Updated and added tests for new default user system

Closes #138

Updated and added tests for new default user system
Closes #138
Dan Brown
Commit 3b7d223b0c7f4ebc9f4b9d7ce4efb2f5fa6ef4ed 3b7d223b 1 parent b662670e
Showing 10 changed files with 107 additions and 15 deletions
app/Http/Controllers/PageController.php
app/Http/Controllers/UserController.php
app/Role.php
resources/views/users/edit.blade.php
tests/Auth/AuthTest.php
tests/Auth/LdapTest.php
tests/Permissions/RolesTest.php
tests/PublicViewTest.php → tests/PublicActionTest.php
tests/TestCase.php
tests/UserProfileTest.php
--- a/app/Http/Controllers/PageController.php
View file @3b7d223
+++ b/app/Http/Controllers/PageController.php
View file @3b7d223
@@ -106,7 +106,13 @@ class PageController extends Controller
         $this->checkOwnablePermission('page-create', $book);
         $this->setPageTitle('Edit Page Draft');
-        return view('pages/edit', ['page' => $draft, 'book' => $book, 'isDraft' => true]);
+        $draftsEnabled = $this->signedIn;
+        return view('pages/edit', [
+            'page' => $draft,
+            'book' => $book,
+            'isDraft' => true,
+            'draftsEnabled' => $draftsEnabled
+        ]);
     }
     /**
--- a/app/Http/Controllers/UserController.php
View file @3b7d223
+++ b/app/Http/Controllers/UserController.php
View file @3b7d223
@@ -187,7 +187,7 @@ class UserController extends Controller
     /**
      * Show the user delete page.
-     * @param $id
+     * @param int $id
      * @return \Illuminate\View\View
      */
     public function delete($id)
@@ -220,6 +220,11 @@ class UserController extends Controller
             return redirect($user->getEditUrl());
         }
+        if ($user->system_name === 'public') {
+            session()->flash('error', 'You cannot delete the guest user');
+            return redirect($user->getEditUrl());
+        }
+
         $this->userRepo->destroy($user);
         session()->flash('success', 'User successfully removed');
--- a/app/Role.php
View file @3b7d223
+++ b/app/Role.php
View file @3b7d223
@@ -66,7 +66,7 @@ class Role extends Model
     /**
      * Get the role object for the specified role.
      * @param $roleName
-     * @return mixed
+     * @return Role
      */
     public static function getRole($roleName)
     {
@@ -76,7 +76,7 @@ class Role extends Model
     /**
      * Get the role object for the specified system role.
      * @param $roleName
-     * @return mixed
+     * @return Role
      */
     public static function getSystemRole($roleName)
     {
--- a/resources/views/users/edit.blade.php
View file @3b7d223
+++ b/resources/views/users/edit.blade.php
View file @3b7d223
@@ -15,7 +15,9 @@
                 </div>
                 <div class="col-sm-4">
                     <p></p>
+                    @if($authMethod !== 'system')
                         <a href="{{ baseUrl("/settings/users/{$user->id}/delete") }}" class="neg button float right">Delete User</a>
+                    @endif
                 </div>
             </div>
             <div class="row">
--- a/tests/Auth/AuthTest.php
View file @3b7d223
+++ b/tests/Auth/AuthTest.php
View file @3b7d223
@@ -146,7 +146,7 @@ class AuthTest extends TestCase
     public function test_user_updating()
     {
-        $user = \BookStack\User::all()->last();
+        $user = $this->getNormalUser();
         $password = $user->password;
         $this->asAdmin()
             ->visit('/settings/users')
@@ -162,7 +162,7 @@ class AuthTest extends TestCase
     public function test_user_password_update()
     {
-        $user = \BookStack\User::all()->last();
+        $user = $this->getNormalUser();
         $userProfilePage = '/settings/users/' . $user->id;
         $this->asAdmin()
             ->visit($userProfilePage)
--- a/tests/Auth/LdapTest.php
View file @3b7d223
+++ b/tests/Auth/LdapTest.php
View file @3b7d223
@@ -108,7 +108,7 @@ class LdapTest extends \TestCase
     public function test_user_edit_form()
     {
-        $editUser = User::all()->last();
+        $editUser = $this->getNormalUser();
         $this->asAdmin()->visit('/settings/users/' . $editUser->id)
             ->see('Edit User')
             ->dontSee('Password')
@@ -126,7 +126,7 @@ class LdapTest extends \TestCase
     public function test_non_admins_cannot_change_auth_id()
     {
-        $testUser = User::all()->last();
+        $testUser = $this->getNormalUser();
         $this->actingAs($testUser)->visit('/settings/users/' . $testUser->id)
             ->dontSee('External Authentication');
     }
--- a/tests/Permissions/RolesTest.php
View file @3b7d223
+++ b/tests/Permissions/RolesTest.php
View file @3b7d223
@@ -544,27 +544,38 @@ class RolesTest extends TestCase
             ->dontSeeInElement('.book-content', $otherPage->name);
     }
-    public function test_public_role_not_visible_in_user_edit_screen()
+    public function test_public_role_visible_in_user_edit_screen()
     {
         $user = \BookStack\User::first();
         $this->asAdmin()->visit('/settings/users/' . $user->id)
             ->seeElement('#roles-admin')
-            ->dontSeeElement('#roles-public');
+            ->seeElement('#roles-public');
     }
-    public function test_public_role_not_visible_in_role_listing()
+    public function test_public_role_visible_in_role_listing()
     {
         $this->asAdmin()->visit('/settings/roles')
             ->see('Admin')
-            ->dontSee('Public');
+            ->see('Public');
     }
-    public function test_public_role_not_visible_in_default_role_setting()
+    public function test_public_role_visible_in_default_role_setting()
     {
         $this->asAdmin()->visit('/settings')
             ->seeElement('[data-role-name="admin"]')
-            ->dontSeeElement('[data-role-name="public"]');
+            ->seeElement('[data-role-name="public"]');
     }
+    public function test_public_role_not_deleteable()
+    {
+        $this->asAdmin()->visit('/settings/roles')
+            ->click('Public')
+            ->see('Edit Role')
+            ->click('Delete Role')
+            ->press('Confirm')
+            ->see('Delete Role')
+            ->see('Cannot be deleted');
+    }
+
 }
--- a/tests/PublicViewTest.php → tests/PublicActionTest.php
View file @3b7d223
+++ b/tests/PublicViewTest.php → tests/PublicActionTest.php
View file @3b7d223
 <?php
-class PublicViewTest extends TestCase
+class PublicActionTest extends TestCase
 {
+    public function test_app_not_public()
+    {
+        $this->setSettings(['app-public' => 'false']);
+        $book = \BookStack\Book::orderBy('name', 'asc')->first();
+        $this->visit('/books')->seePageIs('/login');
+        $this->visit($book->getUrl())->seePageIs('/login');
+
+        $page = \BookStack\Page::first();
+        $this->visit($page->getUrl())->seePageIs('/login');
+    }
+
     public function test_books_viewable()
     {
         $this->setSettings(['app-public' => 'true']);
@@ -38,4 +49,35 @@ class PublicViewTest extends TestCase
             ->seePageIs($pageToVisit->getUrl());
     }
+    public function test_public_page_creation()
+    {
+        $this->setSettings(['app-public' => 'true']);
+        $publicRole = \BookStack\Role::getSystemRole('public');
+        // Grant all permissions to public
+        $publicRole->permissions()->detach();
+        foreach (\BookStack\RolePermission::all() as $perm) {
+            $publicRole->attachPermission($perm);
+        }
+        $this->app[\BookStack\Services\PermissionService::class]->buildJointPermissionForRole($publicRole);
+
+        $chapter = \BookStack\Chapter::first();
+        $this->visit($chapter->book->getUrl());
+        $this->visit($chapter->getUrl())
+            ->click('New Page')
+            ->see('Create Page')
+            ->seePageIs($chapter->getUrl('/create-page'));
+
+        $this->submitForm('Continue', [
+            'name' => 'My guest page'
+        ])->seePageIs($chapter->book->getUrl('/page/my-guest-page/edit'));
+
+        $user = \BookStack\User::getDefault();
+        $this->seeInDatabase('pages', [
+            'name' => 'My guest page',
+            'chapter_id' => $chapter->id,
+            'created_by' => $user->id,
+            'updated_by' => $user->id
+        ]);
+    }
+
 }
\ No newline at end of file
--- a/tests/TestCase.php
View file @3b7d223
+++ b/tests/TestCase.php
View file @3b7d223
@@ -67,6 +67,14 @@ class TestCase extends Illuminate\Foundation\Testing\TestCase
     }
     /**
+     * Get a user that's not a system user such as the guest user.
+     */
+    public function getNormalUser()
+    {
+        return \BookStack\User::where('system_name', '=', null)->get()->last();
+    }
+
+    /**
      * Quickly sets an array of settings.
      * @param $settingsArray
      */
--- a/tests/UserProfileTest.php
View file @3b7d223
+++ b/tests/UserProfileTest.php
View file @3b7d223
@@ -77,4 +77,22 @@ class UserProfileTest extends TestCase
             ->see($newUser->name);
     }
+    public function test_guest_profile_shows_limited_form()
+    {
+        $this->asAdmin()
+            ->visit('/settings/users')
+            ->click('Guest')
+            ->dontSeeElement('#password');
+    }
+
+    public function test_guest_profile_cannot_be_deleted()
+    {
+        $guestUser = \BookStack\User::getDefault();
+        $this->asAdmin()->visit('/settings/users/' . $guestUser->id . '/delete')
+            ->see('Delete User')->see('Guest')
+            ->press('Confirm')
+            ->seePageIs('/settings/users/' . $guestUser->id)
+            ->see('cannot delete the guest user');
+    }
+    
 }