archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-07 17:40:57 +00:00
Code Issues Projects Releases Wiki Activity

Applied permissions to revision action visibility

Browse source 
Related to
This commit is contained in:
Dan Brown 2022-09-28 11:10:06 +01:00
parent 6dd89ba956
commit 1ac1cf0c78
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
2 changed files with 117 additions and 88 deletions
resources/views/pages/parts
revision-table-row.blade.php
tests/Entity
PageRevisionTest.php

74
resources/views/pages/parts/revision-table-row.blade.php
View file

@ -30,40 +30,46 @@
<a target="_blank" rel="noopener" href="{{ $revision->page->getUrl() }}"><i>{{ trans('entities.pages_revisions_current') }}</i></a> <a target="_blank" rel="noopener" href="{{ $revision->page->getUrl() }}"><i>{{ trans('entities.pages_revisions_current') }}</i></a>
@else @else
<a href="{{ $revision->getUrl() }}" target="_blank" rel="noopener">{{ trans('entities.pages_revisions_preview') }}</a> <a href="{{ $revision->getUrl() }}" target="_blank" rel="noopener">{{ trans('entities.pages_revisions_preview') }}</a>
<span class="text-muted">&nbsp;|&nbsp;</span>
<div component="dropdown" class="dropdown-container"> @if(userCan('page-update', $revision->page))
<a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('entities.pages_revisions_restore') }}</a> <span class="text-muted">&nbsp;|&nbsp;</span>
<ul refs="dropdown@menu" class="dropdown-menu" role="menu"> <div component="dropdown" class="dropdown-container">
<li class="px-m py-s"><small class="text-muted">{{trans('entities.revision_restore_confirm')}}</small></li> <a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('entities.pages_revisions_restore') }}</a>
<li> <ul refs="dropdown@menu" class="dropdown-menu" role="menu">
<form action="{{ $revision->getUrl('/restore') }}" method="POST"> <li class="px-m py-s"><small class="text-muted">{{trans('entities.revision_restore_confirm')}}</small></li>
{!! csrf_field() !!} <li>
<input type="hidden" name="_method" value="PUT"> <form action="{{ $revision->getUrl('/restore') }}" method="POST">
<button type="submit" class="text-primary icon-item"> {!! csrf_field() !!}
@icon('history') <input type="hidden" name="_method" value="PUT">
<div>{{ trans('entities.pages_revisions_restore') }}</div> <button type="submit" class="text-primary icon-item">
</button> @icon('history')
</form> <div>{{ trans('entities.pages_revisions_restore') }}</div>
</li> </button>
</ul> </form>
</div> </li>
<span class="text-muted">&nbsp;|&nbsp;</span> </ul>
<div component="dropdown" class="dropdown-container"> </div>
<a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('common.delete') }}</a> @endif
<ul refs="dropdown@menu" class="dropdown-menu" role="menu">
<li class="px-m py-s"><small class="text-muted">{{trans('entities.revision_delete_confirm')}}</small></li> @if(userCan('page-delete', $revision->page))
<li> <span class="text-muted">&nbsp;|&nbsp;</span>
<form action="{{ $revision->getUrl('/delete/') }}" method="POST"> <div component="dropdown" class="dropdown-container">
{!! csrf_field() !!} <a refs="dropdown@toggle" href="#" aria-haspopup="true" aria-expanded="false">{{ trans('common.delete') }}</a>
<input type="hidden" name="_method" value="DELETE"> <ul refs="dropdown@menu" class="dropdown-menu" role="menu">
<button type="submit" class="text-neg icon-item"> <li class="px-m py-s"><small class="text-muted">{{trans('entities.revision_delete_confirm')}}</small></li>
@icon('delete') <li>
<div>{{ trans('common.delete') }}</div> <form action="{{ $revision->getUrl('/delete/') }}" method="POST">
</button> {!! csrf_field() !!}
</form> <input type="hidden" name="_method" value="DELETE">
</li> <button type="submit" class="text-neg icon-item">
</ul> @icon('delete')
</div> <div>{{ trans('common.delete') }}</div>
</button>
</form>
</li>
</ul>
</div>
@endif
@endif @endif
</td> </td>
</tr> </tr>

131
tests/Entity/PageRevisionTest.php
View file

@ -4,7 +4,6 @@ namespace Tests\Entity;
use BookStack\Actions\ActivityType; use BookStack\Actions\ActivityType;
use BookStack\Entities\Models\Page; use BookStack\Entities\Models\Page;
use BookStack\Entities\Repos\PageRepo;
use Tests\TestCase; use Tests\TestCase;
class PageRevisionTest extends TestCase class PageRevisionTest extends TestCase
@ -23,30 +22,26 @@ class PageRevisionTest extends TestCase
public function test_page_revision_views_viewable() public function test_page_revision_views_viewable()
{ {
$this->asEditor(); $this->asEditor();
$pageRepo = app(PageRepo::class);
$page = Page::first(); $page = Page::first();
$pageRepo->update($page, ['name' => 'updated page', 'html' => '<p>new content</p>', 'summary' => 'page revision testing']); $this->createRevisions($page, 1, ['name' => 'updated page', 'html' => '<p>new content</p>']);
$pageRevision = $page->revisions->last(); $pageRevision = $page->revisions->last();
$revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id); $resp = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id);
$revisionView->assertStatus(200); $resp->assertStatus(200);
$revisionView->assertSee('new content'); $resp->assertSee('new content');
$revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id . '/changes'); $resp = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id . '/changes');
$revisionView->assertStatus(200); $resp->assertStatus(200);
$revisionView->assertSee('new content'); $resp->assertSee('new content');
} }
public function test_page_revision_preview_shows_content_of_revision() public function test_page_revision_preview_shows_content_of_revision()
{ {
$this->asEditor(); $this->asEditor();
$pageRepo = app(PageRepo::class);
$page = Page::first(); $page = Page::first();
$pageRepo->update($page, ['name' => 'updated page', 'html' => '<p>new revision content</p>', 'summary' => 'page revision testing']); $this->createRevisions($page, 1, ['name' => 'updated page', 'html' => '<p>new revision content</p>']);
$pageRevision = $page->revisions->last(); $pageRevision = $page->revisions->last();
$pageRepo->update($page, ['name' => 'updated page', 'html' => '<p>Updated content</p>', 'summary' => 'page revision testing 2']); $this->createRevisions($page, 1, ['name' => 'updated page', 'html' => '<p>Updated content</p>']);
$revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id); $revisionView = $this->get($page->getUrl() . '/revisions/' . $pageRevision->id);
$revisionView->assertStatus(200); $revisionView->assertStatus(200);
@ -56,11 +51,9 @@ class PageRevisionTest extends TestCase
public function test_page_revision_restore_updates_content() public function test_page_revision_restore_updates_content()
{ {
$this->asEditor(); $this->asEditor();
$pageRepo = app(PageRepo::class);
$page = Page::first(); $page = Page::first();
$pageRepo->update($page, ['name' => 'updated page abc123', 'html' => '<p>new contente def456</p>', 'summary' => 'initial page revision testing']); $this->createRevisions($page, 1, ['name' => 'updated page abc123', 'html' => '<p>new contente def456</p>']);
$pageRepo->update($page, ['name' => 'updated page again', 'html' => '<p>new content</p>', 'summary' => 'page revision testing']); $this->createRevisions($page, 1, ['name' => 'updated page again', 'html' => '<p>new content</p>']);
$page = Page::find($page->id); $page = Page::find($page->id);
$pageView = $this->get($page->getUrl()); $pageView = $this->get($page->getUrl());
@ -82,11 +75,9 @@ class PageRevisionTest extends TestCase
public function test_page_revision_restore_with_markdown_retains_markdown_content() public function test_page_revision_restore_with_markdown_retains_markdown_content()
{ {
$this->asEditor(); $this->asEditor();
$pageRepo = app(PageRepo::class);
$page = Page::first(); $page = Page::first();
$pageRepo->update($page, ['name' => 'updated page abc123', 'markdown' => '## New Content def456', 'summary' => 'initial page revision testing']); $this->createRevisions($page, 1, ['name' => 'updated page abc123', 'markdown' => '## New Content def456']);
$pageRepo->update($page, ['name' => 'updated page again', 'markdown' => '## New Content Updated', 'summary' => 'page revision testing']); $this->createRevisions($page, 1, ['name' => 'updated page again', 'markdown' => '## New Content Updated']);
$page = Page::find($page->id); $page = Page::find($page->id);
$pageView = $this->get($page->getUrl()); $pageView = $this->get($page->getUrl());
@ -112,11 +103,9 @@ class PageRevisionTest extends TestCase
public function test_page_revision_restore_sets_new_revision_with_summary() public function test_page_revision_restore_sets_new_revision_with_summary()
{ {
$this->asEditor(); $this->asEditor();
$pageRepo = app(PageRepo::class);
$page = Page::first(); $page = Page::first();
$pageRepo->update($page, ['name' => 'updated page abc123', 'html' => '<p>new contente def456</p>', 'summary' => 'My first update']); $this->createRevisions($page, 1, ['name' => 'updated page abc123', 'html' => '<p>new contente def456</p>', 'summary' => 'My first update']);
$pageRepo->update($page, ['name' => 'updated page again', 'html' => '<p>new content</p>', 'summary' => '']); $this->createRevisions($page, 1, ['html' => '<p>new content</p>']);
$page->refresh(); $page->refresh();
$revToRestore = $page->revisions()->where('name', 'like', '%abc123')->first(); $revToRestore = $page->revisions()->where('name', 'like', '%abc123')->first();
@ -138,8 +127,7 @@ class PageRevisionTest extends TestCase
{ {
$page = Page::first(); $page = Page::first();
$startCount = $page->revision_count; $startCount = $page->revision_count;
$resp = $this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']); $this->createRevisions($page, 1);
$resp->assertStatus(302);
$this->assertTrue(Page::find($page->id)->revision_count === $startCount + 1); $this->assertTrue(Page::find($page->id)->revision_count === $startCount + 1);
} }
@ -147,12 +135,8 @@ class PageRevisionTest extends TestCase
public function test_revision_count_shown_in_page_meta() public function test_revision_count_shown_in_page_meta()
{ {
$page = Page::first(); $page = Page::first();
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']); $this->createRevisions($page, 2);
$page = Page::find($page->id);
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
$page = Page::find($page->id);
$pageView = $this->get($page->getUrl()); $pageView = $this->get($page->getUrl());
$pageView->assertSee('Revision #' . $page->revision_count); $pageView->assertSee('Revision #' . $page->revision_count);
} }
@ -161,12 +145,7 @@ class PageRevisionTest extends TestCase
{ {
/** @var Page $page */ /** @var Page $page */
$page = Page::query()->first(); $page = Page::query()->first();
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']); $this->createRevisions($page, 2);
$page->refresh();
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
$page->refresh();
$beforeRevisionCount = $page->revisions->count(); $beforeRevisionCount = $page->revisions->count();
// Delete the first revision // Delete the first revision
@ -196,12 +175,7 @@ class PageRevisionTest extends TestCase
{ {
config()->set('app.revision_limit', 2); config()->set('app.revision_limit', 2);
$page = Page::first(); $page = Page::first();
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']); $this->createRevisions($page, 12);
$page = Page::find($page->id);
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
for ($i = 0; $i < 10; $i++) {
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
}
$revisionCount = $page->revisions()->count(); $revisionCount = $page->revisions()->count();
$this->assertEquals(2, $revisionCount); $this->assertEquals(2, $revisionCount);
@ -211,12 +185,7 @@ class PageRevisionTest extends TestCase
{ {
config()->set('app.revision_limit', false); config()->set('app.revision_limit', false);
$page = Page::first(); $page = Page::first();
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']); $this->createRevisions($page, 12);
$page = Page::find($page->id);
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
for ($i = 0; $i < 10; $i++) {
$this->asEditor()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html', 'summary' => 'Update a']);
}
$revisionCount = $page->revisions()->count(); $revisionCount = $page->revisions()->count();
$this->assertEquals(12, $revisionCount); $this->assertEquals(12, $revisionCount);
@ -226,14 +195,68 @@ class PageRevisionTest extends TestCase
{ {
/** @var Page $page */ /** @var Page $page */
$page = Page::first(); $page = Page::first();
$this->asAdmin()->put($page->getUrl(), ['name' => 'Updated page', 'html' => 'new page html']); $this->createRevisions($page, 1, ['html' => 'new page html']);
$resp = $this->get($page->refresh()->getUrl('/revisions')); $resp = $this->asAdmin()->get($page->refresh()->getUrl('/revisions'));
$this->withHtml($resp)->assertElementContains('td', '(WYSIWYG)'); $this->withHtml($resp)->assertElementContains('td', '(WYSIWYG)');
$this->withHtml($resp)->assertElementNotContains('td', '(Markdown)'); $this->withHtml($resp)->assertElementNotContains('td', '(Markdown)');
$this->asAdmin()->put($page->getUrl(), ['name' => 'Updated page', 'markdown' => '# Some markdown content']); $this->createRevisions($page, 1, ['markdown' => '# Some markdown content']);
$resp = $this->get($page->refresh()->getUrl('/revisions')); $resp = $this->get($page->refresh()->getUrl('/revisions'));
$this->withHtml($resp)->assertElementContains('td', '(Markdown)'); $this->withHtml($resp)->assertElementContains('td', '(Markdown)');
} }
public function test_revision_restore_action_only_visible_with_permission()
{
/** @var Page $page */
$page = Page::query()->first();
$this->createRevisions($page, 2);
$viewer = $this->getViewer();
$this->actingAs($viewer);
$respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
$respHtml->assertElementNotContains('.actions a', 'Restore');
$respHtml->assertElementNotExists('form[action$="/restore"]');
$this->giveUserPermissions($viewer, ['page-update-all']);
$respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
$respHtml->assertElementContains('.actions a', 'Restore');
$respHtml->assertElementExists('form[action$="/restore"]');
}
public function test_revision_delete_action_only_visible_with_permission()
{
/** @var Page $page */
$page = Page::query()->first();
$this->createRevisions($page, 2);
$viewer = $this->getViewer();
$this->actingAs($viewer);
$respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
$respHtml->assertElementNotContains('.actions a', 'Delete');
$respHtml->assertElementNotExists('form[action$="/delete"]');
$this->giveUserPermissions($viewer, ['page-delete-all']);
$respHtml = $this->withHtml($this->get($page->getUrl('/revisions')));
$respHtml->assertElementContains('.actions a', 'Delete');
$respHtml->assertElementExists('form[action$="/delete"]');
}
protected function createRevisions(Page $page, int $times, array $attrs = [])
{
$user = user();
for ($i = 0; $i < $times; $i++) {
$data = ['name' => 'Page update' . $i, 'summary' => 'Update entry' . $i];
if (!isset($attrs['markdown'])) {
$data['html'] = '<p>My update page</p>';
}
$this->asAdmin()->put($page->getUrl(), array_merge($data, $attrs));
$page->refresh();
}
$this->actingAs($user);
}
} }