Merge branch 'master' of git://github.com/Abijeet/BookStack into Abijeet-master

author Dan Brown <redacted>

Tue, 1 Aug 2017 18:24:33 +0000 (19:24 +0100)

committer Dan Brown <redacted>

Tue, 1 Aug 2017 18:24:33 +0000 (19:24 +0100)
author Dan Brown <redacted>
Tue, 1 Aug 2017 18:24:33 +0000 (19:24 +0100)
committer Dan Brown <redacted>
Tue, 1 Aug 2017 18:24:33 +0000 (19:24 +0100)
diff --cc app/Services/PermissionService.php
Simple merge
diff --cc gulpfile.js
Simple merge
diff --cc resources/assets/js/controllers.js
Simple merge
diff --cc resources/assets/js/directives.js
Simple merge
diff --cc resources/lang/fr/entities.php

index 17b4ea91372b2a47f8025a1ef9baf2301b0eb711,c618bab0808e0a8934251f3d8ea0700ab719a719..0d89993e9d8043ba4c6e3f9b9f6f5c24079ad5f6
--- 1/resources/lang/fr/entities.php
--- 2/resources/lang/fr/entities.php
+++ b/resources/lang/fr/entities.php
@@@ -210,7 -210,29 +210,29 @@@ return 
        */
       'profile_user_for_x' => 'Utilisateur depuis :time',
       'profile_created_content' => 'Contenu créé',
- -    'profile_not_created_pages' => ':userName n\'a pas créé de pages',
- -    'profile_not_created_chapters' => ':userName n\'a pas créé de chapitres',
- -    'profile_not_created_books' => ':userName n\'a pas créé de livres',
+ +    'profile_not_created_pages' => ':userName n\'a pas créé de page',
+ +    'profile_not_created_chapters' => ':userName n\'a pas créé de chapitre',
+ +    'profile_not_created_books' => ':userName n\'a pas créé de livre',
+ 
+     /**
+      * Comments
+      */
+     'comment' => 'Commentaire',
+     'comments' => 'Commentaires',
+     'comment_placeholder' => 'Entrez vos commentaires ici, merci supporté ...',
+     'no_comments' => 'No Comments',
+     'x_comments' => ':numComments Commentaires',
+     'one_comment' => '1 Commentaire',
+     'comments_loading' => 'Loading ...',
+     'comment_save' => 'Enregistrer le commentaire',
+     'comment_reply' => 'Répondre',
+     'comment_edit' => 'Modifier',
+     'comment_delete' => 'Supprimer',
+     'comment_cancel' => 'Annuler',
+     'comment_created' => 'Commentaire ajouté',
+     'comment_updated' => 'Commentaire mis à jour',
+     'comment_deleted' => 'Commentaire supprimé',
+     'comment_updated_text' => 'Mis à jour il y a :updateDiff par',
+     'comment_delete_confirm' => 'Cela supprime le contenu du commentaire. Êtes-vous sûr de vouloir supprimer ce commentaire?',
+     'comment_create' => 'Créé'
   ];
diff --cc resources/lang/fr/errors.php
Simple merge
diff --cc resources/views/pages/show.blade.php
Simple merge
diff --cc tests/Permissions/RolesTest.php

index eda5d092ab0c6a180454d047a3b7b92851852488,0e9f691e0d86aa6d737ab211da977a5abf4cb2f1..f131ed8857927263173cdddcf0b42546b427d06b
--- 1/tests/Permissions/RolesTest.php
--- 2/tests/Permissions/RolesTest.php
+++ b/tests/Permissions/RolesTest.php
@@@ -621,40 -620,112 +621,148 @@@ class RolesTest extends BrowserKitTes
               ->dontSeeInDatabase('images', ['id' => $image->id]);
       }
   
+ +    public function test_role_permission_removal()
+ +    {
+ +        // To cover issue fixed in f99c8ff99aee9beb8c692f36d4b84dc6e651e50a.
+ +        $page = Page::first();
+ +        $viewerRole = \BookStack\Role::getRole('viewer');
+ +        $viewer = $this->getViewer();
+ +        $this->actingAs($viewer)->visit($page->getUrl())->assertResponseOk();
+ +
+ +        $this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [
+ +            'display_name' => $viewerRole->display_name,
+ +            'description' => $viewerRole->description,
+ +            'permission' => []
+ +        ])->assertResponseStatus(302);
+ +
+ +        $this->expectException(HttpException::class);
+ +        $this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(404);
+ +    }
+ +
+ +    public function test_empty_state_actions_not_visible_without_permission()
+ +    {
+ +        $admin = $this->getAdmin();
+ +        // Book links
+ +        $book = factory(\BookStack\Book::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id]);
+ +        $this->updateEntityPermissions($book);
+ +        $this->actingAs($this->getViewer())->visit($book->getUrl())
+ +            ->dontSee('Create a new page')
+ +            ->dontSee('Add a chapter');
+ +
+ +        // Chapter links
+ +        $chapter = factory(\BookStack\Chapter::class)->create(['created_by' => $admin->id, 'updated_by' => $admin->id, 'book_id' => $book->id]);
+ +        $this->updateEntityPermissions($chapter);
+ +        $this->actingAs($this->getViewer())->visit($chapter->getUrl())
+ +            ->dontSee('Create a new page')
+ +            ->dontSee('Sort the current book');
+ +    }
+ +
+     public function test_comment_create_permission () {
+         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+ 
+         $this->actingAs($this->user)->addComment($ownPage);
+ 
+         $this->assertResponseStatus(403);
+ 
+         $this->giveUserPermissions($this->user, ['comment-create-all']);
+ 
+         $this->actingAs($this->user)->addComment($ownPage);
+         $this->assertResponseOk(200)->seeJsonContains(['status' => 'success']);
+     }
+ 
+ 
+     public function test_comment_update_own_permission () {
+         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+         $this->giveUserPermissions($this->user, ['comment-create-all']);
+         $comment = $this->actingAs($this->user)->addComment($ownPage);
+ 
+         // no comment-update-own
+         $this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
+         $this->assertResponseStatus(403);
+ 
+         $this->giveUserPermissions($this->user, ['comment-update-own']);
+ 
+         // now has comment-update-own
+         $this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
+         $this->assertResponseOk()->seeJsonContains(['status' => 'success']);
+     }
+ 
+     public function test_comment_update_all_permission () {
+         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+         $comment = $this->asAdmin()->addComment($ownPage);
+ 
+         // no comment-update-all
+         $this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
+         $this->assertResponseStatus(403);
+ 
+         $this->giveUserPermissions($this->user, ['comment-update-all']);
+ 
+         // now has comment-update-all
+         $this->actingAs($this->user)->updateComment($ownPage, $comment['id']);
+         $this->assertResponseOk()->seeJsonContains(['status' => 'success']);
+     }
+ 
+     public function test_comment_delete_own_permission () {
+         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+         $this->giveUserPermissions($this->user, ['comment-create-all']);
+         $comment = $this->actingAs($this->user)->addComment($ownPage);
+ 
+         // no comment-delete-own
+         $this->actingAs($this->user)->deleteComment($comment['id']);
+         $this->assertResponseStatus(403);
+ 
+         $this->giveUserPermissions($this->user, ['comment-delete-own']);
+ 
+         // now has comment-update-own
+         $this->actingAs($this->user)->deleteComment($comment['id']);
+         $this->assertResponseOk()->seeJsonContains(['status' => 'success']);
+     }
+ 
+     public function test_comment_delete_all_permission () {
+         $ownPage = $this->createEntityChainBelongingToUser($this->user)['page'];
+         $comment = $this->asAdmin()->addComment($ownPage);
+ 
+         // no comment-delete-all
+         $this->actingAs($this->user)->deleteComment($comment['id']);
+         $this->assertResponseStatus(403);
+ 
+         $this->giveUserPermissions($this->user, ['comment-delete-all']);
+ 
+         // now has comment-delete-all
+         $this->actingAs($this->user)->deleteComment($comment['id']);
+         $this->assertResponseOk()->seeJsonContains(['status' => 'success']);
+     }
+ 
+     private function addComment($page) {
+         $comment = factory(\BookStack\Comment::class)->make();
+         $url = "/ajax/page/$page->id/comment/";
+         $request = [
+             'text' => $comment->text,
+             'html' => $comment->html
+         ];
+ 
+         $this->json('POST', $url, $request);
+         $resp = $this->decodeResponseJson();
+         if (isset($resp['comment'])) {
+             return $resp['comment'];
+         }
+         return null;
+     }
+ 
+     private function updateComment($page, $commentId) {
+         $comment = factory(\BookStack\Comment::class)->make();
+         $url = "/ajax/page/$page->id/comment/$commentId";
+         $request = [
+             'text' => $comment->text,
+             'html' => $comment->html
+         ];
+ 
+         return $this->json('PUT', $url, $request);
+     }
+ 
+     private function deleteComment($commentId) {
+          $url = '/ajax/comment/' . $commentId;
+          return $this->json('DELETE', $url);
+     }
+ 
   }
author	Dan Brown <redacted>
	Tue, 1 Aug 2017 18:24:33 +0000 (19:24 +0100)
committer	Dan Brown <redacted>
	Tue, 1 Aug 2017 18:24:33 +0000 (19:24 +0100)
		1	2
app/Services/PermissionService.php	patch \|	diff1 \|	diff2 \|	blob \| history
gulpfile.js	patch \|	diff1 \|	diff2 \|	blob \| history
resources/assets/js/controllers.js	patch \|	diff1 \|	diff2 \|	blob \| history
resources/assets/js/directives.js	patch \|	diff1 \|	diff2 \|	blob \| history
resources/lang/fr/entities.php	patch \|	diff1 \|	diff2 \|	blob \| history
resources/lang/fr/errors.php	patch \|	diff1 \|	diff2 \|	blob \| history
resources/views/pages/show.blade.php	patch \|	diff1 \|	diff2 \|	blob \| history
tests/Permissions/RolesTest.php	patch \|	diff1 \|	diff2 \|	blob \| history