$currentParent = $modelMap[$currentParentKey] ?? null;
/** @var Book $newBook */
- $newBook = $modelMap['book:' . $sortMapItem->parentBookId];
+ $newBook = $modelMap['book:' . $sortMapItem->parentBookId] ?? null;
/** @var ?Chapter $newChapter */
$newChapter = $sortMapItem->parentChapterId ? ($modelMap['chapter:' . $sortMapItem->parentChapterId] ?? null) : null;
/**
* Check if the current user has permissions to apply the given sorting change.
+ * Is quite complex since items can gain a different parent change. Acts as a:
+ * - Update of old parent element (Change of content/order).
+ * - Update of sorted/moved element.
+ * - Deletion of element (Relative to parent upon move).
+ * - Creation of element within parent (Upon move to new parent).
*/
- protected function isSortChangePermissible(BookSortMapItem $sortMapItem, Entity $model, ?Entity $currentParent, ?Entity $newBook, ?Entity $newChapter): bool
+ protected function isSortChangePermissible(BookSortMapItem $sortMapItem, BookChild $model, ?Entity $currentParent, ?Entity $newBook, ?Entity $newChapter): bool
{
- // TODO - Move operations check for create permissions, Needs these also/instead?
-
// Stop if we can't see the current parent or new book.
if (!$currentParent || !$newBook) {
return false;
}
+ $hasNewParent = $newBook->id !== $model->book_id || ($model instanceof Page && $model->chapter_id !== ($sortMapItem->parentChapterId ?? 0));
if ($model instanceof Chapter) {
$hasPermission = userCan('book-update', $currentParent)
- && userCan('book-update', $newBook);
+ && userCan('book-update', $newBook)
+ && userCan('chapter-update', $model)
+ && (!$hasNewParent || userCan('chapter-create', $newBook))
+ && (!$hasNewParent || userCan('chapter-delete', $model));
+
if (!$hasPermission) {
return false;
}
return false;
}
+ $hasPageEditPermission = userCan('page-update', $model);
$newParentInRightLocation = ($newParent instanceof Book || $newParent->book_id === $newBook->id);
$newParentPermission = ($newParent instanceof Chapter) ? 'chapter-update' : 'book-update';
$hasNewParentPermission = userCan($newParentPermission, $newParent);
- $hasPermission = $hasCurrentParentPermission && $newParentInRightLocation && $hasNewParentPermission;
+ $hasDeletePermissionIfMoving = (!$hasNewParent || userCan('page-delete', $model));
+ $hasCreatePermissionIfMoving = (!$hasNewParent || userCan('page-create', $newParent));
+
+ $hasPermission = $hasCurrentParentPermission
+ && $newParentInRightLocation
+ && $hasNewParentPermission
+ && $hasPageEditPermission
+ && $hasDeletePermissionIfMoving
+ && $hasCreatePermissionIfMoving;
+
if (!$hasPermission) {
return false;
}
public function test_page_move_into_book()
{
- $page = Page::first();
+ $page = Page::query()->first();
$currentBook = $page->book;
- $newBook = Book::where('id', '!=', $currentBook->id)->first();
+ $newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$resp = $this->asEditor()->get($page->getUrl('/move'));
$resp->assertSee('Move Page');
$movePageResp = $this->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
]);
- $page = Page::find($page->id);
+ $page = Page::query()->find($page->id);
$movePageResp->assertRedirect($page->getUrl());
$this->assertTrue($page->book->id == $newBook->id, 'Page book is now the new book');
public function test_page_move_into_chapter()
{
- $page = Page::first();
+ $page = Page::query()->first();
$currentBook = $page->book;
- $newBook = Book::where('id', '!=', $currentBook->id)->first();
+ $newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$newChapter = $newBook->chapters()->first();
$movePageResp = $this->actingAs($this->getEditor())->put($page->getUrl('/move'), [
'entity_selection' => 'chapter:' . $newChapter->id,
]);
- $page = Page::find($page->id);
+ $page = Page::query()->find($page->id);
$movePageResp->assertRedirect($page->getUrl());
$this->assertTrue($page->book->id == $newBook->id, 'Page parent is now the new chapter');
public function test_page_move_from_chapter_to_book()
{
- $oldChapter = Chapter::first();
+ $oldChapter = Chapter::query()->first();
$page = $oldChapter->pages()->first();
- $newBook = Book::where('id', '!=', $oldChapter->book_id)->first();
+ $newBook = Book::query()->where('id', '!=', $oldChapter->book_id)->first();
$movePageResp = $this->actingAs($this->getEditor())->put($page->getUrl('/move'), [
'entity_selection' => 'book:' . $newBook->id,
'entity_selection' => 'book:' . $newBook->id,
]);
- $page = Page::find($page->id);
+ $page = Page::query()->find($page->id);
$movePageResp->assertRedirect($page->getUrl());
$this->assertTrue($page->book->id == $newBook->id, 'Page book is now the new book');
public function test_page_move_requires_delete_permissions()
{
- $page = Page::first();
+ $page = Page::query()->first();
$currentBook = $page->book;
- $newBook = Book::where('id', '!=', $currentBook->id)->first();
+ $newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
$this->setEntityRestrictions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all());
'entity_selection' => 'book:' . $newBook->id,
]);
- $page = Page::find($page->id);
+ $page = Page::query()->find($page->id);
$movePageResp->assertRedirect($page->getUrl());
$this->assertTrue($page->book->id == $newBook->id, 'Page book is now the new book');
}
public function test_chapter_move()
{
- $chapter = Chapter::first();
+ $chapter = Chapter::query()->first();
$currentBook = $chapter->book;
$pageToCheck = $chapter->pages->first();
- $newBook = Book::where('id', '!=', $currentBook->id)->first();
+ $newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$chapterMoveResp = $this->asEditor()->get($chapter->getUrl('/move'));
$chapterMoveResp->assertSee('Move Chapter');
'entity_selection' => 'book:' . $newBook->id,
]);
- $chapter = Chapter::find($chapter->id);
+ $chapter = Chapter::query()->find($chapter->id);
$moveChapterResp->assertRedirect($chapter->getUrl());
$this->assertTrue($chapter->book->id === $newBook->id, 'Chapter Book is now the new book');
$newBookResp->assertSee('moved chapter');
$newBookResp->assertSee($chapter->name);
- $pageToCheck = Page::find($pageToCheck->id);
+ $pageToCheck = Page::query()->find($pageToCheck->id);
$this->assertTrue($pageToCheck->book_id === $newBook->id, 'Chapter child page\'s book id has changed to the new book');
$pageCheckResp = $this->get($pageToCheck->getUrl());
$pageCheckResp->assertSee($newBook->name);
public function test_chapter_move_requires_delete_permissions()
{
- $chapter = Chapter::first();
+ $chapter = Chapter::query()->first();
$currentBook = $chapter->book;
- $newBook = Book::where('id', '!=', $currentBook->id)->first();
+ $newBook = Book::query()->where('id', '!=', $currentBook->id)->first();
$editor = $this->getEditor();
$this->setEntityRestrictions($newBook, ['view', 'update', 'create', 'delete'], $editor->roles->all());
'entity_selection' => 'book:' . $newBook->id,
]);
- $chapter = Chapter::find($chapter->id);
+ $chapter = Chapter::query()->find($chapter->id);
$moveChapterResp->assertRedirect($chapter->getUrl());
$this->assertTrue($chapter->book->id == $newBook->id, 'Page book is now the new book');
}
]);
}
- public function test_book_sort_makes_no_changes_if_no_update_permissions_on_new_chapter()
+ public function test_book_sort_makes_no_changes_if_no_view_permissions_on_new_book()
+ {
+ /** @var Page $page */
+ $page = Page::query()->where('chapter_id', '!=', 0)->first();
+ /** @var Chapter $otherChapter */
+ $otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first();
+ $editor = $this->getEditor();
+ $this->setEntityRestrictions($otherChapter->book, ['update', 'delete'], [$editor->roles()->first()]);
+
+ $sortData = [
+ 'id' => $page->id,
+ 'sort' => 0,
+ 'parentChapter' => $otherChapter->id,
+ 'type' => 'page',
+ 'book' => $otherChapter->book_id,
+ ];
+ $this->actingAs($editor)->put($page->book->getUrl('/sort'), ['sort-tree' => json_encode([$sortData])])->assertRedirect();
+
+ $this->assertDatabaseHas('pages', [
+ 'id' => $page->id, 'chapter_id' => $page->chapter_id, 'book_id' => $page->book_id,
+ ]);
+ }
+
+ public function test_book_sort_makes_no_changes_if_no_update_or_create_permissions_on_new_chapter()
+ {
+ /** @var Page $page */
+ $page = Page::query()->where('chapter_id', '!=', 0)->first();
+ /** @var Chapter $otherChapter */
+ $otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first();
+ $editor = $this->getEditor();
+ $this->setEntityRestrictions($otherChapter, ['view', 'delete'], [$editor->roles()->first()]);
+
+ $sortData = [
+ 'id' => $page->id,
+ 'sort' => 0,
+ 'parentChapter' => $otherChapter->id,
+ 'type' => 'page',
+ 'book' => $otherChapter->book_id,
+ ];
+ $this->actingAs($editor)->put($page->book->getUrl('/sort'), ['sort-tree' => json_encode([$sortData])])->assertRedirect();
+
+ $this->assertDatabaseHas('pages', [
+ 'id' => $page->id, 'chapter_id' => $page->chapter_id, 'book_id' => $page->book_id,
+ ]);
+ }
+
+ public function test_book_sort_makes_no_changes_if_no_update_permissions_on_moved_item()
+ {
+ /** @var Page $page */
+ $page = Page::query()->where('chapter_id', '!=', 0)->first();
+ /** @var Chapter $otherChapter */
+ $otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first();
+ $editor = $this->getEditor();
+ $this->setEntityRestrictions($page, ['view', 'delete'], [$editor->roles()->first()]);
+
+ $sortData = [
+ 'id' => $page->id,
+ 'sort' => 0,
+ 'parentChapter' => $otherChapter->id,
+ 'type' => 'page',
+ 'book' => $otherChapter->book_id,
+ ];
+ $this->actingAs($editor)->put($page->book->getUrl('/sort'), ['sort-tree' => json_encode([$sortData])])->assertRedirect();
+
+ $this->assertDatabaseHas('pages', [
+ 'id' => $page->id, 'chapter_id' => $page->chapter_id, 'book_id' => $page->book_id,
+ ]);
+ }
+
+ public function test_book_sort_makes_no_changes_if_no_delete_permissions_on_moved_item()
{
/** @var Page $page */
$page = Page::query()->where('chapter_id', '!=', 0)->first();
/** @var Chapter $otherChapter */
$otherChapter = Chapter::query()->where('book_id', '!=', $page->book_id)->first();
$editor = $this->getEditor();
- $this->setEntityRestrictions($otherChapter, ['view'], [$editor->roles()->first()]);
+ $this->setEntityRestrictions($page, ['view', 'update'], [$editor->roles()->first()]);
$sortData = [
'id' => $page->id,
]);
}
+
public function test_book_sort_item_returns_book_content()
{
$books = Book::all();
projects / bookstack / commitdiff