diff --git a/app/Http/Controllers/PageController.php b/app/Http/Controllers/PageController.php index f4cbd33ea..c2d8e257c 100644 --- a/app/Http/Controllers/PageController.php +++ b/app/Http/Controllers/PageController.php @@ -106,7 +106,13 @@ class PageController extends Controller $this->checkOwnablePermission('page-create', $book); $this->setPageTitle('Edit Page Draft'); - return view('pages/edit', ['page' => $draft, 'book' => $book, 'isDraft' => true]); + $draftsEnabled = $this->signedIn; + return view('pages/edit', [ + 'page' => $draft, + 'book' => $book, + 'isDraft' => true, + 'draftsEnabled' => $draftsEnabled + ]); } /** diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 51c5d25bb..18ef1a671 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -187,7 +187,7 @@ class UserController extends Controller /** * Show the user delete page. - * @param $id + * @param int $id * @return \Illuminate\View\View */ public function delete($id) @@ -220,6 +220,11 @@ class UserController extends Controller return redirect($user->getEditUrl()); } + if ($user->system_name === 'public') { + session()->flash('error', 'You cannot delete the guest user'); + return redirect($user->getEditUrl()); + } + $this->userRepo->destroy($user); session()->flash('success', 'User successfully removed'); diff --git a/app/Role.php b/app/Role.php index 8d0a79e75..bf9685ee2 100644 --- a/app/Role.php +++ b/app/Role.php @@ -66,7 +66,7 @@ class Role extends Model /** * Get the role object for the specified role. * @param $roleName - * @return mixed + * @return Role */ public static function getRole($roleName) { @@ -76,7 +76,7 @@ class Role extends Model /** * Get the role object for the specified system role. * @param $roleName - * @return mixed + * @return Role */ public static function getSystemRole($roleName) { diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index d06ec09bc..6cbbdb7f7 100644 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -15,7 +15,9 @@

- id}/delete") }}" class="neg button float right">Delete User + @if($authMethod !== 'system') + id}/delete") }}" class="neg button float right">Delete User + @endif
diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php index 0affff799..08d5ef8ad 100644 --- a/tests/Auth/AuthTest.php +++ b/tests/Auth/AuthTest.php @@ -146,7 +146,7 @@ class AuthTest extends TestCase public function test_user_updating() { - $user = \BookStack\User::all()->last(); + $user = $this->getNormalUser(); $password = $user->password; $this->asAdmin() ->visit('/settings/users') @@ -162,7 +162,7 @@ class AuthTest extends TestCase public function test_user_password_update() { - $user = \BookStack\User::all()->last(); + $user = $this->getNormalUser(); $userProfilePage = '/settings/users/' . $user->id; $this->asAdmin() ->visit($userProfilePage) diff --git a/tests/Auth/LdapTest.php b/tests/Auth/LdapTest.php index 76fbc662a..9573321fb 100644 --- a/tests/Auth/LdapTest.php +++ b/tests/Auth/LdapTest.php @@ -108,7 +108,7 @@ class LdapTest extends \TestCase public function test_user_edit_form() { - $editUser = User::all()->last(); + $editUser = $this->getNormalUser(); $this->asAdmin()->visit('/settings/users/' . $editUser->id) ->see('Edit User') ->dontSee('Password') @@ -126,7 +126,7 @@ class LdapTest extends \TestCase public function test_non_admins_cannot_change_auth_id() { - $testUser = User::all()->last(); + $testUser = $this->getNormalUser(); $this->actingAs($testUser)->visit('/settings/users/' . $testUser->id) ->dontSee('External Authentication'); } diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php index b64f40dc6..7a0515fd9 100644 --- a/tests/Permissions/RolesTest.php +++ b/tests/Permissions/RolesTest.php @@ -544,27 +544,38 @@ class RolesTest extends TestCase ->dontSeeInElement('.book-content', $otherPage->name); } - public function test_public_role_not_visible_in_user_edit_screen() + public function test_public_role_visible_in_user_edit_screen() { $user = \BookStack\User::first(); $this->asAdmin()->visit('/settings/users/' . $user->id) ->seeElement('#roles-admin') - ->dontSeeElement('#roles-public'); + ->seeElement('#roles-public'); } - public function test_public_role_not_visible_in_role_listing() + public function test_public_role_visible_in_role_listing() { $this->asAdmin()->visit('/settings/roles') ->see('Admin') - ->dontSee('Public'); + ->see('Public'); } - public function test_public_role_not_visible_in_default_role_setting() + public function test_public_role_visible_in_default_role_setting() { $this->asAdmin()->visit('/settings') ->seeElement('[data-role-name="admin"]') - ->dontSeeElement('[data-role-name="public"]'); + ->seeElement('[data-role-name="public"]'); } + public function test_public_role_not_deleteable() + { + $this->asAdmin()->visit('/settings/roles') + ->click('Public') + ->see('Edit Role') + ->click('Delete Role') + ->press('Confirm') + ->see('Delete Role') + ->see('Cannot be deleted'); + } + } diff --git a/tests/PublicActionTest.php b/tests/PublicActionTest.php new file mode 100644 index 000000000..685146423 --- /dev/null +++ b/tests/PublicActionTest.php @@ -0,0 +1,83 @@ +setSettings(['app-public' => 'false']); + $book = \BookStack\Book::orderBy('name', 'asc')->first(); + $this->visit('/books')->seePageIs('/login'); + $this->visit($book->getUrl())->seePageIs('/login'); + + $page = \BookStack\Page::first(); + $this->visit($page->getUrl())->seePageIs('/login'); + } + + public function test_books_viewable() + { + $this->setSettings(['app-public' => 'true']); + $books = \BookStack\Book::orderBy('name', 'asc')->take(10)->get(); + $bookToVisit = $books[1]; + + // Check books index page is showing + $this->visit('/books') + ->seeStatusCode(200) + ->see($books[0]->name) + // Check individual book page is showing and it's child contents are visible. + ->click($bookToVisit->name) + ->seePageIs($bookToVisit->getUrl()) + ->see($bookToVisit->name) + ->see($bookToVisit->chapters()->first()->name); + } + + public function test_chapters_viewable() + { + $this->setSettings(['app-public' => 'true']); + $chapterToVisit = \BookStack\Chapter::first(); + $pageToVisit = $chapterToVisit->pages()->first(); + + // Check chapters index page is showing + $this->visit($chapterToVisit->getUrl()) + ->seeStatusCode(200) + ->see($chapterToVisit->name) + // Check individual chapter page is showing and it's child contents are visible. + ->see($pageToVisit->name) + ->click($pageToVisit->name) + ->see($chapterToVisit->book->name) + ->see($chapterToVisit->name) + ->seePageIs($pageToVisit->getUrl()); + } + + public function test_public_page_creation() + { + $this->setSettings(['app-public' => 'true']); + $publicRole = \BookStack\Role::getSystemRole('public'); + // Grant all permissions to public + $publicRole->permissions()->detach(); + foreach (\BookStack\RolePermission::all() as $perm) { + $publicRole->attachPermission($perm); + } + $this->app[\BookStack\Services\PermissionService::class]->buildJointPermissionForRole($publicRole); + + $chapter = \BookStack\Chapter::first(); + $this->visit($chapter->book->getUrl()); + $this->visit($chapter->getUrl()) + ->click('New Page') + ->see('Create Page') + ->seePageIs($chapter->getUrl('/create-page')); + + $this->submitForm('Continue', [ + 'name' => 'My guest page' + ])->seePageIs($chapter->book->getUrl('/page/my-guest-page/edit')); + + $user = \BookStack\User::getDefault(); + $this->seeInDatabase('pages', [ + 'name' => 'My guest page', + 'chapter_id' => $chapter->id, + 'created_by' => $user->id, + 'updated_by' => $user->id + ]); + } + +} \ No newline at end of file diff --git a/tests/PublicViewTest.php b/tests/PublicViewTest.php deleted file mode 100644 index 58e39dfd9..000000000 --- a/tests/PublicViewTest.php +++ /dev/null @@ -1,41 +0,0 @@ -setSettings(['app-public' => 'true']); - $books = \BookStack\Book::orderBy('name', 'asc')->take(10)->get(); - $bookToVisit = $books[1]; - - // Check books index page is showing - $this->visit('/books') - ->seeStatusCode(200) - ->see($books[0]->name) - // Check individual book page is showing and it's child contents are visible. - ->click($bookToVisit->name) - ->seePageIs($bookToVisit->getUrl()) - ->see($bookToVisit->name) - ->see($bookToVisit->chapters()->first()->name); - } - - public function test_chapters_viewable() - { - $this->setSettings(['app-public' => 'true']); - $chapterToVisit = \BookStack\Chapter::first(); - $pageToVisit = $chapterToVisit->pages()->first(); - - // Check chapters index page is showing - $this->visit($chapterToVisit->getUrl()) - ->seeStatusCode(200) - ->see($chapterToVisit->name) - // Check individual chapter page is showing and it's child contents are visible. - ->see($pageToVisit->name) - ->click($pageToVisit->name) - ->see($chapterToVisit->book->name) - ->see($chapterToVisit->name) - ->seePageIs($pageToVisit->getUrl()); - } - -} \ No newline at end of file diff --git a/tests/TestCase.php b/tests/TestCase.php index 6a8c2d732..d3620eae0 100644 --- a/tests/TestCase.php +++ b/tests/TestCase.php @@ -66,6 +66,14 @@ class TestCase extends Illuminate\Foundation\Testing\TestCase return $this->actingAs($this->editor); } + /** + * Get a user that's not a system user such as the guest user. + */ + public function getNormalUser() + { + return \BookStack\User::where('system_name', '=', null)->get()->last(); + } + /** * Quickly sets an array of settings. * @param $settingsArray diff --git a/tests/UserProfileTest.php b/tests/UserProfileTest.php index 40ae004e9..9543adc1d 100644 --- a/tests/UserProfileTest.php +++ b/tests/UserProfileTest.php @@ -76,5 +76,23 @@ class UserProfileTest extends TestCase ->seePageIs('/user/' . $newUser->id) ->see($newUser->name); } + + public function test_guest_profile_shows_limited_form() + { + $this->asAdmin() + ->visit('/settings/users') + ->click('Guest') + ->dontSeeElement('#password'); + } + + public function test_guest_profile_cannot_be_deleted() + { + $guestUser = \BookStack\User::getDefault(); + $this->asAdmin()->visit('/settings/users/' . $guestUser->id . '/delete') + ->see('Delete User')->see('Guest') + ->press('Confirm') + ->seePageIs('/settings/users/' . $guestUser->id) + ->see('cannot delete the guest user'); + } }