diff --git a/app/Http/Controllers/PageController.php b/app/Http/Controllers/PageController.php
index f4cbd33ea..c2d8e257c 100644
--- a/app/Http/Controllers/PageController.php
+++ b/app/Http/Controllers/PageController.php
@@ -106,7 +106,13 @@ class PageController extends Controller
$this->checkOwnablePermission('page-create', $book);
$this->setPageTitle('Edit Page Draft');
- return view('pages/edit', ['page' => $draft, 'book' => $book, 'isDraft' => true]);
+ $draftsEnabled = $this->signedIn;
+ return view('pages/edit', [
+ 'page' => $draft,
+ 'book' => $book,
+ 'isDraft' => true,
+ 'draftsEnabled' => $draftsEnabled
+ ]);
}
/**
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 51c5d25bb..18ef1a671 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -187,7 +187,7 @@ class UserController extends Controller
/**
* Show the user delete page.
- * @param $id
+ * @param int $id
* @return \Illuminate\View\View
*/
public function delete($id)
@@ -220,6 +220,11 @@ class UserController extends Controller
return redirect($user->getEditUrl());
}
+ if ($user->system_name === 'public') {
+ session()->flash('error', 'You cannot delete the guest user');
+ return redirect($user->getEditUrl());
+ }
+
$this->userRepo->destroy($user);
session()->flash('success', 'User successfully removed');
diff --git a/app/Role.php b/app/Role.php
index 8d0a79e75..bf9685ee2 100644
--- a/app/Role.php
+++ b/app/Role.php
@@ -66,7 +66,7 @@ class Role extends Model
/**
* Get the role object for the specified role.
* @param $roleName
- * @return mixed
+ * @return Role
*/
public static function getRole($roleName)
{
@@ -76,7 +76,7 @@ class Role extends Model
/**
* Get the role object for the specified system role.
* @param $roleName
- * @return mixed
+ * @return Role
*/
public static function getSystemRole($roleName)
{
diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php
index d06ec09bc..6cbbdb7f7 100644
--- a/resources/views/users/edit.blade.php
+++ b/resources/views/users/edit.blade.php
@@ -15,7 +15,9 @@
diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php
index 0affff799..08d5ef8ad 100644
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@@ -146,7 +146,7 @@ class AuthTest extends TestCase
public function test_user_updating()
{
- $user = \BookStack\User::all()->last();
+ $user = $this->getNormalUser();
$password = $user->password;
$this->asAdmin()
->visit('/settings/users')
@@ -162,7 +162,7 @@ class AuthTest extends TestCase
public function test_user_password_update()
{
- $user = \BookStack\User::all()->last();
+ $user = $this->getNormalUser();
$userProfilePage = '/settings/users/' . $user->id;
$this->asAdmin()
->visit($userProfilePage)
diff --git a/tests/Auth/LdapTest.php b/tests/Auth/LdapTest.php
index 76fbc662a..9573321fb 100644
--- a/tests/Auth/LdapTest.php
+++ b/tests/Auth/LdapTest.php
@@ -108,7 +108,7 @@ class LdapTest extends \TestCase
public function test_user_edit_form()
{
- $editUser = User::all()->last();
+ $editUser = $this->getNormalUser();
$this->asAdmin()->visit('/settings/users/' . $editUser->id)
->see('Edit User')
->dontSee('Password')
@@ -126,7 +126,7 @@ class LdapTest extends \TestCase
public function test_non_admins_cannot_change_auth_id()
{
- $testUser = User::all()->last();
+ $testUser = $this->getNormalUser();
$this->actingAs($testUser)->visit('/settings/users/' . $testUser->id)
->dontSee('External Authentication');
}
diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php
index b64f40dc6..7a0515fd9 100644
--- a/tests/Permissions/RolesTest.php
+++ b/tests/Permissions/RolesTest.php
@@ -544,27 +544,38 @@ class RolesTest extends TestCase
->dontSeeInElement('.book-content', $otherPage->name);
}
- public function test_public_role_not_visible_in_user_edit_screen()
+ public function test_public_role_visible_in_user_edit_screen()
{
$user = \BookStack\User::first();
$this->asAdmin()->visit('/settings/users/' . $user->id)
->seeElement('#roles-admin')
- ->dontSeeElement('#roles-public');
+ ->seeElement('#roles-public');
}
- public function test_public_role_not_visible_in_role_listing()
+ public function test_public_role_visible_in_role_listing()
{
$this->asAdmin()->visit('/settings/roles')
->see('Admin')
- ->dontSee('Public');
+ ->see('Public');
}
- public function test_public_role_not_visible_in_default_role_setting()
+ public function test_public_role_visible_in_default_role_setting()
{
$this->asAdmin()->visit('/settings')
->seeElement('[data-role-name="admin"]')
- ->dontSeeElement('[data-role-name="public"]');
+ ->seeElement('[data-role-name="public"]');
}
+ public function test_public_role_not_deleteable()
+ {
+ $this->asAdmin()->visit('/settings/roles')
+ ->click('Public')
+ ->see('Edit Role')
+ ->click('Delete Role')
+ ->press('Confirm')
+ ->see('Delete Role')
+ ->see('Cannot be deleted');
+ }
+
}
diff --git a/tests/PublicActionTest.php b/tests/PublicActionTest.php
new file mode 100644
index 000000000..685146423
--- /dev/null
+++ b/tests/PublicActionTest.php
@@ -0,0 +1,83 @@
+setSettings(['app-public' => 'false']);
+ $book = \BookStack\Book::orderBy('name', 'asc')->first();
+ $this->visit('/books')->seePageIs('/login');
+ $this->visit($book->getUrl())->seePageIs('/login');
+
+ $page = \BookStack\Page::first();
+ $this->visit($page->getUrl())->seePageIs('/login');
+ }
+
+ public function test_books_viewable()
+ {
+ $this->setSettings(['app-public' => 'true']);
+ $books = \BookStack\Book::orderBy('name', 'asc')->take(10)->get();
+ $bookToVisit = $books[1];
+
+ // Check books index page is showing
+ $this->visit('/books')
+ ->seeStatusCode(200)
+ ->see($books[0]->name)
+ // Check individual book page is showing and it's child contents are visible.
+ ->click($bookToVisit->name)
+ ->seePageIs($bookToVisit->getUrl())
+ ->see($bookToVisit->name)
+ ->see($bookToVisit->chapters()->first()->name);
+ }
+
+ public function test_chapters_viewable()
+ {
+ $this->setSettings(['app-public' => 'true']);
+ $chapterToVisit = \BookStack\Chapter::first();
+ $pageToVisit = $chapterToVisit->pages()->first();
+
+ // Check chapters index page is showing
+ $this->visit($chapterToVisit->getUrl())
+ ->seeStatusCode(200)
+ ->see($chapterToVisit->name)
+ // Check individual chapter page is showing and it's child contents are visible.
+ ->see($pageToVisit->name)
+ ->click($pageToVisit->name)
+ ->see($chapterToVisit->book->name)
+ ->see($chapterToVisit->name)
+ ->seePageIs($pageToVisit->getUrl());
+ }
+
+ public function test_public_page_creation()
+ {
+ $this->setSettings(['app-public' => 'true']);
+ $publicRole = \BookStack\Role::getSystemRole('public');
+ // Grant all permissions to public
+ $publicRole->permissions()->detach();
+ foreach (\BookStack\RolePermission::all() as $perm) {
+ $publicRole->attachPermission($perm);
+ }
+ $this->app[\BookStack\Services\PermissionService::class]->buildJointPermissionForRole($publicRole);
+
+ $chapter = \BookStack\Chapter::first();
+ $this->visit($chapter->book->getUrl());
+ $this->visit($chapter->getUrl())
+ ->click('New Page')
+ ->see('Create Page')
+ ->seePageIs($chapter->getUrl('/create-page'));
+
+ $this->submitForm('Continue', [
+ 'name' => 'My guest page'
+ ])->seePageIs($chapter->book->getUrl('/page/my-guest-page/edit'));
+
+ $user = \BookStack\User::getDefault();
+ $this->seeInDatabase('pages', [
+ 'name' => 'My guest page',
+ 'chapter_id' => $chapter->id,
+ 'created_by' => $user->id,
+ 'updated_by' => $user->id
+ ]);
+ }
+
+}
\ No newline at end of file
diff --git a/tests/PublicViewTest.php b/tests/PublicViewTest.php
deleted file mode 100644
index 58e39dfd9..000000000
--- a/tests/PublicViewTest.php
+++ /dev/null
@@ -1,41 +0,0 @@
-setSettings(['app-public' => 'true']);
- $books = \BookStack\Book::orderBy('name', 'asc')->take(10)->get();
- $bookToVisit = $books[1];
-
- // Check books index page is showing
- $this->visit('/books')
- ->seeStatusCode(200)
- ->see($books[0]->name)
- // Check individual book page is showing and it's child contents are visible.
- ->click($bookToVisit->name)
- ->seePageIs($bookToVisit->getUrl())
- ->see($bookToVisit->name)
- ->see($bookToVisit->chapters()->first()->name);
- }
-
- public function test_chapters_viewable()
- {
- $this->setSettings(['app-public' => 'true']);
- $chapterToVisit = \BookStack\Chapter::first();
- $pageToVisit = $chapterToVisit->pages()->first();
-
- // Check chapters index page is showing
- $this->visit($chapterToVisit->getUrl())
- ->seeStatusCode(200)
- ->see($chapterToVisit->name)
- // Check individual chapter page is showing and it's child contents are visible.
- ->see($pageToVisit->name)
- ->click($pageToVisit->name)
- ->see($chapterToVisit->book->name)
- ->see($chapterToVisit->name)
- ->seePageIs($pageToVisit->getUrl());
- }
-
-}
\ No newline at end of file
diff --git a/tests/TestCase.php b/tests/TestCase.php
index 6a8c2d732..d3620eae0 100644
--- a/tests/TestCase.php
+++ b/tests/TestCase.php
@@ -66,6 +66,14 @@ class TestCase extends Illuminate\Foundation\Testing\TestCase
return $this->actingAs($this->editor);
}
+ /**
+ * Get a user that's not a system user such as the guest user.
+ */
+ public function getNormalUser()
+ {
+ return \BookStack\User::where('system_name', '=', null)->get()->last();
+ }
+
/**
* Quickly sets an array of settings.
* @param $settingsArray
diff --git a/tests/UserProfileTest.php b/tests/UserProfileTest.php
index 40ae004e9..9543adc1d 100644
--- a/tests/UserProfileTest.php
+++ b/tests/UserProfileTest.php
@@ -76,5 +76,23 @@ class UserProfileTest extends TestCase
->seePageIs('/user/' . $newUser->id)
->see($newUser->name);
}
+
+ public function test_guest_profile_shows_limited_form()
+ {
+ $this->asAdmin()
+ ->visit('/settings/users')
+ ->click('Guest')
+ ->dontSeeElement('#password');
+ }
+
+ public function test_guest_profile_cannot_be_deleted()
+ {
+ $guestUser = \BookStack\User::getDefault();
+ $this->asAdmin()->visit('/settings/users/' . $guestUser->id . '/delete')
+ ->see('Delete User')->see('Guest')
+ ->press('Confirm')
+ ->seePageIs('/settings/users/' . $guestUser->id)
+ ->see('cannot delete the guest user');
+ }
}