starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-05-04 18:08:46 +03:00
Code Issues 784 Packages Projects Releases 15 Wiki Activity

Permissions: Added testing coverage for revision-view-all

Browse Source
This commit is contained in:
Dan Brown
2026-04-19 15:56:54 +01:00
parent 1339f668eb
commit e7e019d3d4
1 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
tests/Entity/PageRevisionTest.php
View File

@@ -4,6 +4,8 @@ namespace Tests\Entity;
use BookStack\Activity\ActivityType; use BookStack\Activity\ActivityType;
use BookStack\Entities\Models\Page; use BookStack\Entities\Models\Page;
use BookStack\Entities\Models\PageRevision;
use BookStack\Permissions\Permission;
use Tests\TestCase; use Tests\TestCase;
class PageRevisionTest extends TestCase class PageRevisionTest extends TestCase
@@ -257,6 +259,33 @@ class PageRevisionTest extends TestCase
$revisionView->assertDontSee('dontwantthishere'); $revisionView->assertDontSee('dontwantthishere');
} }
public function test_access_to_revision_operation_requires_revision_view_all_permission()
{
$editor = $this->users->editor();
$this->actingAs($editor);
$page = $this->entities->page();
$this->createRevisions($page, 3);
/** @var PageRevision $revision */
$revision = $page->revisions()->orderBy('id', 'desc')->first();
$this->get($page->getUrl())->assertSee($page->getUrl('/revisions'), false);
$this->get($page->getUrl('/revisions'))->assertOk();
$this->get($revision->getUrl())->assertOk();
$this->get($revision->getUrl('/changes'))->assertOk();
$this->put($revision->getUrl('/restore'))->assertRedirect($page->getUrl());
$this->delete($revision->getUrl('/delete'))->assertRedirect($page->getUrl('/revisions'));
$this->permissions->removeUserRolePermissions($editor, [Permission::RevisionViewAll]);
$this->get($page->getUrl())->assertDontSee($page->getUrl('/revisions'), false);
$this->assertPermissionError($this->get($page->getUrl('/revisions')));
$this->assertPermissionError($this->get($revision->getUrl()));
$this->assertPermissionError($this->get($revision->getUrl('/changes')));
$this->assertPermissionError($this->put($revision->getUrl('/restore')));
$this->assertPermissionError($this->delete($revision->getUrl('/delete')));
}
public function test_revision_restore_action_only_visible_with_permission() public function test_revision_restore_action_only_visible_with_permission()
{ {
$page = $this->entities->page(); $page = $this->entities->page();