From e7e019d3d44b263031d4a63f91e4c6bdf3b424eb Mon Sep 17 00:00:00 2001
From: Dan Brown <development@danb.me>
Date: Sun, 19 Apr 2026 15:56:54 +0100
Subject: [PATCH] Permissions: Added testing coverage for revision-view-all

---
 tests/Entity/PageRevisionTest.php | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/tests/Entity/PageRevisionTest.php b/tests/Entity/PageRevisionTest.php
index 132a10fa4..8b46e84a6 100644
--- a/tests/Entity/PageRevisionTest.php
+++ b/tests/Entity/PageRevisionTest.php
@@ -4,6 +4,8 @@ namespace Tests\Entity;
 
 use BookStack\Activity\ActivityType;
 use BookStack\Entities\Models\Page;
+use BookStack\Entities\Models\PageRevision;
+use BookStack\Permissions\Permission;
 use Tests\TestCase;
 
 class PageRevisionTest extends TestCase
@@ -257,6 +259,33 @@ class PageRevisionTest extends TestCase
         $revisionView->assertDontSee('dontwantthishere');
     }
 
+    public function test_access_to_revision_operation_requires_revision_view_all_permission()
+    {
+        $editor = $this->users->editor();
+        $this->actingAs($editor);
+
+        $page = $this->entities->page();
+        $this->createRevisions($page, 3);
+        /** @var PageRevision $revision */
+        $revision = $page->revisions()->orderBy('id', 'desc')->first();
+
+        $this->get($page->getUrl())->assertSee($page->getUrl('/revisions'), false);
+        $this->get($page->getUrl('/revisions'))->assertOk();
+        $this->get($revision->getUrl())->assertOk();
+        $this->get($revision->getUrl('/changes'))->assertOk();
+        $this->put($revision->getUrl('/restore'))->assertRedirect($page->getUrl());
+        $this->delete($revision->getUrl('/delete'))->assertRedirect($page->getUrl('/revisions'));
+
+        $this->permissions->removeUserRolePermissions($editor, [Permission::RevisionViewAll]);
+
+        $this->get($page->getUrl())->assertDontSee($page->getUrl('/revisions'), false);
+        $this->assertPermissionError($this->get($page->getUrl('/revisions')));
+        $this->assertPermissionError($this->get($revision->getUrl()));
+        $this->assertPermissionError($this->get($revision->getUrl('/changes')));
+        $this->assertPermissionError($this->put($revision->getUrl('/restore')));
+        $this->assertPermissionError($this->delete($revision->getUrl('/delete')));
+    }
+
     public function test_revision_restore_action_only_visible_with_permission()
     {
         $page = $this->entities->page();