diff --git a/tests/Entity/ConvertTest.php b/tests/Entity/ConvertTest.php
index 4a949e76f..10b276a47 100644
--- a/tests/Entity/ConvertTest.php
+++ b/tests/Entity/ConvertTest.php
@@ -49,6 +49,27 @@ class ConvertTest extends TestCase
$this->assertActivityExists(ActivityType::BOOK_CREATE_FROM_CHAPTER, $newBook);
}
+ public function test_convert_chapter_to_book_requires_permissions()
+ {
+ /** @var Chapter $chapter */
+ $chapter = Chapter::query()->first();
+ $user = $this->getViewer();
+
+ $permissions = ['chapter-delete-all', 'book-create-all', 'chapter-update-all'];
+ $this->giveUserPermissions($user, $permissions);
+
+ foreach ($permissions as $permission) {
+ $this->removePermissionFromUser($user, $permission);
+ $resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
+ $this->assertPermissionError($resp);
+ $this->giveUserPermissions($user, [$permission]);
+ }
+
+ $resp = $this->actingAs($user)->post($chapter->getUrl('/convert-to-book'));
+ $this->assertNotPermissionError($resp);
+ $resp->assertRedirect();
+ }
+
public function test_book_edit_view_shows_convert_option()
{
$book = Book::query()->first();
@@ -102,4 +123,25 @@ class ConvertTest extends TestCase
$this->assertEquals($childChapter->name, $chapterChildPage->book->name);
}
+ public function test_book_convert_to_shelf_requires_permissions()
+ {
+ /** @var Book $book */
+ $book = Book::query()->first();
+ $user = $this->getViewer();
+
+ $permissions = ['book-delete-all', 'bookshelf-create-all', 'book-update-all', 'book-create-all'];
+ $this->giveUserPermissions($user, $permissions);
+
+ foreach ($permissions as $permission) {
+ $this->removePermissionFromUser($user, $permission);
+ $resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));
+ $this->assertPermissionError($resp);
+ $this->giveUserPermissions($user, [$permission]);
+ }
+
+ $resp = $this->actingAs($user)->post($book->getUrl('/convert-to-shelf'));
+ $this->assertNotPermissionError($resp);
+ $resp->assertRedirect();
+ }
+
}
\ No newline at end of file
diff --git a/tests/SharedTestHelpers.php b/tests/SharedTestHelpers.php
index cbf49bf71..4a73c22c8 100644
--- a/tests/SharedTestHelpers.php
+++ b/tests/SharedTestHelpers.php
@@ -194,13 +194,23 @@ trait SharedTestHelpers
/**
* Completely remove the given permission name from the given user.
*/
- protected function removePermissionFromUser(User $user, string $permission)
+ protected function removePermissionFromUser(User $user, string $permissionName)
{
- $permission = RolePermission::query()->where('name', '=', $permission)->first();
+ $permissionService = app()->make(PermissionService::class);
+
+ /** @var RolePermission $permission */
+ $permission = RolePermission::query()->where('name', '=', $permissionName)->firstOrFail();
+
+ $roles = $user->roles()->whereHas('permissions', function($query) use ($permission) {
+ $query->where('id', '=', $permission->id);
+ })->get();
+
/** @var Role $role */
- foreach ($user->roles as $role) {
+ foreach ($roles as $role) {
$role->detachPermission($permission);
+ $permissionService->buildJointPermissionForRole($role);
}
+
$user->clearPermissionCache();
}