Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-01-31 12:11:37 +01:00
Code Issues Releases Wiki Activity

Merge bugfixes from branch 'v0.8'

Browse Source
This commit is contained in:
Dan Brown 2016-03-30 21:49:25 +01:00
commit e9b596d3bc
17 changed files with 211 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/Http/routes.php
View File

@ -19,8 +19,8 @@ Route::group(['middleware' => 'auth'], function () {
Route::delete('/{id}', 'BookController@destroy'); Route::delete('/{id}', 'BookController@destroy');
Route::get('/{slug}/sort-item', 'BookController@getSortItem'); Route::get('/{slug}/sort-item', 'BookController@getSortItem');
Route::get('/{slug}', 'BookController@show'); Route::get('/{slug}', 'BookController@show');
Route::get('/{bookSlug}/restrict', 'BookController@showRestrict'); Route::get('/{bookSlug}/permissions', 'BookController@showRestrict');
Route::put('/{bookSlug}/restrict', 'BookController@restrict'); Route::put('/{bookSlug}/permissions', 'BookController@restrict');
Route::get('/{slug}/delete', 'BookController@showDelete'); Route::get('/{slug}/delete', 'BookController@showDelete');
Route::get('/{bookSlug}/sort', 'BookController@sort'); Route::get('/{bookSlug}/sort', 'BookController@sort');
Route::put('/{bookSlug}/sort', 'BookController@saveSort'); Route::put('/{bookSlug}/sort', 'BookController@saveSort');
@ -36,8 +36,8 @@ Route::group(['middleware' => 'auth'], function () {
Route::get('/{bookSlug}/page/{pageSlug}/edit', 'PageController@edit'); Route::get('/{bookSlug}/page/{pageSlug}/edit', 'PageController@edit');
Route::get('/{bookSlug}/page/{pageSlug}/delete', 'PageController@showDelete'); Route::get('/{bookSlug}/page/{pageSlug}/delete', 'PageController@showDelete');
Route::get('/{bookSlug}/draft/{pageId}/delete', 'PageController@showDeleteDraft'); Route::get('/{bookSlug}/draft/{pageId}/delete', 'PageController@showDeleteDraft');
Route::get('/{bookSlug}/page/{pageSlug}/restrict', 'PageController@showRestrict'); Route::get('/{bookSlug}/page/{pageSlug}/permissions', 'PageController@showRestrict');
Route::put('/{bookSlug}/page/{pageSlug}/restrict', 'PageController@restrict'); Route::put('/{bookSlug}/page/{pageSlug}/permissions', 'PageController@restrict');
Route::put('/{bookSlug}/page/{pageSlug}', 'PageController@update'); Route::put('/{bookSlug}/page/{pageSlug}', 'PageController@update');
Route::delete('/{bookSlug}/page/{pageSlug}', 'PageController@destroy'); Route::delete('/{bookSlug}/page/{pageSlug}', 'PageController@destroy');
Route::delete('/{bookSlug}/draft/{pageId}', 'PageController@destroyDraft'); Route::delete('/{bookSlug}/draft/{pageId}', 'PageController@destroyDraft');
@ -54,8 +54,8 @@ Route::group(['middleware' => 'auth'], function () {
Route::get('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@show'); Route::get('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@show');
Route::put('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@update'); Route::put('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@update');
Route::get('/{bookSlug}/chapter/{chapterSlug}/edit', 'ChapterController@edit'); Route::get('/{bookSlug}/chapter/{chapterSlug}/edit', 'ChapterController@edit');
Route::get('/{bookSlug}/chapter/{chapterSlug}/restrict', 'ChapterController@showRestrict'); Route::get('/{bookSlug}/chapter/{chapterSlug}/permissions', 'ChapterController@showRestrict');
Route::put('/{bookSlug}/chapter/{chapterSlug}/restrict', 'ChapterController@restrict'); Route::put('/{bookSlug}/chapter/{chapterSlug}/permissions', 'ChapterController@restrict');
Route::get('/{bookSlug}/chapter/{chapterSlug}/delete', 'ChapterController@showDelete'); Route::get('/{bookSlug}/chapter/{chapterSlug}/delete', 'ChapterController@showDelete');
Route::delete('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@destroy'); Route::delete('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@destroy');

19
app/Services/RestrictionService.php
View File

@ -41,6 +41,25 @@ class RestrictionService
return false; return false;
} }
/**
* Check if an entity has restrictions set on itself or its
* parent tree.
* @param Entity $entity
* @param $action
* @return bool|mixed
*/
public function checkIfRestrictionsSet(Entity $entity, $action)
{
$this->currentAction = $action;
if ($entity->isA('page')) {
return $entity->restricted || ($entity->chapter && $entity->chapter->restricted) || $entity->book->restricted;
} elseif ($entity->isA('chapter')) {
return $entity->restricted || $entity->book->restricted;
} elseif ($entity->isA('book')) {
return $entity->restricted;
}
}
/** /**
* Add restrictions for a page query * Add restrictions for a page query
* @param $query * @param $query

15
app/User.php
View File

@ -162,4 +162,19 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
{ {
return '/settings/users/' . $this->id; return '/settings/users/' . $this->id;
} }
/**
* Get a shortened version of the user's name.
* @param int $chars
* @return string
*/
public function getShortName($chars = 8)
{
if (strlen($this->name) <= $chars) return $this->name;
$splitName = explode(' ', $this->name);
if (strlen($splitName[0]) <= $chars) return $splitName[0];
return '';
}
} }

5
app/helpers.php
View File

@ -52,12 +52,13 @@ function userCan($permission, \BookStack\Ownable $ownable = null)
if (!$ownable instanceof \BookStack\Entity) return $hasPermission; if (!$ownable instanceof \BookStack\Entity) return $hasPermission;
// Check restrictions on the entitiy // Check restrictions on the entity
$restrictionService = app('BookStack\Services\RestrictionService'); $restrictionService = app('BookStack\Services\RestrictionService');
$explodedPermission = explode('-', $permission); $explodedPermission = explode('-', $permission);
$action = end($explodedPermission); $action = end($explodedPermission);
$hasAccess = $restrictionService->checkIfEntityRestricted($ownable, $action); $hasAccess = $restrictionService->checkIfEntityRestricted($ownable, $action);
return $hasAccess && $hasPermission; $restrictionsSet = $restrictionService->checkIfRestrictionsSet($ownable, $action);
return ($hasAccess && $restrictionsSet) || (!$restrictionsSet && $hasPermission);
} }
/** /**

8
resources/assets/sass/_header.scss
View File

@ -56,18 +56,14 @@ header {
padding-top: $-xxs; padding-top: $-xxs;
} }
> i { > i {
padding-top: $-xs*1.2; padding-top: 4px;
font-size: 18px;
} }
@include smaller-than($screen-md) { @include smaller-than($screen-md) {
padding-left: $-xs; padding-left: $-xs;
.name { .name {
display: none; display: none;
} }
i {
font-size: 2em;
padding-left: 0;
padding-top: 0;
}
} }
} }
@include smaller-than($screen-md) { @include smaller-than($screen-md) {

2
resources/views/base.blade.php
View File

@ -56,7 +56,7 @@
<div class="dropdown-container" dropdown> <div class="dropdown-container" dropdown>
<span class="user-name" dropdown-toggle> <span class="user-name" dropdown-toggle>
<img class="avatar" src="{{$currentUser->getAvatar(30)}}" alt="{{ $currentUser->name }}"> <img class="avatar" src="{{$currentUser->getAvatar(30)}}" alt="{{ $currentUser->name }}">
<span class="name" ng-non-bindable>{{ $currentUser->name }}</span> <i class="zmdi zmdi-caret-down"></i> <span class="name" ng-non-bindable>{{ $currentUser->getShortName(9) }}</span> <i class="zmdi zmdi-caret-down"></i>
</span> </span>
<ul> <ul>
<li> <li>

2
resources/views/books/restrictions.blade.php
View File

@ -16,7 +16,7 @@
<div class="container" ng-non-bindable> <div class="container" ng-non-bindable>
<h1>Book Restrictions</h1> <h1>Book Permissions</h1>
@include('form/restriction-form', ['model' => $book]) @include('form/restriction-form', ['model' => $book])
</div> </div>

6
resources/views/books/show.blade.php
View File

@ -24,7 +24,7 @@
<li><a href="{{ $book->getUrl() }}/sort" class="text-primary"><i class="zmdi zmdi-sort"></i>Sort</a></li> <li><a href="{{ $book->getUrl() }}/sort" class="text-primary"><i class="zmdi zmdi-sort"></i>Sort</a></li>
@endif @endif
@if(userCan('restrictions-manage', $book)) @if(userCan('restrictions-manage', $book))
<li><a href="{{$book->getUrl()}}/restrict" class="text-primary"><i class="zmdi zmdi-lock-outline"></i>Restrict</a></li> <li><a href="{{$book->getUrl()}}/permissions" class="text-primary"><i class="zmdi zmdi-lock-outline"></i>Permissions</a></li>
@endif @endif
@if(userCan('book-delete', $book)) @if(userCan('book-delete', $book))
<li><a href="{{ $book->getUrl() }}/delete" class="text-neg"><i class="zmdi zmdi-delete"></i>Delete</a></li> <li><a href="{{ $book->getUrl() }}/delete" class="text-neg"><i class="zmdi zmdi-delete"></i>Delete</a></li>
@ -90,9 +90,9 @@
@if($book->restricted) @if($book->restricted)
<p class="text-muted"> <p class="text-muted">
@if(userCan('restrictions-manage', $book)) @if(userCan('restrictions-manage', $book))
<a href="{{ $book->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Book Restricted</a> <a href="{{ $book->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Book Permissions Active</a>
@else @else
<i class="zmdi zmdi-lock-outline"></i>Book Restricted <i class="zmdi zmdi-lock-outline"></i>Book Permissions Active
@endif @endif
</p> </p>
@endif @endif

2
resources/views/chapters/restrictions.blade.php
View File

@ -17,7 +17,7 @@
</div> </div>
<div class="container" ng-non-bindable> <div class="container" ng-non-bindable>
<h1>Chapter Restrictions</h1> <h1>Chapter Permissions</h1>
@include('form/restriction-form', ['model' => $chapter]) @include('form/restriction-form', ['model' => $chapter])
</div> </div>

10
resources/views/chapters/show.blade.php
View File

@ -19,7 +19,7 @@
<a href="{{$chapter->getUrl() . '/edit'}}" class="text-primary text-button"><i class="zmdi zmdi-edit"></i>Edit</a> <a href="{{$chapter->getUrl() . '/edit'}}" class="text-primary text-button"><i class="zmdi zmdi-edit"></i>Edit</a>
@endif @endif
@if(userCan('restrictions-manage', $chapter)) @if(userCan('restrictions-manage', $chapter))
<a href="{{$chapter->getUrl()}}/restrict" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Restrict</a> <a href="{{$chapter->getUrl()}}/permissions" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Permissions</a>
@endif @endif
@if(userCan('chapter-delete', $chapter)) @if(userCan('chapter-delete', $chapter))
<a href="{{$chapter->getUrl() . '/delete'}}" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete</a> <a href="{{$chapter->getUrl() . '/delete'}}" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete</a>
@ -69,18 +69,18 @@
@if($book->restricted) @if($book->restricted)
@if(userCan('restrictions-manage', $book)) @if(userCan('restrictions-manage', $book))
<a href="{{ $book->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Book Restricted</a> <a href="{{ $book->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Book Permissions Active</a>
@else @else
<i class="zmdi zmdi-lock-outline"></i>Book Restricted <i class="zmdi zmdi-lock-outline"></i>Book Permissions Active
@endif @endif
<br> <br>
@endif @endif
@if($chapter->restricted) @if($chapter->restricted)
@if(userCan('restrictions-manage', $chapter)) @if(userCan('restrictions-manage', $chapter))
<a href="{{ $chapter->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Chapter Restricted</a> <a href="{{ $chapter->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active</a>
@else @else
<i class="zmdi zmdi-lock-outline"></i>Chapter Restricted <i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active
@endif @endif
@endif @endif
</div> </div>

9
resources/views/form/restriction-form.blade.php
View File

@ -1,11 +1,14 @@
<form action="{{ $model->getUrl() }}/restrict" method="POST"> <form action="{{ $model->getUrl() }}/permissions" method="POST">
{!! csrf_field() !!} {!! csrf_field() !!}
<input type="hidden" name="_method" value="PUT"> <input type="hidden" name="_method" value="PUT">
<p>Once enabled, These permissions will take priority over any set role permissions.</p>
<div class="form-group"> <div class="form-group">
@include('form/checkbox', ['name' => 'restricted', 'label' => 'Restrict this ' . $model->getClassName()]) @include('form/checkbox', ['name' => 'restricted', 'label' => 'Enable custom permissions'])
</div> </div>
<table class="table"> <table class="table">
<tr> <tr>
<th>Role</th> <th>Role</th>
@ -25,5 +28,5 @@
</table> </table>
<a href="{{ $model->getUrl() }}" class="button muted">Cancel</a> <a href="{{ $model->getUrl() }}" class="button muted">Cancel</a>
<button type="submit" class="button pos">Save Restrictions</button> <button type="submit" class="button pos">Save Permissions</button>
</form> </form>

2
resources/views/pages/restrictions.blade.php
View File

@ -24,7 +24,7 @@
</div> </div>
<div class="container" ng-non-bindable> <div class="container" ng-non-bindable>
<h1>Page Restrictions</h1> <h1>Page Permissions</h1>
@include('form/restriction-form', ['model' => $page]) @include('form/restriction-form', ['model' => $page])
</div> </div>

14
resources/views/pages/show.blade.php
View File

@ -32,7 +32,7 @@
<a href="{{$page->getUrl()}}/edit" class="text-primary text-button" ><i class="zmdi zmdi-edit"></i>Edit</a> <a href="{{$page->getUrl()}}/edit" class="text-primary text-button" ><i class="zmdi zmdi-edit"></i>Edit</a>
@endif @endif
@if(userCan('restrictions-manage', $page)) @if(userCan('restrictions-manage', $page))
<a href="{{$page->getUrl()}}/restrict" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Restrict</a> <a href="{{$page->getUrl()}}/permissions" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Permissions</a>
@endif @endif
@if(userCan('page-delete', $page)) @if(userCan('page-delete', $page))
<a href="{{$page->getUrl()}}/delete" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete</a> <a href="{{$page->getUrl()}}/delete" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete</a>
@ -76,27 +76,27 @@
@if($book->restricted) @if($book->restricted)
@if(userCan('restrictions-manage', $book)) @if(userCan('restrictions-manage', $book))
<a href="{{ $book->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Book restricted</a> <a href="{{ $book->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Book Permissions Active</a>
@else @else
<i class="zmdi zmdi-lock-outline"></i>Book restricted <i class="zmdi zmdi-lock-outline"></i>Book Permissions Active
@endif @endif
<br> <br>
@endif @endif
@if($page->chapter && $page->chapter->restricted) @if($page->chapter && $page->chapter->restricted)
@if(userCan('restrictions-manage', $page->chapter)) @if(userCan('restrictions-manage', $page->chapter))
<a href="{{ $page->chapter->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Chapter restricted</a> <a href="{{ $page->chapter->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active</a>
@else @else
<i class="zmdi zmdi-lock-outline"></i>Chapter restricted <i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active
@endif @endif
<br> <br>
@endif @endif
@if($page->restricted) @if($page->restricted)
@if(userCan('restrictions-manage', $page)) @if(userCan('restrictions-manage', $page))
<a href="{{ $page->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Page restricted</a> <a href="{{ $page->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Page Permissions Active</a>
@else @else
<i class="zmdi zmdi-lock-outline"></i>Page restricted <i class="zmdi zmdi-lock-outline"></i>Page Permissions Active
@endif @endif
<br> <br>
@endif @endif

6
resources/views/settings/roles/form.blade.php
View File

@ -24,10 +24,10 @@
<hr class="even"> <hr class="even">
<div class="row"> <div class="row">
<div class="col-md-6"> <div class="col-md-6">
<label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-all']) Manage all restrictions</label> <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-all']) Manage all Book, Chapter & Page permissions</label>
</div> </div>
<div class="col-md-6"> <div class="col-md-6">
<label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-own']) Manage restrictions on own content</label> <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-own']) Manage permissions on own Book, Chapter & Pages</label>
</div> </div>
</div> </div>
<hr class="even"> <hr class="even">
@ -43,7 +43,7 @@
<h3>Asset Permissions</h3> <h3>Asset Permissions</h3>
<p> <p>
These permissions control default access to the assets within the system. <br> These permissions control default access to the assets within the system. <br>
Restrictions on Books, Chapters and Pages will override these permissions. Permissions on Books, Chapters and Pages will override these permissions.
</p> </p>
<table class="table"> <table class="table">
<tr> <tr>

2
resources/views/users/delete.blade.php
View File

@ -10,7 +10,7 @@
<form action="/settings/users/{{$user->id}}" method="POST"> <form action="/settings/users/{{$user->id}}" method="POST">
{!! csrf_field() !!} {!! csrf_field() !!}
<input type="hidden" name="_method" value="DELETE"> <input type="hidden" name="_method" value="DELETE">
<a href="/users/{{$user->id}}" class="button muted">Cancel</a> <a href="/settings/users/{{$user->id}}" class="button muted">Cancel</a>
<button type="submit" class="button neg">Confirm</button> <button type="submit" class="button neg">Confirm</button>
</form> </form>
</div> </div>

132
tests/Permissions/RestrictionsTest.php
View File

@ -3,11 +3,21 @@
class RestrictionsTest extends TestCase class RestrictionsTest extends TestCase
{ {
protected $user; protected $user;
protected $viewer;
public function setUp() public function setUp()
{ {
parent::setUp(); parent::setUp();
$this->user = $this->getNewUser(); $this->user = $this->getNewUser();
$this->viewer = $this->getViewer();
}
protected function getViewer()
{
$role = \BookStack\Role::getRole('viewer');
$viewer = $this->getNewBlankUser();
$viewer->attachRole($role);;
return $viewer;
} }
/** /**
@ -20,11 +30,16 @@ class RestrictionsTest extends TestCase
$entity->restricted = true; $entity->restricted = true;
$entity->restrictions()->delete(); $entity->restrictions()->delete();
$role = $this->user->roles->first(); $role = $this->user->roles->first();
$viewerRole = $this->viewer->roles->first();
foreach ($actions as $action) { foreach ($actions as $action) {
$entity->restrictions()->create([ $entity->restrictions()->create([
'role_id' => $role->id, 'role_id' => $role->id,
'action' => strtolower($action) 'action' => strtolower($action)
]); ]);
$entity->restrictions()->create([
'role_id' => $viewerRole->id,
'action' => strtolower($action)
]);
} }
$entity->save(); $entity->save();
$entity->load('restrictions'); $entity->load('restrictions');
@ -65,6 +80,10 @@ class RestrictionsTest extends TestCase
$book = \BookStack\Book::first(); $book = \BookStack\Book::first();
$bookUrl = $book->getUrl(); $bookUrl = $book->getUrl();
$this->actingAs($this->viewer)
->visit($bookUrl)
->dontSeeInElement('.action-buttons', 'New Page')
->dontSeeInElement('.action-buttons', 'New Chapter');
$this->actingAs($this->user) $this->actingAs($this->user)
->visit($bookUrl) ->visit($bookUrl)
->seeInElement('.action-buttons', 'New Page') ->seeInElement('.action-buttons', 'New Page')
@ -319,11 +338,11 @@ class RestrictionsTest extends TestCase
public function test_book_restriction_form() public function test_book_restriction_form()
{ {
$book = \BookStack\Book::first(); $book = \BookStack\Book::first();
$this->asAdmin()->visit($book->getUrl() . '/restrict') $this->asAdmin()->visit($book->getUrl() . '/permissions')
->see('Book Restrictions') ->see('Book Permissions')
->check('restricted') ->check('restricted')
->check('restrictions[2][view]') ->check('restrictions[2][view]')
->press('Save Restrictions') ->press('Save Permissions')
->seeInDatabase('books', ['id' => $book->id, 'restricted' => true]) ->seeInDatabase('books', ['id' => $book->id, 'restricted' => true])
->seeInDatabase('restrictions', [ ->seeInDatabase('restrictions', [
'restrictable_id' => $book->id, 'restrictable_id' => $book->id,
@ -336,11 +355,11 @@ class RestrictionsTest extends TestCase
public function test_chapter_restriction_form() public function test_chapter_restriction_form()
{ {
$chapter = \BookStack\Chapter::first(); $chapter = \BookStack\Chapter::first();
$this->asAdmin()->visit($chapter->getUrl() . '/restrict') $this->asAdmin()->visit($chapter->getUrl() . '/permissions')
->see('Chapter Restrictions') ->see('Chapter Permissions')
->check('restricted') ->check('restricted')
->check('restrictions[2][update]') ->check('restrictions[2][update]')
->press('Save Restrictions') ->press('Save Permissions')
->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true]) ->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true])
->seeInDatabase('restrictions', [ ->seeInDatabase('restrictions', [
'restrictable_id' => $chapter->id, 'restrictable_id' => $chapter->id,
@ -353,11 +372,11 @@ class RestrictionsTest extends TestCase
public function test_page_restriction_form() public function test_page_restriction_form()
{ {
$page = \BookStack\Page::first(); $page = \BookStack\Page::first();
$this->asAdmin()->visit($page->getUrl() . '/restrict') $this->asAdmin()->visit($page->getUrl() . '/permissions')
->see('Page Restrictions') ->see('Page Permissions')
->check('restricted') ->check('restricted')
->check('restrictions[2][delete]') ->check('restrictions[2][delete]')
->press('Save Restrictions') ->press('Save Permissions')
->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true]) ->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true])
->seeInDatabase('restrictions', [ ->seeInDatabase('restrictions', [
'restrictable_id' => $page->id, 'restrictable_id' => $page->id,
@ -404,4 +423,99 @@ class RestrictionsTest extends TestCase
->dontSee($page->name); ->dontSee($page->name);
} }
public function test_book_create_restriction_override()
{
$book = \BookStack\Book::first();
$bookUrl = $book->getUrl();
$this->actingAs($this->viewer)
->visit($bookUrl)
->dontSeeInElement('.action-buttons', 'New Page')
->dontSeeInElement('.action-buttons', 'New Chapter');
$this->setEntityRestrictions($book, ['view', 'delete', 'update']);
$this->forceVisit($bookUrl . '/chapter/create')
->see('You do not have permission')->seePageIs('/');
$this->forceVisit($bookUrl . '/page/create')
->see('You do not have permission')->seePageIs('/');
$this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
->dontSeeInElement('.action-buttons', 'New Chapter');
$this->setEntityRestrictions($book, ['view', 'create']);
$this->visit($bookUrl . '/chapter/create')
->type('test chapter', 'name')
->type('test description for chapter', 'description')
->press('Save Chapter')
->seePageIs($bookUrl . '/chapter/test-chapter');
$this->visit($bookUrl . '/page/create')
->type('test page', 'name')
->type('test content', 'html')
->press('Save Page')
->seePageIs($bookUrl . '/page/test-page');
$this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')
->seeInElement('.action-buttons', 'New Chapter');
}
public function test_book_update_restriction_override()
{
$book = \BookStack\Book::first();
$bookPage = $book->pages->first();
$bookChapter = $book->chapters->first();
$bookUrl = $book->getUrl();
$this->actingAs($this->viewer)
->visit($bookUrl . '/edit')
->dontSee('Edit Book');
$this->setEntityRestrictions($book, ['view', 'delete']);
$this->forceVisit($bookUrl . '/edit')
->see('You do not have permission')->seePageIs('/');
$this->forceVisit($bookPage->getUrl() . '/edit')
->see('You do not have permission')->seePageIs('/');
$this->forceVisit($bookChapter->getUrl() . '/edit')
->see('You do not have permission')->seePageIs('/');
$this->setEntityRestrictions($book, ['view', 'update']);
$this->visit($bookUrl . '/edit')
->seePageIs($bookUrl . '/edit');
$this->visit($bookPage->getUrl() . '/edit')
->seePageIs($bookPage->getUrl() . '/edit');
$this->visit($bookChapter->getUrl() . '/edit')
->see('Edit Chapter');
}
public function test_book_delete_restriction_override()
{
$book = \BookStack\Book::first();
$bookPage = $book->pages->first();
$bookChapter = $book->chapters->first();
$bookUrl = $book->getUrl();
$this->actingAs($this->viewer)
->visit($bookUrl . '/delete')
->dontSee('Delete Book');
$this->setEntityRestrictions($book, ['view', 'update']);
$this->forceVisit($bookUrl . '/delete')
->see('You do not have permission')->seePageIs('/');
$this->forceVisit($bookPage->getUrl() . '/delete')
->see('You do not have permission')->seePageIs('/');
$this->forceVisit($bookChapter->getUrl() . '/delete')
->see('You do not have permission')->seePageIs('/');
$this->setEntityRestrictions($book, ['view', 'delete']);
$this->visit($bookUrl . '/delete')
->seePageIs($bookUrl . '/delete')->see('Delete Book');
$this->visit($bookPage->getUrl() . '/delete')
->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');
$this->visit($bookChapter->getUrl() . '/delete')
->see('Delete Chapter');
}
} }

28
tests/Permissions/RolesTest.php
View File

@ -129,14 +129,14 @@ class RolesTest extends TestCase
{ {
$page = \BookStack\Page::take(1)->get()->first(); $page = \BookStack\Page::take(1)->get()->first();
$this->actingAs($this->user)->visit($page->getUrl()) $this->actingAs($this->user)->visit($page->getUrl())
->dontSee('Restrict') ->dontSee('Permissions')
->visit($page->getUrl() . '/restrict') ->visit($page->getUrl() . '/permissions')
->seePageIs('/'); ->seePageIs('/');
$this->giveUserPermissions($this->user, ['restrictions-manage-all']); $this->giveUserPermissions($this->user, ['restrictions-manage-all']);
$this->actingAs($this->user)->visit($page->getUrl()) $this->actingAs($this->user)->visit($page->getUrl())
->see('Restrict') ->see('Permissions')
->click('Restrict') ->click('Permissions')
->see('Page Restrictions')->seePageIs($page->getUrl() . '/restrict'); ->see('Page Permissions')->seePageIs($page->getUrl() . '/permissions');
} }
public function test_restrictions_manage_own_permission() public function test_restrictions_manage_own_permission()
@ -145,27 +145,27 @@ class RolesTest extends TestCase
$content = $this->createEntityChainBelongingToUser($this->user); $content = $this->createEntityChainBelongingToUser($this->user);
// Check can't restrict other's content // Check can't restrict other's content
$this->actingAs($this->user)->visit($otherUsersPage->getUrl()) $this->actingAs($this->user)->visit($otherUsersPage->getUrl())
->dontSee('Restrict') ->dontSee('Permissions')
->visit($otherUsersPage->getUrl() . '/restrict') ->visit($otherUsersPage->getUrl() . '/permissions')
->seePageIs('/'); ->seePageIs('/');
// Check can't restrict own content // Check can't restrict own content
$this->actingAs($this->user)->visit($content['page']->getUrl()) $this->actingAs($this->user)->visit($content['page']->getUrl())
->dontSee('Restrict') ->dontSee('Permissions')
->visit($content['page']->getUrl() . '/restrict') ->visit($content['page']->getUrl() . '/permissions')
->seePageIs('/'); ->seePageIs('/');
$this->giveUserPermissions($this->user, ['restrictions-manage-own']); $this->giveUserPermissions($this->user, ['restrictions-manage-own']);
// Check can't restrict other's content // Check can't restrict other's content
$this->actingAs($this->user)->visit($otherUsersPage->getUrl()) $this->actingAs($this->user)->visit($otherUsersPage->getUrl())
->dontSee('Restrict') ->dontSee('Permissions')
->visit($otherUsersPage->getUrl() . '/restrict') ->visit($otherUsersPage->getUrl() . '/permissions')
->seePageIs('/'); ->seePageIs('/');
// Check can restrict own content // Check can restrict own content
$this->actingAs($this->user)->visit($content['page']->getUrl()) $this->actingAs($this->user)->visit($content['page']->getUrl())
->see('Restrict') ->see('Permissions')
->click('Restrict') ->click('Permissions')
->seePageIs($content['page']->getUrl() . '/restrict'); ->seePageIs($content['page']->getUrl() . '/permissions');
} }
/** /**