archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-22 20:02:30 +00:00
Code Issues Projects Releases Wiki Activity

Fixed role entity permissions ignoring inheritance

Browse source 
Added additional scnenario tests to cover
This commit is contained in:
Dan Brown 2023-01-24 21:26:41 +00:00
parent 8be36455ab
commit 1fa5a31960
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
3 changed files with 54 additions and 0 deletions

4
app/Auth/Permissions/EntityPermissionEvaluator.php
View file

@ -66,6 +66,10 @@ class EntityPermissionEvaluator
$permitsByType[$type][$roleId] = $permission->{$this->action}; $permitsByType[$type][$roleId] = $permission->{$this->action};
} }
} }
if (isset($permitsByType['fallback'][0])) {
break;
}
} }
return $permitsByType; return $permitsByType;

23
dev/docs/permission-scenario-testing.md
View file

@ -317,4 +317,27 @@ User granted page permission.
- Role B has no entity chapter permissions. - Role B has no entity chapter permissions.
- User has Role A & B. - User has Role A & B.
User denied page permission.
#### test_90_fallback_overrides_parent_entity_role_deny
- Chapter permissions have inherit disabled.
- Page permissions have inherit disabled.
- Chapter fallback has entity deny permission.
- Page fallback has entity deny permission.
- Role A has entity allow chapter permission.
- User has Role A.
User denied page permission.
#### test_91_fallback_overrides_parent_entity_role_inherit
- Book permissions have inherit disabled.
- Chapter permissions have inherit disabled.
- Page permissions have inherit enabled.
- Book fallback has entity deny permission.
- Chapter fallback has entity deny permission.
- Role A has entity allow book permission.
- User has Role A.
User denied page permission. User denied page permission.

27
tests/Permissions/Scenarios/EntityRolePermissionsTest.php
View file

@ -293,4 +293,31 @@ class EntityRolePermissionsTest extends PermissionScenarioTestCase
$this->assertNotVisibleToUser($page, $user); $this->assertNotVisibleToUser($page, $user);
} }
public function test_90_fallback_overrides_parent_entity_role_deny()
{
[$user, $roleA] = $this->users->newUserWithRole();
$page = $this->entities->page();
$chapter = $page->chapter;
$this->permissions->setFallbackPermissions($chapter, []);
$this->permissions->setFallbackPermissions($page, []);
$this->permissions->addEntityPermission($chapter, ['view'], $roleA);
$this->assertNotVisibleToUser($page, $user);
}
public function test_91_fallback_overrides_parent_entity_role_inherit()
{
[$user, $roleA] = $this->users->newUserWithRole();
$page = $this->entities->page();
$chapter = $page->chapter;
$book = $page->book;
$this->permissions->setFallbackPermissions($book, []);
$this->permissions->setFallbackPermissions($chapter, []);
$this->permissions->addEntityPermission($book, ['view'], $roleA);
$this->assertNotVisibleToUser($page, $user);
}
} }