Added proper entity permission removal on role deletion

Added test to cover.
2025-01-31 20:21:36 +01:00 · 2022-10-07 13:12:33 +01:00 · 2022-10-07 13:12:33 +01:00 · 1df9ec9647
commit 1df9ec9647
parent a03245e427
3 changed files with 33 additions and 0 deletions
--- a/app/Auth/Permissions/PermissionsRepo.php
+++ b/app/Auth/Permissions/PermissionsRepo.php
@ -139,6 +139,7 @@ class PermissionsRepo
            }
        }

+        $role->entityPermissions()->delete();
        $role->jointPermissions()->delete();
        Activity::add(ActivityType::ROLE_DELETE, $role);
        $role->delete();
--- a/app/Auth/Role.php
+++ b/app/Auth/Role.php
@ -2,6 +2,7 @@

 namespace BookStack\Auth;

+use BookStack\Auth\Permissions\EntityPermission;
 use BookStack\Auth\Permissions\JointPermission;
 use BookStack\Auth\Permissions\RolePermission;
 use BookStack\Interfaces\Loggable;
@ -54,6 +55,14 @@ class Role extends Model implements Loggable
        return $this->belongsToMany(RolePermission::class, 'permission_role', 'role_id', 'permission_id');
    }

+    /**
+     * Get the entity permissions assigned to this role.
+     */
+    public function entityPermissions(): HasMany
+    {
+        return $this->hasMany(EntityPermission::class);
+    }
+
    /**
     * Check if this role has a permission.
     */
--- a/tests/Permissions/RolesTest.php
+++ b/tests/Permissions/RolesTest.php
@ -163,6 +163,29 @@ class RolesTest extends TestCase
        $this->assertEquals($this->user->id, $roleA->users()->first()->id);
    }

+    public function test_entity_permissions_are_removed_on_delete()
+    {
+        /** @var Role $roleA */
+        $roleA = Role::query()->create(['display_name' => 'Entity Permissions Delete Test']);
+        $page = $this->entities->page();
+
+        $this->entities->setPermissions($page, ['view'], [$roleA]);
+
+        $this->assertDatabaseHas('entity_permissions', [
+            'role_id' => $roleA->id,
+            'restrictable_id' => $page->id,
+            'restrictable_type' => $page->getMorphClass(),
+        ]);
+
+        $this->asAdmin()->delete("/settings/roles/delete/$roleA->id");
+
+        $this->assertDatabaseMissing('entity_permissions', [
+            'role_id' => $roleA->id,
+            'restrictable_id' => $page->id,
+            'restrictable_type' => $page->getMorphClass(),
+        ]);
+    }
+
    public function test_image_view_notice_shown_on_role_form()
    {
        /** @var Role $role */