mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-07-16 05:33:49 +03:00
Adds validation that the related page exists, is visible, and that the user has page edit permissions for the page. Aligns with attachment permission model, and aligns across different image endpoints. Added tests to cover. Closes #6126
40 lines
1.2 KiB
PHP
40 lines
1.2 KiB
PHP
<?php
|
|
|
|
namespace Tests\Commands;
|
|
|
|
use BookStack\Auth\Permissions\CollapsedPermission;
|
|
use BookStack\Permissions\Models\JointPermission;
|
|
use Illuminate\Support\Facades\Artisan;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Tests\TestCase;
|
|
|
|
class RegeneratePermissionsCommandTest extends TestCase
|
|
{
|
|
public function test_regen_permissions_command()
|
|
{
|
|
DB::rollBack();
|
|
$page = $this->entities->page();
|
|
$editor = $this->users->editor();
|
|
$role = $editor->roles()->first();
|
|
$this->permissions->setEntityPermissionsForRole($page, ['view'], $role);
|
|
JointPermission::query()->truncate();
|
|
|
|
$this->assertDatabaseMissing('joint_permissions', ['entity_id' => $page->id]);
|
|
|
|
$exitCode = Artisan::call('bookstack:regenerate-permissions');
|
|
$this->assertTrue($exitCode === 0, 'Command executed successfully');
|
|
|
|
$this->assertDatabaseHas('joint_permissions', [
|
|
'entity_id' => $page->id,
|
|
'entity_type' => 'page',
|
|
'role_id' => $role->id,
|
|
'status' => 3, // Explicit allow
|
|
]);
|
|
|
|
$page->permissions()->delete();
|
|
$page->rebuildPermissions();
|
|
|
|
DB::beginTransaction();
|
|
}
|
|
}
|