1
0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-29 23:22:34 +01:00

Added and addressed multi-role/own-role-perm/inheretance scenario

Found during manual testing.
Have checked against relation queries manually too.
This commit is contained in:
Dan Brown 2023-01-26 12:53:25 +00:00
parent 48df8725d8
commit f6a6b11ec5
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
3 changed files with 47 additions and 1 deletions

View File

@ -99,7 +99,7 @@ class PermissionApplicator
->selectRaw('max(status) as status') ->selectRaw('max(status) as status')
->whereIn('role_id', $this->getCurrentUserRoleIds()) ->whereIn('role_id', $this->getCurrentUserRoleIds())
->groupBy(['entity_type', 'entity_id']) ->groupBy(['entity_type', 'entity_id'])
->havingRaw('(status IN (1, 3) or owner_id = ?)', [$this->currentUser()->id]); ->havingRaw('(status IN (1, 3) or (owner_id = ? and status != 2))', [$this->currentUser()->id]);
}); });
}); });
} }

View File

@ -229,6 +229,16 @@ User denied page permission.
User denied page permission. User denied page permission.
#### test_71_multi_role_inheriting_deny_on_own
- Page permissions have inherit enabled.
- Role A has own page role permission.
- Role B has entity denied page permission.
- User has Role A and B.
- Use owns Page.
User denied page permission.
#### test_75_multi_role_inherited_deny_via_parent #### test_75_multi_role_inherited_deny_via_parent
- Page permissions have inherit enabled. - Page permissions have inherit enabled.
@ -239,6 +249,16 @@ User denied page permission.
User denied page permission. User denied page permission.
#### test_76_multi_role_inherited_deny_via_parent_on_own
- Page permissions have inherit enabled.
- Chapter permissions have inherit enabled.
- Role A has own page role permission.
- Role B has entity denied chapter permission.
- User has Role A & B.
User denied page permission.
#### test_80_fallback_override_allow #### test_80_fallback_override_allow
- Page permissions have inherit disabled. - Page permissions have inherit disabled.

View File

@ -187,6 +187,19 @@ class EntityRolePermissionsTest extends PermissionScenarioTestCase
$this->assertNotVisibleToUser($page, $user); $this->assertNotVisibleToUser($page, $user);
} }
public function test_71_multi_role_inheriting_deny_on_own()
{
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
$roleB = $this->users->attachNewRole($user);
$page = $this->entities->page();
$this->permissions->changeEntityOwner($page, $user);
$this->permissions->addEntityPermission($page, [], $roleB);
$this->assertNotVisibleToUser($page, $user);
}
public function test_75_multi_role_inherited_deny_via_parent() public function test_75_multi_role_inherited_deny_via_parent()
{ {
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']); [$user, $roleA] = $this->users->newUserWithRole([], ['page-view-all']);
@ -199,6 +212,19 @@ class EntityRolePermissionsTest extends PermissionScenarioTestCase
$this->assertNotVisibleToUser($page, $user); $this->assertNotVisibleToUser($page, $user);
} }
public function test_76_multi_role_inherited_deny_via_parent_on_own()
{
[$user, $roleA] = $this->users->newUserWithRole([], ['page-view-own']);
$roleB = $this->users->attachNewRole($user);
$page = $this->entities->pageWithinChapter();
$chapter = $page->chapter;
$this->permissions->changeEntityOwner($page, $user);
$this->permissions->addEntityPermission($chapter, [], $roleB);
$this->assertNotVisibleToUser($page, $user);
}
public function test_80_fallback_override_allow() public function test_80_fallback_override_allow()
{ {
[$user, $roleA] = $this->users->newUserWithRole(); [$user, $roleA] = $this->users->newUserWithRole();