github-mirror/BookStack
github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-26 06:04:05 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fixed image delete permission issue

Browse Source 
Also fixed missing translations and wrote tests to cover issue.
Fixes #258
This commit is contained in:
Dan Brown 2017-01-08 19:19:30 +00:00
parent f7f86ff821
commit 581c382f65
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
4 changed files with 53 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Services/PermissionService.php
View File

@ -405,7 +405,7 @@ class PermissionService
$action = end($explodedPermission); $action = end($explodedPermission);
$this->currentAction = $action; $this->currentAction = $action;
$nonJointPermissions = ['restrictions']; $nonJointPermissions = ['restrictions', 'image', 'attachment'];
// Handle non entity specific jointPermissions // Handle non entity specific jointPermissions
if (in_array($explodedPermission[0], $nonJointPermissions)) { if (in_array($explodedPermission[0], $nonJointPermissions)) {
@ -421,7 +421,6 @@ class PermissionService
$this->currentAction = $permission; $this->currentAction = $permission;
} }
$q = $this->entityRestrictionQuery($baseQuery)->count() > 0; $q = $this->entityRestrictionQuery($baseQuery)->count() > 0;
$this->clean(); $this->clean();
return $q; return $q;

10
database/factories/ModelFactory.php
View File

@ -59,4 +59,14 @@ $factory->define(BookStack\Tag::class, function ($faker) {
'name' => $faker->city, 'name' => $faker->city,
'value' => $faker->sentence(3) 'value' => $faker->sentence(3)
]; ];
});
$factory->define(BookStack\Image::class, function ($faker) {
return [
'name' => $faker->slug . '.jpg',
'url' => $faker->url,
'path' => $faker->url,
'type' => 'gallery',
'uploaded_to' => 0
];
}); });

1
resources/lang/en/entities.php
View File

@ -89,6 +89,7 @@ return [
* Chapters * Chapters
*/ */
'chapter' => 'Chapter', 'chapter' => 'Chapter',
'chapters' => 'Chapters',
'chapters_popular' => 'Popular Chapters', 'chapters_popular' => 'Popular Chapters',
'chapters_new' => 'New Chapter', 'chapters_new' => 'New Chapter',
'chapters_create' => 'Create New Chapter', 'chapters_create' => 'Create New Chapter',

41
tests/Permissions/RolesTest.php
View File

@ -578,4 +578,45 @@ class RolesTest extends TestCase
->see('Cannot be deleted'); ->see('Cannot be deleted');
} }
public function test_image_delete_own_permission()
{
$this->giveUserPermissions($this->user, ['image-update-all']);
// $admin = $this->getAdmin();
$page = \BookStack\Page::first();
$image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $this->user->id, 'updated_by' => $this->user->id]);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(403);
$this->giveUserPermissions($this->user, ['image-delete-own']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(200)
->dontSeeInDatabase('images', ['id' => $image->id]);
}
public function test_image_delete_all_permission()
{
$this->giveUserPermissions($this->user, ['image-update-all']);
$admin = $this->getAdmin();
$page = \BookStack\Page::first();
$image = factory(\BookStack\Image::class)->create(['uploaded_to' => $page->id, 'created_by' => $admin->id, 'updated_by' => $admin->id]);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(403);
$this->giveUserPermissions($this->user, ['image-delete-own']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(403);
$this->giveUserPermissions($this->user, ['image-delete-all']);
$this->actingAs($this->user)->json('delete', '/images/' . $image->id)
->seeStatusCode(200)
->dontSeeInDatabase('images', ['id' => $image->id]);
}
} }