github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-23 07:10:00 +08:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Made delete permissions a requirement for move operations

Browse Source 
Closes #1200
This commit is contained in:
Dan Brown
2019-01-05 14:39:40 +00:00
parent 2317bf2350
commit a2087fe3ff
5 changed files with 65 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
tests/Entity/SortTest.php
View File

@ -3,7 +3,6 @@
use BookStack\Entities\Book;
use BookStack\Entities\Chapter;
use BookStack\Entities\Page;
use BookStack\Entities\Repos\EntityRepo;
use BookStack\Entities\Repos\PageRepo;
class SortTest extends TestCase
@ -58,14 +57,14 @@ class SortTest extends TestCase
$newBook = Book::where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
$this->setEntityRestrictions($newBook, ['view', 'edit', 'delete'], $editor->roles);
$this->setEntityRestrictions($newBook, ['view', 'update', 'delete'], $editor->roles);
$movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id
]);
$this->assertPermissionError($movePageResp);
$this->setEntityRestrictions($newBook, ['view', 'edit', 'delete', 'create'], $editor->roles);
$this->setEntityRestrictions($newBook, ['view', 'update', 'delete', 'create'], $editor->roles);
$movePageResp = $this->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id
]);
@ -76,6 +75,33 @@ class SortTest extends TestCase
$this->assertTrue($page->book->id == $newBook->id, 'Page book is now the new book');
}
public function test_page_move_requires_delete_permissions()
{
$page = Page::first();
$currentBook = $page->book;
$newBook = Book::where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
$this->setEntityRestrictions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles);
$this->setEntityRestrictions($page, ['view', 'update', 'create'], $editor->roles);
$movePageResp = $this->actingAs($editor)->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id
]);
$this->assertPermissionError($movePageResp);
$pageView = $this->get($page->getUrl());
$pageView->assertDontSee($page->getUrl('/move'));
$this->setEntityRestrictions($page, ['view', 'update', 'create', 'delete'], $editor->roles);
$movePageResp = $this->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id
]);
$page = Page::find($page->id);
$movePageResp->assertRedirect($page->getUrl());
$this->assertTrue($page->book->id == $newBook->id, 'Page book is now the new book');
}
public function test_chapter_move()
{
$chapter = Chapter::first();
@ -104,6 +130,33 @@ class SortTest extends TestCase
$pageCheckResp->assertSee($newBook->name);
}
public function test_chapter_move_requires_delete_permissions()
{
$chapter = Chapter::first();
$currentBook = $chapter->book;
$newBook = Book::where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
$this->setEntityRestrictions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles);
$this->setEntityRestrictions($chapter, ['view', 'update', 'create'], $editor->roles);
$moveChapterResp = $this->actingAs($editor)->put($chapter->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id
]);
$this->assertPermissionError($moveChapterResp);
$pageView = $this->get($chapter->getUrl());
$pageView->assertDontSee($chapter->getUrl('/move'));
$this->setEntityRestrictions($chapter, ['view', 'update', 'create', 'delete'], $editor->roles);
$moveChapterResp = $this->put($chapter->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id
]);
$chapter = Chapter::find($chapter->id);
$moveChapterResp->assertRedirect($chapter->getUrl());
$this->assertTrue($chapter->book->id == $newBook->id, 'Page book is now the new book');
}
public function test_book_sort()
{
$oldBook = Book::query()->first();