;
protected ?User $admin = null;
protected ?User $editor = null;
protected EntityProvider $entities;
protected UserRoleProvider $users;
protected PermissionsProvider $permissions;
protected function setUp(): void
{
$this->entities = new EntityProvider();
$this->users = new UserRoleProvider();
$this->permissions = new PermissionsProvider($this->users);
parent::setUp();
}
@ -70,20 +71,7 @@ abstract class TestCase extends BaseTestCase
*/
public function asAdmin()
{
return $this->actingAs($this->getAdmin());
}
/**
* Get the current admin user.
*/
public function getAdmin(): User
{
if (is_null($this->admin)) {
$adminRole = Role::getSystemRole('admin');
$this->admin = $adminRole->users->first();
}
return $this->admin;
return $this->actingAs($this->users->admin());
}
/**
@ -91,20 +79,7 @@ abstract class TestCase extends BaseTestCase
*/
public function asEditor()
{
return $this->actingAs($this->getEditor());
}
/**
* Get a editor user.
*/
protected function getEditor(): User
{
if ($this->editor === null) {
$editorRole = Role::getRole('editor');
$this->editor = $editorRole->users->first();
}
return $this->editor;
return $this->actingAs($this->users->editor());
}
/**
@ -112,28 +87,7 @@ abstract class TestCase extends BaseTestCase
*/
public function asViewer()
{
return $this->actingAs($this->getViewer());
}
/**
* Get an instance of a user with 'viewer' permissions.
*/
protected function getViewer(array $attributes = []): User
{
$user = Role::getRole('viewer')->users()->first();
if (!empty($attributes)) {
$user->forceFill($attributes)->save();
}
return $user;
}
/**
* Get a user that's not a system user such as the guest user.
*/
public function getNormalUser(): User
{
return User::query()->where('system_name', '=', null)->get()->last();
return $this->actingAs($this->users->viewer());
}
/**
@ -147,52 +101,6 @@ abstract class TestCase extends BaseTestCase
}
}
/**
* Give the given user some permissions.
*/
protected function giveUserPermissions(User $user, array $permissions = []): void
{
$newRole = $this->createNewRole($permissions);
$user->attachRole($newRole);
$user->load('roles');
$user->clearPermissionCache();
}
/**
* Completely remove the given permission name from the given user.
*/
protected function removePermissionFromUser(User $user, string $permissionName)
{
$permissionBuilder = app()->make(JointPermissionBuilder::class);
/** @var RolePermission $permission */
$permission = RolePermission::query()->where('name', '=', $permissionName)->firstOrFail();
$roles = $user->roles()->whereHas('permissions', function ($query) use ($permission) {
$query->where('id', '=', $permission->id);
})->get();
/** @var Role $role */
foreach ($roles as $role) {
$role->detachPermission($permission);
$permissionBuilder->rebuildForRole($role);
}
$user->clearPermissionCache();
}
/**
* Create a new basic role for testing purposes.
*/
protected function createNewRole(array $permissions = []): Role
{
$permissionRepo = app(PermissionsRepo::class);
$roleData = Role::factory()->make()->toArray();
$roleData['permissions'] = array_flip($permissions);
return $permissionRepo->saveNewRole($roleData);
}
/**
* Mock the HttpFetcher service and return the given data on fetch.
*/

2
tests/ThemeTest.php
View File

@ -36,7 +36,7 @@ class ThemeTest extends TestCase
';
file_put_contents($translationPath . '/entities.php', $customTranslations);
$homeRequest = $this->actingAs($this->getViewer())->get('/');
$homeRequest = $this->actingAs($this->users->viewer())->get('/');
$this->withHtml($homeRequest)->assertElementContains('header nav', 'Sandwiches');
});
}

10
tests/Uploads/AttachmentTest.php
View File

@ -75,7 +75,7 @@ class AttachmentTest extends TestCase
{
$page = $this->entities->page();
$this->asAdmin();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$fileName = 'upload_test_file.txt';
$expectedResp = [
@ -137,7 +137,7 @@ class AttachmentTest extends TestCase
public function test_attaching_link_to_page()
{
$page = $this->entities->page();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$this->asAdmin();
$linkReq = $this->call('POST', 'attachments/link', [
@ -245,15 +245,15 @@ class AttachmentTest extends TestCase
public function test_attachment_access_without_permission_shows_404()
{
$admin = $this->getAdmin();
$viewer = $this->getViewer();
$admin = $this->users->admin();
$viewer = $this->users->viewer();
$page = $this->entities->page(); /** @var Page $page */
$this->actingAs($admin);
$fileName = 'permission_test.txt';
$this->uploadFile($fileName, $page->id);
$attachment = Attachment::orderBy('id', 'desc')->take(1)->first();
$this->entities->setPermissions($page, [], []);
$this->permissions->setEntityPermissions($page, [], []);
$this->actingAs($viewer);
$attachmentGet = $this->get($attachment->getUrl());

6
tests/Uploads/DrawioTest.php
View File

@ -30,7 +30,7 @@ class DrawioTest extends TestCase
public function test_drawing_base64_upload()
{
$page = Page::first();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$upload = $this->postJson('images/drawio', [
@ -58,7 +58,7 @@ class DrawioTest extends TestCase
{
config()->set('services.drawio', 'http://cats.com?dog=tree');
$page = Page::first();
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->actingAs($editor)->get($page->getUrl('/edit'));
$resp->assertSee('drawio-url="http://cats.com?dog=tree"', false);
@ -68,7 +68,7 @@ class DrawioTest extends TestCase
{
config()->set('services.drawio', true);
$page = Page::first();
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->actingAs($editor)->get($page->getUrl('/edit'));
$resp->assertSee('drawio-url="https://embed.diagrams.net/?embed=1&amp;proto=json&amp;spin=1&amp;configure=1"', false);

34
tests/Uploads/ImageTest.php
View File

@ -16,7 +16,7 @@ class ImageTest extends TestCase
public function test_image_upload()
{
$page = $this->entities->page();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$this->actingAs($admin);
$imgDetails = $this->uploadGalleryImage($page);
@ -40,7 +40,7 @@ class ImageTest extends TestCase
public function test_image_display_thumbnail_generation_does_not_increase_image_size()
{
$page = $this->entities->page();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$this->actingAs($admin);
$originalFile = $this->getTestImageFilePath('compressed.png');
@ -64,7 +64,7 @@ class ImageTest extends TestCase
public function test_image_display_thumbnail_generation_for_apng_images_uses_original_file()
{
$page = $this->entities->page();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$this->actingAs($admin);
$imgDetails = $this->uploadGalleryImage($page, 'animated.png');
@ -76,7 +76,7 @@ class ImageTest extends TestCase
public function test_image_edit()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$imgDetails = $this->uploadGalleryImage();
@ -126,7 +126,7 @@ class ImageTest extends TestCase
public function test_image_usage()
{
$page = $this->entities->page();
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$imgDetails = $this->uploadGalleryImage($page);
@ -146,7 +146,7 @@ class ImageTest extends TestCase
public function test_php_files_cannot_be_uploaded()
{
$page = $this->entities->page();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$this->actingAs($admin);
$fileName = 'bad.php';
@ -168,7 +168,7 @@ class ImageTest extends TestCase
public function test_php_like_files_cannot_be_uploaded()
{
$page = $this->entities->page();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$this->actingAs($admin);
$fileName = 'bad.phtml';
@ -185,7 +185,7 @@ class ImageTest extends TestCase
public function test_files_with_double_extensions_will_get_sanitized()
{
$page = $this->entities->page();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$this->actingAs($admin);
$fileName = 'bad.phtml.png';
@ -358,7 +358,7 @@ class ImageTest extends TestCase
$this->get($expectedUrl)->assertOk();
$this->entities->setPermissions($page, [], []);
$this->permissions->setEntityPermissions($page, [], []);
$resp = $this->get($expectedUrl);
$resp->assertNotFound();
@ -382,7 +382,7 @@ class ImageTest extends TestCase
$this->get($expectedUrl)->assertOk();
$this->entities->setPermissions($page, [], []);
$this->permissions->setEntityPermissions($page, [], []);
$resp = $this->get($expectedUrl);
$resp->assertNotFound();
@ -415,7 +415,7 @@ class ImageTest extends TestCase
$export = $this->get($pageB->getUrl('/export/html'));
$this->assertStringContainsString($encodedImageContent, $export->getContent());
$this->entities->setPermissions($pageA, [], []);
$this->permissions->setEntityPermissions($pageA, [], []);
$export = $this->get($pageB->getUrl('/export/html'));
$this->assertStringNotContainsString($encodedImageContent, $export->getContent());
@ -479,7 +479,7 @@ class ImageTest extends TestCase
$imageName = 'first-image.png';
$relPath = $this->getTestImagePath('gallery', $imageName);
$this->deleteImage($relPath);
$viewer = $this->getViewer();
$viewer = $this->users->viewer();
$this->uploadImage($imageName, $page->id);
$image = Image::first();
@ -490,7 +490,7 @@ class ImageTest extends TestCase
$resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}");
$this->withHtml($resp)->assertElementNotExists('button#image-manager-delete[title="Delete"]');
$this->giveUserPermissions($viewer, ['image-delete-all']);
$this->permissions->grantUserRolePermissions($viewer, ['image-delete-all']);
$resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}");
$this->withHtml($resp)->assertElementExists('button#image-manager-delete[title="Delete"]');
@ -509,8 +509,8 @@ class ImageTest extends TestCase
public function test_user_image_upload()
{
$editor = $this->getEditor();
$admin = $this->getAdmin();
$editor = $this->users->editor();
$admin = $this->users->admin();
$this->actingAs($admin);
$file = $this->getTestProfileImage();
@ -525,7 +525,7 @@ class ImageTest extends TestCase
public function test_user_images_deleted_on_user_deletion()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$file = $this->getTestProfileImage();
@ -555,7 +555,7 @@ class ImageTest extends TestCase
public function test_deleted_unused_images()
{
$page = $this->entities->page();
$admin = $this->getAdmin();
$admin = $this->users->admin();
$this->actingAs($admin);
$imageName = 'unused-image.png';

30
tests/User/UserApiTokenTest.php
View File

@ -16,12 +16,12 @@ class UserApiTokenTest extends TestCase
public function test_tokens_section_not_visible_without_access_api_permission()
{
$user = $this->getViewer();
$user = $this->users->viewer();
$resp = $this->actingAs($user)->get($user->getEditUrl());
$resp->assertDontSeeText('API Tokens');
$this->giveUserPermissions($user, ['access-api']);
$this->permissions->grantUserRolePermissions($user, ['access-api']);
$resp = $this->actingAs($user)->get($user->getEditUrl());
$resp->assertSeeText('API Tokens');
@ -30,9 +30,9 @@ class UserApiTokenTest extends TestCase
public function test_those_with_manage_users_can_view_other_user_tokens_but_not_create()
{
$viewer = $this->getViewer();
$editor = $this->getEditor();
$this->giveUserPermissions($viewer, ['users-manage']);
$viewer = $this->users->viewer();
$editor = $this->users->editor();
$this->permissions->grantUserRolePermissions($viewer, ['users-manage']);
$resp = $this->actingAs($viewer)->get($editor->getEditUrl());
$resp->assertSeeText('API Tokens');
@ -41,7 +41,7 @@ class UserApiTokenTest extends TestCase
public function test_create_api_token()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->asAdmin()->get($editor->getEditUrl('/create-api-token'));
$resp->assertStatus(200);
@ -74,7 +74,7 @@ class UserApiTokenTest extends TestCase
public function test_create_with_no_expiry_sets_expiry_hundred_years_away()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), ['name' => 'No expiry token', 'expires_at' => '']);
$token = ApiToken::query()->latest()->first();
@ -88,7 +88,7 @@ class UserApiTokenTest extends TestCase
public function test_created_token_displays_on_profile_page()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
$token = ApiToken::query()->latest()->first();
@ -101,7 +101,7 @@ class UserApiTokenTest extends TestCase
public function test_secret_shown_once_after_creation()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->asAdmin()->followingRedirects()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
$resp->assertSeeText('Token Secret');
@ -114,7 +114,7 @@ class UserApiTokenTest extends TestCase
public function test_token_update()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
$token = ApiToken::query()->latest()->first();
$updateData = [
@ -132,7 +132,7 @@ class UserApiTokenTest extends TestCase
public function test_token_update_with_blank_expiry_sets_to_hundred_years_away()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
$token = ApiToken::query()->latest()->first();
@ -152,7 +152,7 @@ class UserApiTokenTest extends TestCase
public function test_token_delete()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->asAdmin()->post($editor->getEditUrl('/create-api-token'), $this->testTokenData);
$token = ApiToken::query()->latest()->first();
@ -171,9 +171,9 @@ class UserApiTokenTest extends TestCase
public function test_user_manage_can_delete_token_without_api_permission_themselves()
{
$viewer = $this->getViewer();
$editor = $this->getEditor();
$this->giveUserPermissions($editor, ['users-manage']);
$viewer = $this->users->viewer();
$editor = $this->users->editor();
$this->permissions->grantUserRolePermissions($editor, ['users-manage']);
$this->asAdmin()->post($viewer->getEditUrl('/create-api-token'), $this->testTokenData);
$token = ApiToken::query()->latest()->first();

16
tests/User/UserManagementTest.php
View File

@ -46,7 +46,7 @@ class UserManagementTest extends TestCase
public function test_user_updating()
{
$user = $this->getNormalUser();
$user = $this->users->viewer();
$password = $user->password;
$resp = $this->asAdmin()->get('/settings/users/' . $user->id);
@ -65,7 +65,7 @@ class UserManagementTest extends TestCase
public function test_user_password_update()
{
$user = $this->getNormalUser();
$user = $this->users->viewer();
$userProfilePage = '/settings/users/' . $user->id;
$this->asAdmin()->get($userProfilePage);
@ -113,7 +113,7 @@ class UserManagementTest extends TestCase
public function test_delete()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->asAdmin()->delete("settings/users/{$editor->id}");
$resp->assertRedirect('/settings/users');
$resp = $this->followRedirects($resp);
@ -126,7 +126,7 @@ class UserManagementTest extends TestCase
public function test_delete_offers_migrate_option()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->asAdmin()->get("settings/users/{$editor->id}/delete");
$resp->assertSee('Migrate Ownership');
$resp->assertSee('new_owner_id');
@ -134,13 +134,13 @@ class UserManagementTest extends TestCase
public function test_migrate_option_hidden_if_user_cannot_manage_users()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$resp = $this->asEditor()->get("settings/users/{$editor->id}/delete");
$resp->assertDontSee('Migrate Ownership');
$resp->assertDontSee('new_owner_id');
$this->giveUserPermissions($editor, ['users-manage']);
$this->permissions->grantUserRolePermissions($editor, ['users-manage']);
$resp = $this->asEditor()->get("settings/users/{$editor->id}/delete");
$resp->assertSee('Migrate Ownership');
@ -162,7 +162,7 @@ class UserManagementTest extends TestCase
public function test_delete_removes_user_preferences()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
setting()->putUser($editor, 'dark-mode-enabled', 'true');
$this->assertDatabaseHas('settings', [
@ -253,7 +253,7 @@ class UserManagementTest extends TestCase
public function test_user_create_update_fails_if_locale_is_invalid()
{
$user = $this->getEditor();
$user = $this->users->editor();
// Too long
$resp = $this->asAdmin()->put($user->getEditUrl(), ['language' => 'this_is_too_long']);

20
tests/User/UserPreferencesTest.php
View File

@ -36,7 +36,7 @@ class UserPreferencesTest extends TestCase
public function test_body_has_shortcuts_component_when_active()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$this->withHtml($this->get('/'))->assertElementNotExists('body[component="shortcuts"]');
@ -47,7 +47,7 @@ class UserPreferencesTest extends TestCase
public function test_update_sort_preference()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$updateRequest = $this->patch('/preferences/change-sort/books', [
@ -70,7 +70,7 @@ class UserPreferencesTest extends TestCase
public function test_update_sort_bad_entity_type_handled()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$updateRequest = $this->patch('/preferences/change-sort/dogs', [
@ -85,7 +85,7 @@ class UserPreferencesTest extends TestCase
public function test_update_expansion_preference()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$this->actingAs($editor);
$updateRequest = $this->patch('/preferences/change-expansion/home-details', ['expand' => 'true']);
@ -103,7 +103,7 @@ class UserPreferencesTest extends TestCase
public function test_toggle_dark_mode()
{
$home = $this->actingAs($this->getEditor())->get('/');
$home = $this->actingAs($this->users->editor())->get('/');
$home->assertSee('Dark Mode');
$this->withHtml($home)->assertElementNotExists('.dark-mode');
@ -112,7 +112,7 @@ class UserPreferencesTest extends TestCase
$prefChange->assertRedirect();
$this->assertEquals(true, setting()->getForCurrentUser('dark-mode-enabled'));
$home = $this->actingAs($this->getEditor())->get('/');
$home = $this->actingAs($this->users->editor())->get('/');
$this->withHtml($home)->assertElementExists('.dark-mode');
$home->assertDontSee('Dark Mode');
$home->assertSee('Light Mode');
@ -133,7 +133,7 @@ class UserPreferencesTest extends TestCase
public function test_books_view_type_preferences_when_list()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
setting()->putUser($editor, 'books_view_type', 'list');
$resp = $this->actingAs($editor)->get('/books');
@ -144,7 +144,7 @@ class UserPreferencesTest extends TestCase
public function test_books_view_type_preferences_when_grid()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
setting()->putUser($editor, 'books_view_type', 'grid');
$resp = $this->actingAs($editor)->get('/books');
@ -153,7 +153,7 @@ class UserPreferencesTest extends TestCase
public function test_shelf_view_type_change()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$shelf = $this->entities->shelf();
setting()->putUser($editor, 'bookshelf_view_type', 'list');
@ -175,7 +175,7 @@ class UserPreferencesTest extends TestCase
public function test_update_code_language_favourite()
{
$editor = $this->getEditor();
$editor = $this->users->editor();
$page = $this->entities->page();
$this->actingAs($editor);

4
tests/User/UserProfileTest.php
View File

@ -88,8 +88,8 @@ class UserProfileTest extends TestCase
public function test_profile_has_search_links_in_created_entity_lists()
{
$user = $this->getEditor();
$resp = $this->actingAs($this->getAdmin())->get('/user/' . $user->slug);
$user = $this->users->editor();
$resp = $this->actingAs($this->users->admin())->get('/user/' . $user->slug);
$expectedLinks = [
'/search?term=%7Bcreated_by%3A' . $user->slug . '%7D+%7Btype%3Apage%7D',

14
tests/User/UserSearchTest.php
View File

@ -9,8 +9,8 @@ class UserSearchTest extends TestCase
{
public function test_select_search_matches_by_name()
{
$viewer = $this->getViewer();
$admin = $this->getAdmin();
$viewer = $this->users->viewer();
$admin = $this->users->admin();
$resp = $this->actingAs($admin)->get('/search/users/select?search=' . urlencode($viewer->name));
$resp->assertOk();
@ -30,8 +30,8 @@ class UserSearchTest extends TestCase
public function test_select_search_does_not_match_by_email()
{
$viewer = $this->getViewer();
$editor = $this->getEditor();
$viewer = $this->users->viewer();
$editor = $this->users->editor();
$resp = $this->actingAs($editor)->get('/search/users/select?search=' . urlencode($viewer->email));
$resp->assertDontSee($viewer->name);
@ -40,13 +40,13 @@ class UserSearchTest extends TestCase
public function test_select_requires_right_permission()
{
$permissions = ['users-manage', 'restrictions-manage-own', 'restrictions-manage-all'];
$user = $this->getViewer();
$user = $this->users->viewer();
foreach ($permissions as $permission) {
$resp = $this->actingAs($user)->get('/search/users/select?search=a');
$this->assertPermissionError($resp);
$this->giveUserPermissions($user, [$permission]);
$this->permissions->grantUserRolePermissions($user, [$permission]);
$resp = $this->actingAs($user)->get('/search/users/select?search=a');
$resp->assertOk();
$user->roles()->delete();
@ -58,7 +58,7 @@ class UserSearchTest extends TestCase
{
$this->setSettings(['app-public' => true]);
$defaultUser = User::getDefault();
$this->giveUserPermissions($defaultUser, ['users-manage']);
$this->permissions->grantUserRolePermissions($defaultUser, ['users-manage']);
$resp = $this->get('/search/users/select?search=a');
$this->assertPermissionError($resp);