Updated entity restrictions to allow permissions, Not just restrict

author Dan Brown <redacted>

Wed, 30 Mar 2016 19:15:44 +0000 (20:15 +0100)

committer Dan Brown <redacted>

Wed, 30 Mar 2016 19:15:44 +0000 (20:15 +0100)
author Dan Brown <redacted>
Wed, 30 Mar 2016 19:15:44 +0000 (20:15 +0100)
committer Dan Brown <redacted>
Wed, 30 Mar 2016 19:15:44 +0000 (20:15 +0100)
diff --git a/app/Http/routes.php b/app/Http/routes.php

index 0be9012314722cf84171ff6abb292d315323e423..eca37347c4663d0944b7ccdaea3ad4f0b031d580 100644 (file)
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -19,8 +19,8 @@ Route::group(['middleware' => 'auth'], function () {
          Route::delete('/{id}', 'BookController@destroy');
          Route::get('/{slug}/sort-item', 'BookController@getSortItem');
          Route::get('/{slug}', 'BookController@show');
-        Route::get('/{bookSlug}/restrict', 'BookController@showRestrict');
-        Route::put('/{bookSlug}/restrict', 'BookController@restrict');
+        Route::get('/{bookSlug}/permissions', 'BookController@showRestrict');
+        Route::put('/{bookSlug}/permissions', 'BookController@restrict');
          Route::get('/{slug}/delete', 'BookController@showDelete');
          Route::get('/{bookSlug}/sort', 'BookController@sort');
          Route::put('/{bookSlug}/sort', 'BookController@saveSort');
@@ -36,8 +36,8 @@ Route::group(['middleware' => 'auth'], function () {
          Route::get('/{bookSlug}/page/{pageSlug}/edit', 'PageController@edit');
          Route::get('/{bookSlug}/page/{pageSlug}/delete', 'PageController@showDelete');
          Route::get('/{bookSlug}/draft/{pageId}/delete', 'PageController@showDeleteDraft');
-        Route::get('/{bookSlug}/page/{pageSlug}/restrict', 'PageController@showRestrict');
-        Route::put('/{bookSlug}/page/{pageSlug}/restrict', 'PageController@restrict');
+        Route::get('/{bookSlug}/page/{pageSlug}/permissions', 'PageController@showRestrict');
+        Route::put('/{bookSlug}/page/{pageSlug}/permissions', 'PageController@restrict');
          Route::put('/{bookSlug}/page/{pageSlug}', 'PageController@update');
          Route::delete('/{bookSlug}/page/{pageSlug}', 'PageController@destroy');
          Route::delete('/{bookSlug}/draft/{pageId}', 'PageController@destroyDraft');
@@ -54,8 +54,8 @@ Route::group(['middleware' => 'auth'], function () {
          Route::get('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@show');
          Route::put('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@update');
          Route::get('/{bookSlug}/chapter/{chapterSlug}/edit', 'ChapterController@edit');
-        Route::get('/{bookSlug}/chapter/{chapterSlug}/restrict', 'ChapterController@showRestrict');
-        Route::put('/{bookSlug}/chapter/{chapterSlug}/restrict', 'ChapterController@restrict');
+        Route::get('/{bookSlug}/chapter/{chapterSlug}/permissions', 'ChapterController@showRestrict');
+        Route::put('/{bookSlug}/chapter/{chapterSlug}/permissions', 'ChapterController@restrict');
          Route::get('/{bookSlug}/chapter/{chapterSlug}/delete', 'ChapterController@showDelete');
          Route::delete('/{bookSlug}/chapter/{chapterSlug}', 'ChapterController@destroy');
  
diff --git a/app/Services/RestrictionService.php b/app/Services/RestrictionService.php

index d207248662183c1e236aab875fa83a20df2d0095..50cbe4a51df5eda06f257f3e991f045617a23336 100644 (file)
--- a/app/Services/RestrictionService.php
+++ b/app/Services/RestrictionService.php
@@ -41,6 +41,25 @@ class RestrictionService
          return false;
      }
  
+    /**
+     * Check if an entity has restrictions set on itself or its
+     * parent tree.
+     * @param Entity $entity
+     * @param $action
+     * @return bool|mixed
+     */
+    public function checkIfRestrictionsSet(Entity $entity, $action)
+    {
+        $this->currentAction = $action;
+        if ($entity->isA('page')) {
+            return $entity->restricted || ($entity->chapter && $entity->chapter->restricted) || $entity->book->restricted;
+        } elseif ($entity->isA('chapter')) {
+            return $entity->restricted || $entity->book->restricted;
+        } elseif ($entity->isA('book')) {
+            return $entity->restricted;
+        }
+    }
+
      /**
       * Add restrictions for a page query
       * @param $query
diff --git a/app/helpers.php b/app/helpers.php

index f60e917c55cf5ef3656ea2e75118211dc4f43c53..eab8ca1c85bb4bcb4a5b1c126fc947c3a757a737 100644 (file)
--- a/app/helpers.php
+++ b/app/helpers.php
@@ -52,12 +52,13 @@ function userCan($permission, \BookStack\Ownable $ownable = null)
  
      if (!$ownable instanceof \BookStack\Entity) return $hasPermission;
  
-    // Check restrictions on the entitiy
+    // Check restrictions on the entity
      $restrictionService = app('BookStack\Services\RestrictionService');
      $explodedPermission = explode('-', $permission);
      $action = end($explodedPermission);
      $hasAccess = $restrictionService->checkIfEntityRestricted($ownable, $action);
-    return $hasAccess && $hasPermission;
+    $restrictionsSet = $restrictionService->checkIfRestrictionsSet($ownable, $action);
+    return ($hasAccess && $restrictionsSet) || (!$restrictionsSet && $hasPermission);
  }
  
  /**
diff --git a/resources/views/books/restrictions.blade.php b/resources/views/books/restrictions.blade.php

index 60b126a7b5ce8adacce446cda91a75fecb086aec..7fdd3abef855fc7820f8f756314334f8dec74f72 100644 (file)
--- a/resources/views/books/restrictions.blade.php
+++ b/resources/views/books/restrictions.blade.php
@@ -16,7 +16,7 @@
  
  
      <div class="container" ng-non-bindable>
-        <h1>Book Restrictions</h1>
+        <h1>Book Permissions</h1>
          @include('form/restriction-form', ['model' => $book])
      </div>
  
diff --git a/resources/views/books/show.blade.php b/resources/views/books/show.blade.php

index cd32a406b65d6173323c892fe761a5c49c973369..5f8067bfbc0ee1ff4f4bb6339ffb4006fd4de04a 100644 (file)
--- a/resources/views/books/show.blade.php
+++ b/resources/views/books/show.blade.php
@@ -24,7 +24,7 @@
                                          <li><a href="{{ $book->getUrl() }}/sort" class="text-primary"><i class="zmdi zmdi-sort"></i>Sort</a></li>
                                      @endif
                                      @if(userCan('restrictions-manage', $book))
-                                        <li><a href="{{$book->getUrl()}}/restrict" class="text-primary"><i class="zmdi zmdi-lock-outline"></i>Restrict</a></li>
+                                        <li><a href="{{$book->getUrl()}}/permissions" class="text-primary"><i class="zmdi zmdi-lock-outline"></i>Permissions</a></li>
                                      @endif
                                      @if(userCan('book-delete', $book))
                                          <li><a href="{{ $book->getUrl() }}/delete" class="text-neg"><i class="zmdi zmdi-delete"></i>Delete</a></li>
@@ -90,9 +90,9 @@
                  @if($book->restricted)
                      <p class="text-muted">
                          @if(userCan('restrictions-manage', $book))
-                            <a href="{{ $book->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Book Restricted</a>
+                            <a href="{{ $book->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Book Permissions Active</a>
                          @else
-                            <i class="zmdi zmdi-lock-outline"></i>Book Restricted
+                            <i class="zmdi zmdi-lock-outline"></i>Book Permissions Active
                          @endif
                      </p>
                  @endif
diff --git a/resources/views/chapters/restrictions.blade.php b/resources/views/chapters/restrictions.blade.php

index 1f2f9c8faa646ac043830b575efbb59b3b510681..c25c0755db9c955f9d218885d6151bf038a67592 100644 (file)
--- a/resources/views/chapters/restrictions.blade.php
+++ b/resources/views/chapters/restrictions.blade.php
@@ -17,7 +17,7 @@
      </div>
  
      <div class="container" ng-non-bindable>
-        <h1>Chapter Restrictions</h1>
+        <h1>Chapter Permissions</h1>
          @include('form/restriction-form', ['model' => $chapter])
      </div>
  
diff --git a/resources/views/chapters/show.blade.php b/resources/views/chapters/show.blade.php

index dc20d144e43d9cb249b982cc794329e6802b8efa..b6b2d5c9761077df50d306e7a8264f79eae483ec 100644 (file)
--- a/resources/views/chapters/show.blade.php
+++ b/resources/views/chapters/show.blade.php
@@ -19,7 +19,7 @@
                              <a href="{{$chapter->getUrl() . '/edit'}}" class="text-primary text-button"><i class="zmdi zmdi-edit"></i>Edit</a>
                          @endif
                          @if(userCan('restrictions-manage', $chapter))
-                            <a href="{{$chapter->getUrl()}}/restrict" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Restrict</a>
+                            <a href="{{$chapter->getUrl()}}/permissions" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Permissions</a>
                          @endif
                          @if(userCan('chapter-delete', $chapter))
                              <a href="{{$chapter->getUrl() . '/delete'}}" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete</a>
@@ -69,18 +69,18 @@
  
                          @if($book->restricted)
                              @if(userCan('restrictions-manage', $book))
-                                <a href="{{ $book->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Book Restricted</a>
+                                <a href="{{ $book->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Book Permissions Active</a>
                              @else
-                                <i class="zmdi zmdi-lock-outline"></i>Book Restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Book Permissions Active
                              @endif
                                  <br>
                          @endif
  
                          @if($chapter->restricted)
                              @if(userCan('restrictions-manage', $chapter))
-                                <a href="{{ $chapter->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Chapter Restricted</a>
+                                <a href="{{ $chapter->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active</a>
                              @else
-                                <i class="zmdi zmdi-lock-outline"></i>Chapter Restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active
                              @endif
                          @endif
                      </div>
diff --git a/resources/views/form/restriction-form.blade.php b/resources/views/form/restriction-form.blade.php

index d2fa239826b6d7a346bd66c554362e3a62e89286..f61a535e7044215b581d849c50fd43f05ad74663 100644 (file)
--- a/resources/views/form/restriction-form.blade.php
+++ b/resources/views/form/restriction-form.blade.php
@@ -1,11 +1,14 @@
-<form action="{{ $model->getUrl() }}/restrict" method="POST">
+<form action="{{ $model->getUrl() }}/permissions" method="POST">
      {!! csrf_field() !!}
      <input type="hidden" name="_method" value="PUT">
  
+    <p>Once enabled, These permissions will take priority over any set role permissions.</p>
+
      <div class="form-group">
-        @include('form/checkbox', ['name' => 'restricted', 'label' => 'Restrict this ' . $model->getClassName()])
+        @include('form/checkbox', ['name' => 'restricted', 'label' => 'Enable custom permissions'])
      </div>
  
+
      <table class="table">
          <tr>
              <th>Role</th>
@@ -25,5 +28,5 @@
      </table>
  
      <a href="{{ $model->getUrl() }}" class="button muted">Cancel</a>
-    <button type="submit" class="button pos">Save Restrictions</button>
+    <button type="submit" class="button pos">Save Permissions</button>
  </form>
 \ No newline at end of file
diff --git a/resources/views/pages/restrictions.blade.php b/resources/views/pages/restrictions.blade.php

index d094abc7184adeca9ea61bb40c93b47ea4ef2d06..09eb8a65b9df0609672936e07d36f917acca9297 100644 (file)
--- a/resources/views/pages/restrictions.blade.php
+++ b/resources/views/pages/restrictions.blade.php
@@ -24,7 +24,7 @@
      </div>
  
      <div class="container" ng-non-bindable>
-        <h1>Page Restrictions</h1>
+        <h1>Page Permissions</h1>
          @include('form/restriction-form', ['model' => $page])
      </div>
  
diff --git a/resources/views/pages/show.blade.php b/resources/views/pages/show.blade.php

index 286d443874001fd7c22bb2017574f193790bb163..8640a34dba535f2638d611035c3cceb6ebcfa72f 100644 (file)
--- a/resources/views/pages/show.blade.php
+++ b/resources/views/pages/show.blade.php
@@ -32,7 +32,7 @@
                              <a href="{{$page->getUrl()}}/edit" class="text-primary text-button" ><i class="zmdi zmdi-edit"></i>Edit</a>
                          @endif
                          @if(userCan('restrictions-manage', $page))
-                            <a href="{{$page->getUrl()}}/restrict" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Restrict</a>
+                            <a href="{{$page->getUrl()}}/permissions" class="text-primary text-button"><i class="zmdi zmdi-lock-outline"></i>Permissions</a>
                          @endif
                          @if(userCan('page-delete', $page))
                              <a href="{{$page->getUrl()}}/delete" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete</a>
@@ -76,27 +76,27 @@
  
                          @if($book->restricted)
                              @if(userCan('restrictions-manage', $book))
-                                <a href="{{ $book->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Book restricted</a>
+                                <a href="{{ $book->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Book Permissions Active</a>
                              @else
-                                <i class="zmdi zmdi-lock-outline"></i>Book restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Book Permissions Active
                              @endif
                              <br>
                          @endif
  
                          @if($page->chapter && $page->chapter->restricted)
                              @if(userCan('restrictions-manage', $page->chapter))
-                                <a href="{{ $page->chapter->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Chapter restricted</a>
+                                <a href="{{ $page->chapter->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active</a>
                              @else
-                                <i class="zmdi zmdi-lock-outline"></i>Chapter restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Chapter Permissions Active
                              @endif
                              <br>
                          @endif
  
                          @if($page->restricted)
                              @if(userCan('restrictions-manage', $page))
-                                <a href="{{ $page->getUrl() }}/restrict"><i class="zmdi zmdi-lock-outline"></i>Page restricted</a>
+                                <a href="{{ $page->getUrl() }}/permissions"><i class="zmdi zmdi-lock-outline"></i>Page Permissions Active</a>
                              @else
-                                <i class="zmdi zmdi-lock-outline"></i>Page restricted
+                                <i class="zmdi zmdi-lock-outline"></i>Page Permissions Active
                              @endif
                              <br>
                          @endif
diff --git a/resources/views/settings/roles/form.blade.php b/resources/views/settings/roles/form.blade.php

index fafb9bed28f34923c22cac6529aafb71655453a5..ba57b4daa3d057c01b82516a89c275212fe185b1 100644 (file)
--- a/resources/views/settings/roles/form.blade.php
+++ b/resources/views/settings/roles/form.blade.php
@@ -24,10 +24,10 @@
          <hr class="even">
          <div class="row">
              <div class="col-md-6">
-                <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-all']) Manage all restrictions</label>
+                <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-all']) Manage all Book, Chapter & Page permissions</label>
              </div>
              <div class="col-md-6">
-                <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-own']) Manage restrictions on own content</label>
+                <label>@include('settings/roles/checkbox', ['permission' => 'restrictions-manage-own']) Manage permissions on own Book, Chapter & Pages</label>
              </div>
          </div>
          <hr class="even">
@@ -43,7 +43,7 @@
          <h3>Asset Permissions</h3>
          <p>
              These permissions control default access to the assets within the system. <br>
-            Restrictions on Books, Chapters and Pages will override these permissions.
+            Permissions on Books, Chapters and Pages will override these permissions.
          </p>
          <table class="table">
              <tr>
diff --git a/resources/views/users/delete.blade.php b/resources/views/users/delete.blade.php

index 282ae242bbc5746c249dc30322556b865276d4f4..af247509dcc64cdd054eb3c91d90593d3ee2dc4c 100644 (file)
--- a/resources/views/users/delete.blade.php
+++ b/resources/views/users/delete.blade.php
@@ -10,7 +10,7 @@
          <form action="/settings/users/{{$user->id}}" method="POST">
              {!! csrf_field() !!}
              <input type="hidden" name="_method" value="DELETE">
-            <a href="/users/{{$user->id}}" class="button muted">Cancel</a>
+            <a href="/settings/users/{{$user->id}}" class="button muted">Cancel</a>
              <button type="submit" class="button neg">Confirm</button>
          </form>
      </div>
diff --git a/tests/Permissions/RestrictionsTest.php b/tests/Permissions/RestrictionsTest.php

index 40b5a7647bd881367c7b86682520d1cac6473b04..4ecf5fb200d3744e0f21a73f908636f049e23592 100644 (file)
--- a/tests/Permissions/RestrictionsTest.php
+++ b/tests/Permissions/RestrictionsTest.php
@@ -3,11 +3,21 @@
  class RestrictionsTest extends TestCase
  {
      protected $user;
+    protected $viewer;
  
      public function setUp()
      {
          parent::setUp();
          $this->user = $this->getNewUser();
+        $this->viewer = $this->getViewer();
+    }
+
+    protected function getViewer()
+    {
+        $role = \BookStack\Role::getRole('viewer');
+        $viewer = $this->getNewBlankUser();
+        $viewer->attachRole($role);;
+        return $viewer;
      }
  
      /**
@@ -20,11 +30,16 @@ class RestrictionsTest extends TestCase
          $entity->restricted = true;
          $entity->restrictions()->delete();
          $role = $this->user->roles->first();
+        $viewerRole = $this->viewer->roles->first();
          foreach ($actions as $action) {
              $entity->restrictions()->create([
                  'role_id' => $role->id,
                  'action' => strtolower($action)
              ]);
+            $entity->restrictions()->create([
+                'role_id' => $viewerRole->id,
+                'action' => strtolower($action)
+            ]);
          }
          $entity->save();
          $entity->load('restrictions');
@@ -65,6 +80,10 @@ class RestrictionsTest extends TestCase
          $book = \BookStack\Book::first();
  
          $bookUrl = $book->getUrl();
+        $this->actingAs($this->viewer)
+            ->visit($bookUrl)
+            ->dontSeeInElement('.action-buttons', 'New Page')
+            ->dontSeeInElement('.action-buttons', 'New Chapter');
          $this->actingAs($this->user)
              ->visit($bookUrl)
              ->seeInElement('.action-buttons', 'New Page')
@@ -319,11 +338,11 @@ class RestrictionsTest extends TestCase
      public function test_book_restriction_form()
      {
          $book = \BookStack\Book::first();
-        $this->asAdmin()->visit($book->getUrl() . '/restrict')
-            ->see('Book Restrictions')
+        $this->asAdmin()->visit($book->getUrl() . '/permissions')
+            ->see('Book Permissions')
              ->check('restricted')
              ->check('restrictions[2][view]')
-            ->press('Save Restrictions')
+            ->press('Save Permissions')
              ->seeInDatabase('books', ['id' => $book->id, 'restricted' => true])
              ->seeInDatabase('restrictions', [
                  'restrictable_id' => $book->id,
@@ -336,11 +355,11 @@ class RestrictionsTest extends TestCase
      public function test_chapter_restriction_form()
      {
          $chapter = \BookStack\Chapter::first();
-        $this->asAdmin()->visit($chapter->getUrl() . '/restrict')
-            ->see('Chapter Restrictions')
+        $this->asAdmin()->visit($chapter->getUrl() . '/permissions')
+            ->see('Chapter Permissions')
              ->check('restricted')
              ->check('restrictions[2][update]')
-            ->press('Save Restrictions')
+            ->press('Save Permissions')
              ->seeInDatabase('chapters', ['id' => $chapter->id, 'restricted' => true])
              ->seeInDatabase('restrictions', [
                  'restrictable_id' => $chapter->id,
@@ -353,11 +372,11 @@ class RestrictionsTest extends TestCase
      public function test_page_restriction_form()
      {
          $page = \BookStack\Page::first();
-        $this->asAdmin()->visit($page->getUrl() . '/restrict')
-            ->see('Page Restrictions')
+        $this->asAdmin()->visit($page->getUrl() . '/permissions')
+            ->see('Page Permissions')
              ->check('restricted')
              ->check('restrictions[2][delete]')
-            ->press('Save Restrictions')
+            ->press('Save Permissions')
              ->seeInDatabase('pages', ['id' => $page->id, 'restricted' => true])
              ->seeInDatabase('restrictions', [
                  'restrictable_id' => $page->id,
@@ -404,4 +423,99 @@ class RestrictionsTest extends TestCase
              ->dontSee($page->name);
      }
  
+    public function test_book_create_restriction_override()
+    {
+        $book = \BookStack\Book::first();
+
+        $bookUrl = $book->getUrl();
+        $this->actingAs($this->viewer)
+            ->visit($bookUrl)
+            ->dontSeeInElement('.action-buttons', 'New Page')
+            ->dontSeeInElement('.action-buttons', 'New Chapter');
+
+        $this->setEntityRestrictions($book, ['view', 'delete', 'update']);
+
+        $this->forceVisit($bookUrl . '/chapter/create')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookUrl . '/page/create')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->visit($bookUrl)->dontSeeInElement('.action-buttons', 'New Page')
+            ->dontSeeInElement('.action-buttons', 'New Chapter');
+
+        $this->setEntityRestrictions($book, ['view', 'create']);
+
+        $this->visit($bookUrl . '/chapter/create')
+            ->type('test chapter', 'name')
+            ->type('test description for chapter', 'description')
+            ->press('Save Chapter')
+            ->seePageIs($bookUrl . '/chapter/test-chapter');
+        $this->visit($bookUrl . '/page/create')
+            ->type('test page', 'name')
+            ->type('test content', 'html')
+            ->press('Save Page')
+            ->seePageIs($bookUrl . '/page/test-page');
+        $this->visit($bookUrl)->seeInElement('.action-buttons', 'New Page')
+            ->seeInElement('.action-buttons', 'New Chapter');
+    }
+
+    public function test_book_update_restriction_override()
+    {
+        $book = \BookStack\Book::first();
+        $bookPage = $book->pages->first();
+        $bookChapter = $book->chapters->first();
+
+        $bookUrl = $book->getUrl();
+        $this->actingAs($this->viewer)
+            ->visit($bookUrl . '/edit')
+            ->dontSee('Edit Book');
+
+        $this->setEntityRestrictions($book, ['view', 'delete']);
+
+        $this->forceVisit($bookUrl . '/edit')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookPage->getUrl() . '/edit')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookChapter->getUrl() . '/edit')
+            ->see('You do not have permission')->seePageIs('/');
+
+        $this->setEntityRestrictions($book, ['view', 'update']);
+
+        $this->visit($bookUrl . '/edit')
+            ->seePageIs($bookUrl . '/edit');
+        $this->visit($bookPage->getUrl() . '/edit')
+            ->seePageIs($bookPage->getUrl() . '/edit');
+        $this->visit($bookChapter->getUrl() . '/edit')
+            ->see('Edit Chapter');
+    }
+
+    public function test_book_delete_restriction_override()
+    {
+        $book = \BookStack\Book::first();
+        $bookPage = $book->pages->first();
+        $bookChapter = $book->chapters->first();
+
+        $bookUrl = $book->getUrl();
+        $this->actingAs($this->viewer)
+            ->visit($bookUrl . '/delete')
+            ->dontSee('Delete Book');
+
+        $this->setEntityRestrictions($book, ['view', 'update']);
+
+        $this->forceVisit($bookUrl . '/delete')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookPage->getUrl() . '/delete')
+            ->see('You do not have permission')->seePageIs('/');
+        $this->forceVisit($bookChapter->getUrl() . '/delete')
+            ->see('You do not have permission')->seePageIs('/');
+
+        $this->setEntityRestrictions($book, ['view', 'delete']);
+
+        $this->visit($bookUrl . '/delete')
+            ->seePageIs($bookUrl . '/delete')->see('Delete Book');
+        $this->visit($bookPage->getUrl() . '/delete')
+            ->seePageIs($bookPage->getUrl() . '/delete')->see('Delete Page');
+        $this->visit($bookChapter->getUrl() . '/delete')
+            ->see('Delete Chapter');
+    }
+
  }
diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php

index 9c312626ffb365e32315df121bb94d171efc810f..8ecdb37a383b70b1a86f4fdcd250efb24a92ce74 100644 (file)
--- a/tests/Permissions/RolesTest.php
+++ b/tests/Permissions/RolesTest.php
@@ -129,14 +129,14 @@ class RolesTest extends TestCase
      {
          $page = \BookStack\Page::take(1)->get()->first();
          $this->actingAs($this->user)->visit($page->getUrl())
-            ->dontSee('Restrict')
-            ->visit($page->getUrl() . '/restrict')
+            ->dontSee('Permissions')
+            ->visit($page->getUrl() . '/permissions')
              ->seePageIs('/');
          $this->giveUserPermissions($this->user, ['restrictions-manage-all']);
          $this->actingAs($this->user)->visit($page->getUrl())
-            ->see('Restrict')
-            ->click('Restrict')
-            ->see('Page Restrictions')->seePageIs($page->getUrl() . '/restrict');
+            ->see('Permissions')
+            ->click('Permissions')
+            ->see('Page Permissions')->seePageIs($page->getUrl() . '/permissions');
      }
  
      public function test_restrictions_manage_own_permission()
@@ -145,27 +145,27 @@ class RolesTest extends TestCase
          $content = $this->createEntityChainBelongingToUser($this->user);
          // Check can't restrict other's content
          $this->actingAs($this->user)->visit($otherUsersPage->getUrl())
-            ->dontSee('Restrict')
-            ->visit($otherUsersPage->getUrl() . '/restrict')
+            ->dontSee('Permissions')
+            ->visit($otherUsersPage->getUrl() . '/permissions')
              ->seePageIs('/');
          // Check can't restrict own content
          $this->actingAs($this->user)->visit($content['page']->getUrl())
-            ->dontSee('Restrict')
-            ->visit($content['page']->getUrl() . '/restrict')
+            ->dontSee('Permissions')
+            ->visit($content['page']->getUrl() . '/permissions')
              ->seePageIs('/');
  
          $this->giveUserPermissions($this->user, ['restrictions-manage-own']);
  
          // Check can't restrict other's content
          $this->actingAs($this->user)->visit($otherUsersPage->getUrl())
-            ->dontSee('Restrict')
-            ->visit($otherUsersPage->getUrl() . '/restrict')
+            ->dontSee('Permissions')
+            ->visit($otherUsersPage->getUrl() . '/permissions')
              ->seePageIs('/');
          // Check can restrict own content
          $this->actingAs($this->user)->visit($content['page']->getUrl())
-            ->see('Restrict')
-            ->click('Restrict')
-            ->seePageIs($content['page']->getUrl() . '/restrict');
+            ->see('Permissions')
+            ->click('Permissions')
+            ->seePageIs($content['page']->getUrl() . '/permissions');
      }
  
      /**
diff --git a/tests/TestCase.php b/tests/TestCase.php

index 567dc93eca876bc7426bfee781e80f35c1526ca5..d3b41831edde3bc816ee2a2d30aa64a3d48aecb6 100644 (file)
--- a/tests/TestCase.php
+++ b/tests/TestCase.php
@@ -170,4 +170,12 @@ class TestCase extends Illuminate\Foundation\Testing\TestCase
          $this->visit($link->link()->getUri());
          return $this;
      }
+
+    protected function actingAsUsers($usersArray, $callback)
+    {
+        foreach ($usersArray as $user) {
+            $this->actingAs($user);
+            $callback($user);
+        }
+    }
  }
author	Dan Brown <redacted>
	Wed, 30 Mar 2016 19:15:44 +0000 (20:15 +0100)
committer	Dan Brown <redacted>
	Wed, 30 Mar 2016 19:15:44 +0000 (20:15 +0100)
app/Http/routes.php		patch \| blob \| history
app/Services/RestrictionService.php		patch \| blob \| history
app/helpers.php		patch \| blob \| history
resources/views/books/restrictions.blade.php		patch \| blob \| history
resources/views/books/show.blade.php		patch \| blob \| history
resources/views/chapters/restrictions.blade.php		patch \| blob \| history
resources/views/chapters/show.blade.php		patch \| blob \| history
resources/views/form/restriction-form.blade.php		patch \| blob \| history
resources/views/pages/restrictions.blade.php		patch \| blob \| history
resources/views/pages/show.blade.php		patch \| blob \| history
resources/views/settings/roles/form.blade.php		patch \| blob \| history
resources/views/users/delete.blade.php		patch \| blob \| history
tests/Permissions/RestrictionsTest.php		patch \| blob \| history
tests/Permissions/RolesTest.php		patch \| blob \| history
tests/TestCase.php		patch \| blob \| history