Skip to content

Commit e7e019d

Browse files
ssddanbrownssddanbrown
committed
Permissions: Added testing coverage for revision-view-all
1 parent 1339f66 commit e7e019d

1 file changed

Lines changed: 29 additions & 0 deletions

File tree

tests/Entity/PageRevisionTest.php

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44

55
use BookStack\Activity\ActivityType;
66
use BookStack\Entities\Models\Page;
7+
use BookStack\Entities\Models\PageRevision;
8+
use BookStack\Permissions\Permission;
79
use Tests\TestCase;
810

911
class PageRevisionTest extends TestCase
@@ -257,6 +259,33 @@ public function test_revision_changes_view_filters_html_content()
257259
$revisionView->assertDontSee('dontwantthishere');
258260
}
259261

262+
public function test_access_to_revision_operation_requires_revision_view_all_permission()
263+
{
264+
$editor = $this->users->editor();
265+
$this->actingAs($editor);
266+
267+
$page = $this->entities->page();
268+
$this->createRevisions($page, 3);
269+
/** @var PageRevision $revision */
270+
$revision = $page->revisions()->orderBy('id', 'desc')->first();
271+
272+
$this->get($page->getUrl())->assertSee($page->getUrl('/revisions'), false);
273+
$this->get($page->getUrl('/revisions'))->assertOk();
274+
$this->get($revision->getUrl())->assertOk();
275+
$this->get($revision->getUrl('/changes'))->assertOk();
276+
$this->put($revision->getUrl('/restore'))->assertRedirect($page->getUrl());
277+
$this->delete($revision->getUrl('/delete'))->assertRedirect($page->getUrl('/revisions'));
278+
279+
$this->permissions->removeUserRolePermissions($editor, [Permission::RevisionViewAll]);
280+
281+
$this->get($page->getUrl())->assertDontSee($page->getUrl('/revisions'), false);
282+
$this->assertPermissionError($this->get($page->getUrl('/revisions')));
283+
$this->assertPermissionError($this->get($revision->getUrl()));
284+
$this->assertPermissionError($this->get($revision->getUrl('/changes')));
285+
$this->assertPermissionError($this->put($revision->getUrl('/restore')));
286+
$this->assertPermissionError($this->delete($revision->getUrl('/delete')));
287+
}
288+
260289
public function test_revision_restore_action_only_visible_with_permission()
261290
{
262291
$page = $this->entities->page();

0 commit comments

Comments
 (0)