mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-29 23:22:34 +01:00
Added and addressed multi-role/own-role-perm/inheretance scenario
Found during manual testing. Have checked against relation queries manually too.
This commit is contained in:
parent
48df8725d8
commit
f6a6b11ec5
@ -99,7 +99,7 @@ class PermissionApplicator
|
|||||||
->selectRaw('max(status) as status')
|
->selectRaw('max(status) as status')
|
||||||
->whereIn('role_id', $this->getCurrentUserRoleIds())
|
->whereIn('role_id', $this->getCurrentUserRoleIds())
|
||||||
->groupBy(['entity_type', 'entity_id'])
|
->groupBy(['entity_type', 'entity_id'])
|
||||||
->havingRaw('(status IN (1, 3) or owner_id = ?)', [$this->currentUser()->id]);
|
->havingRaw('(status IN (1, 3) or (owner_id = ? and status != 2))', [$this->currentUser()->id]);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -229,6 +229,16 @@ User denied page permission.
|
|||||||
|
|
||||||
User denied page permission.
|
User denied page permission.
|
||||||
|
|
||||||
|
#### test_71_multi_role_inheriting_deny_on_own
|
||||||
|
|
||||||
|
- Page permissions have inherit enabled.
|
||||||
|
- Role A has own page role permission.
|
||||||
|
- Role B has entity denied page permission.
|
||||||
|
- User has Role A and B.
|
||||||
|
- Use owns Page.
|
||||||
|
|
||||||
|
User denied page permission.
|
||||||
|
|
||||||
#### test_75_multi_role_inherited_deny_via_parent
|
#### test_75_multi_role_inherited_deny_via_parent
|
||||||
|
|
||||||
- Page permissions have inherit enabled.
|
- Page permissions have inherit enabled.
|
||||||
@ -239,6 +249,16 @@ User denied page permission.
|
|||||||
|
|
||||||
User denied page permission.
|
User denied page permission.
|
||||||
|
|
||||||
|
#### test_76_multi_role_inherited_deny_via_parent_on_own
|
||||||
|
|
||||||
|
- Page permissions have inherit enabled.
|
||||||
|
- Chapter permissions have inherit enabled.
|
||||||
|
- Role A has own page role permission.
|
||||||
|
- Role B has entity denied chapter permission.
|
||||||
|
- User has Role A & B.
|
||||||
|
|
||||||
|
User denied page permission.
|
||||||
|
|
||||||
#### test_80_fallback_override_allow
|
#### test_80_fallback_override_allow
|
||||||
|
|
||||||
- Page permissions have inherit disabled.
|
- Page permissions have inherit disabled.
|
||||||
|
@ -187,6 +187,19 @@ class EntityRolePermissionsTest extends PermissionScenarioTestCase
|
|||||||
$this->assertNotVisibleToUser($page, $user);
|
$this->assertNotVisibleToUser($page, $user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_71_multi_role_inheriting_deny_on_own()
|
||||||
|
{
|
||||||
|
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
|
||||||
|
$roleB = $this->users->attachNewRole($user);
|
||||||
|
$page = $this->entities->page();
|
||||||
|
$this->permissions->changeEntityOwner($page, $user);
|
||||||
|
|
||||||
|
$this->permissions->addEntityPermission($page, [], $roleB);
|
||||||
|
|
||||||
|
$this->assertNotVisibleToUser($page, $user);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public function test_75_multi_role_inherited_deny_via_parent()
|
public function test_75_multi_role_inherited_deny_via_parent()
|
||||||
{
|
{
|
||||||
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
|
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
|
||||||
@ -199,6 +212,19 @@ class EntityRolePermissionsTest extends PermissionScenarioTestCase
|
|||||||
$this->assertNotVisibleToUser($page, $user);
|
$this->assertNotVisibleToUser($page, $user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_76_multi_role_inherited_deny_via_parent_on_own()
|
||||||
|
{
|
||||||
|
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
|
||||||
|
$roleB = $this->users->attachNewRole($user);
|
||||||
|
$page = $this->entities->pageWithinChapter();
|
||||||
|
$chapter = $page->chapter;
|
||||||
|
$this->permissions->changeEntityOwner($page, $user);
|
||||||
|
|
||||||
|
$this->permissions->addEntityPermission($chapter, [], $roleB);
|
||||||
|
|
||||||
|
$this->assertNotVisibleToUser($page, $user);
|
||||||
|
}
|
||||||
|
|
||||||
public function test_80_fallback_override_allow()
|
public function test_80_fallback_override_allow()
|
||||||
{
|
{
|
||||||
[$user, $roleA] = $this->users->newUserWithRole();
|
[$user, $roleA] = $this->users->newUserWithRole();
|
||||||
|
Loading…
Reference in New Issue
Block a user