Merge branch 'master' into release

ssddanbrown · ssddanbrown · commit 4fc75beed466 · 2016-01-02T14:49:05.000Z
diff --git a/app/Entity.php b/app/Entity.php
@@ -31,11 +31,7 @@ public function matchesOrContains(Entity $entity)
 
         if ($matches) return true;
 
-        if ($entity->isA('chapter') && $this->isA('book')) {
-            return $entity->book_id === $this->id;
-        }
-
-        if ($entity->isA('page') && $this->isA('book')) {
+        if (($entity->isA('chapter') || $entity->isA('page')) && $this->isA('book')) {
             return $entity->book_id === $this->id;
         }
 
@@ -64,15 +60,6 @@ public function views()
         return $this->morphMany('BookStack\View', 'viewable');
     }
 
-    /**
-     * Get just the views for the current user.
-     * @return mixed
-     */
-    public function userViews()
-    {
-        return $this->views()->where('user_id', '=', auth()->user()->id);
-    }
-
     /**
      * Allows checking of the exact class, Used to check entity type.
      * Cleaner method for is_a.
diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php
@@ -42,6 +42,15 @@ public function __construct()
         $this->signedIn = auth()->check();
     }
 
+    /**
+     * Stops the application and shows a permission error if
+     * the application is in demo mode.
+     */
+    protected function preventAccessForDemoUsers()
+    {
+        if (env('APP_ENV', 'production') === 'demo') $this->showPermissionError();
+    }
+
     /**
      * Adds the page title into the view.
      * @param $title
@@ -51,6 +60,18 @@ public function setPageTitle($title)
         view()->share('pageTitle', $title);
     }
 
+    /**
+     * On a permission error redirect to home and display
+     * the error as a notification.
+     */
+    protected function showPermissionError()
+    {
+        Session::flash('error', trans('errors.permission'));
+        throw new HttpResponseException(
+            redirect('/')
+        );
+    }
+
     /**
      * Checks for a permission.
      *
@@ -60,15 +81,18 @@ public function setPageTitle($title)
     protected function checkPermission($permissionName)
     {
         if (!$this->currentUser || !$this->currentUser->can($permissionName)) {
-            Session::flash('error', trans('errors.permission'));
-            throw new HttpResponseException(
-                redirect('/')
-            );
+            $this->showPermissionError();
         }
 
         return true;
     }
 
+    /**
+     * Check if a user has a permission or bypass if the callback is true.
+     * @param $permissionName
+     * @param $callback
+     * @return bool
+     */
     protected function checkPermissionOr($permissionName, $callback)
     {
         $callbackResult = $callback();
diff --git a/app/Http/Controllers/SearchController.php b/app/Http/Controllers/SearchController.php
@@ -62,9 +62,9 @@ public function searchBook(Request $request, $bookId)
             return redirect()->back();
         }
         $searchTerm = $request->get('term');
-        $whereTerm = [['book_id', '=', $bookId]];
-        $pages = $this->pageRepo->getBySearch($searchTerm, $whereTerm);
-        $chapters = $this->chapterRepo->getBySearch($searchTerm, $whereTerm);
+        $searchWhereTerms = [['book_id', '=', $bookId]];
+        $pages = $this->pageRepo->getBySearch($searchTerm, $searchWhereTerms);
+        $chapters = $this->chapterRepo->getBySearch($searchTerm, $searchWhereTerms);
         return view('search/book', ['pages' => $pages, 'chapters' => $chapters, 'searchTerm' => $searchTerm]);
     }
 
diff --git a/app/Http/Controllers/SettingController.php b/app/Http/Controllers/SettingController.php
@@ -31,13 +31,16 @@ public function index()
      */
     public function update(Request $request)
     {
+        $this->preventAccessForDemoUsers();
         $this->checkPermission('settings-update');
+
         // Cycles through posted settings and update them
         foreach($request->all() as $name => $value) {
             if(strpos($name, 'setting-') !== 0) continue;
             $key = str_replace('setting-', '', trim($name));
             Setting::put($key, $value);
         }
+
         session()->flash('success', 'Settings Saved');
         return redirect('/settings');
     }
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
@@ -108,15 +108,19 @@ public function edit($id, SocialAuthService $socialAuthService)
      */
     public function update(Request $request, $id)
     {
+        $this->preventAccessForDemoUsers();
         $this->checkPermissionOr('user-update', function () use ($id) {
             return $this->currentUser->id == $id;
         });
+
         $this->validate($request, [
             'name'             => 'required',
             'email'            => 'required|email|unique:users,email,' . $id,
-            'password'         => 'min:5',
-            'password-confirm' => 'same:password',
+            'password'         => 'min:5|required_with:password_confirm',
+            'password-confirm' => 'same:password|required_with:password',
             'role'             => 'exists:roles,id'
+        ], [
+            'password-confirm.required_with' => 'Password confirmation required'
         ]);
 
         $user = $this->user->findOrFail($id);
@@ -130,6 +134,7 @@ public function update(Request $request, $id)
             $password = $request->get('password');
             $user->password = bcrypt($password);
         }
+
         $user->save();
         return redirect('/users');
     }
@@ -144,6 +149,7 @@ public function delete($id)
         $this->checkPermissionOr('user-delete', function () use ($id) {
             return $this->currentUser->id == $id;
         });
+
         $user = $this->user->findOrFail($id);
         $this->setPageTitle('Delete User ' . $user->name);
         return view('users/delete', ['user' => $user]);
@@ -156,6 +162,7 @@ public function delete($id)
      */
     public function destroy($id)
     {
+        $this->preventAccessForDemoUsers();
         $this->checkPermissionOr('user-delete', function () use ($id) {
             return $this->currentUser->id == $id;
         });
diff --git a/app/Role.php b/app/Role.php
@@ -43,6 +43,16 @@ public function attachPermission(Permission $permission)
      */
     public static function getDefault()
     {
-        return static::where('name', '=', static::$default)->first();
+        return static::getRole(static::$default);
+    }
+
+    /**
+     * Get the role object for the specified role.
+     * @param $roleName
+     * @return mixed
+     */
+    public static function getRole($roleName)
+    {
+        return static::where('name', '=', $roleName)->first();
     }
 }
diff --git a/app/Services/ActivityService.php b/app/Services/ActivityService.php
@@ -107,7 +107,7 @@ function entityActivity($entity, $count = 20, $page = 0)
     }
 
     /**
-     * Filters out similar acitivity.
+     * Filters out similar activity.
      * @param Activity[] $activity
      * @return array
      */
diff --git a/database/seeds/DummyContentSeeder.php b/database/seeds/DummyContentSeeder.php
@@ -12,7 +12,7 @@ class DummyContentSeeder extends Seeder
     public function run()
     {
         $user = factory(BookStack\User::class, 1)->create();
-        $role = \BookStack\Role::where('name', '=', 'admin')->first();
+        $role = \BookStack\Role::getDefault();
         $user->attachRole($role);
 
 
diff --git a/phpunit.xml b/phpunit.xml
@@ -26,6 +26,6 @@
         <env name="QUEUE_DRIVER" value="sync"/>
         <env name="DB_CONNECTION" value="mysql_testing"/>
         <env name="MAIL_PRETEND" value="true"/>
-        <env name="DISABLE_EXTERNAL_SERVICES" value="true"/>
+        <env name="DISABLE_EXTERNAL_SERVICES" value="false"/>
     </php>
 </phpunit>
diff --git a/public/build/.gitignore b/public/build/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/readme.md b/readme.md
@@ -82,7 +82,7 @@ BookStack is provided under the MIT License.
 These are the great projects used to help build BookStack:
 
 * [Laravel](http://laravel.com/)
-* [VueJS](http://vuejs.org/)
+* [AngularJS](https://angularjs.org/)
 * [jQuery](https://jquery.com/)
 * [TinyMCE](https://www.tinymce.com/)
 * [highlight.js](https://highlightjs.org/)
diff --git a/resources/assets/js/controllers.js b/resources/assets/js/controllers.js
@@ -127,7 +127,7 @@ module.exports = function (ngApp) {
         }]);
 
 
-    ngApp.controller('BookShowController', ['$scope', '$http', '$attrs', function ($scope, $http, $attrs) {
+    ngApp.controller('BookShowController', ['$scope', '$http', '$attrs', '$sce', function ($scope, $http, $attrs, $sce) {
         $scope.searching = false;
         $scope.searchTerm = '';
         $scope.searchResults = '';
@@ -141,7 +141,7 @@ module.exports = function (ngApp) {
             var searchUrl = '/search/book/' + $attrs.bookId;
             searchUrl += '?term=' + encodeURIComponent(term);
             $http.get(searchUrl).then((response) => {
-                $scope.searchResults = response.data;
+                $scope.searchResults = $sce.trustAsHtml(response.data);
             });
         };
 
diff --git a/resources/views/base.blade.php b/resources/views/base.blade.php
@@ -43,14 +43,14 @@
                     <div class="float right">
                         <div class="links text-center">
                             <a href="/books"><i class="zmdi zmdi-book"></i>Books</a>
-                            @if($currentUser->can('settings-update'))
+                            @if(isset($currentUser) && $currentUser->can('settings-update'))
                                 <a href="/settings"><i class="zmdi zmdi-settings"></i>Settings</a>
                             @endif
-                            @if(!$signedIn)
+                            @if(!isset($signedIn) || !$signedIn)
                                 <a href="/login"><i class="zmdi zmdi-sign-in"></i>Sign In</a>
                             @endif
                         </div>
-                        @if($signedIn)
+                        @if(isset($signedIn) && $signedIn)
                             <div class="dropdown-container" dropdown>
                                 <span class="user-name" dropdown-toggle>
                                     <img class="avatar" src="{{$currentUser->getAvatar(30)}}" alt="{{ $currentUser->name }}">
diff --git a/resources/views/errors/404.blade.php b/resources/views/errors/404.blade.php
@@ -4,8 +4,9 @@
 
 
 <div class="container">
-    <h1>Page Not Found</h1>
-    <p>The page you were looking for could not be found.</p>
+    <h1 class="text-muted">Page Not Found</h1>
+    <p>Sorry, The page you were looking for could not be found.</p>
+    <a href="/" class="button">Return To Home</a>
 </div>
 
 @stop
diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php
@@ -9,7 +9,7 @@
                 <div class="col-md-6"></div>
                 <div class="col-md-6 faded">
                     <div class="action-buttons">
-                        <a href="/users/{{$user->id}}/delete" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete user</a>
+                        <a href="/users/{{$user->id}}/delete" class="text-neg text-button"><i class="zmdi zmdi-delete"></i>Delete User</a>
                     </div>
                 </div>
             </div>
diff --git a/tests/AuthTest.php b/tests/AuthTest.php
@@ -102,10 +102,10 @@ public function testConfirmedRegistration()
             ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => true]);
     }
 
-    public function testUserControl()
+    public function testUserCreation()
     {
         $user = factory(\BookStack\User::class)->make();
-        // Test creation
+
         $this->asAdmin()
             ->visit('/users')
             ->click('Add new user')
@@ -118,9 +118,12 @@ public function testUserControl()
             ->seeInDatabase('users', $user->toArray())
             ->seePageIs('/users')
             ->see($user->name);
-        $user = $user->where('email', '=', $user->email)->first();
+    }
 
-        // Test editing
+    public function testUserUpdating()
+    {
+        $user = \BookStack\User::all()->last();
+        $password = $user->password;
         $this->asAdmin()
             ->visit('/users')
             ->click($user->name)
@@ -129,20 +132,58 @@ public function testUserControl()
             ->type('Barry Scott', '#name')
             ->press('Save')
             ->seePageIs('/users')
-            ->seeInDatabase('users', ['id' => $user->id, 'name' => 'Barry Scott'])
+            ->seeInDatabase('users', ['id' => $user->id, 'name' => 'Barry Scott', 'password' => $password])
             ->notSeeInDatabase('users', ['name' => $user->name]);
-        $user = $user->find($user->id);
+    }
+
+    public function testUserPasswordUpdate()
+    {
+        $user = \BookStack\User::all()->last();
+        $userProfilePage = '/users/' . $user->id;
+        $this->asAdmin()
+            ->visit($userProfilePage)
+            ->type('newpassword', '#password')
+            ->press('Save')
+            ->seePageIs($userProfilePage)
+            ->see('Password confirmation required')
+
+            ->type('newpassword', '#password')
+            ->type('newpassword', '#password-confirm')
+            ->press('Save')
+            ->seePageIs('/users');
+
+            $userPassword = \BookStack\User::find($user->id)->password;
+            $this->assertTrue(Hash::check('newpassword', $userPassword));
+    }
+
+    public function testUserDeletion()
+    {
+        $userDetails = factory(\BookStack\User::class)->make();
+        $user = $this->getNewUser($userDetails->toArray());
 
-        // Test Deletion
         $this->asAdmin()
             ->visit('/users/' . $user->id)
-            ->click('Delete user')
+            ->click('Delete User')
             ->see($user->name)
             ->press('Confirm')
             ->seePageIs('/users')
             ->notSeeInDatabase('users', ['name' => $user->name]);
     }
 
+    public function testUserCannotBeDeletedIfLastAdmin()
+    {
+        $adminRole = \BookStack\Role::getRole('admin');
+        // Ensure we currently only have 1 admin user
+        $this->assertEquals(1, $adminRole->users()->count());
+        $user = $adminRole->users->first();
+
+        $this->asAdmin()->visit('/users/' . $user->id)
+            ->click('Delete User')
+            ->press('Confirm')
+            ->seePageIs('/users/' . $user->id)
+            ->see('You cannot delete the only admin');
+    }
+
     public function testLogout()
     {
         $this->asAdmin()
diff --git a/tests/EntityTest.php b/tests/EntityTest.php

Original file line number	Diff line number	Diff line change
`@@ -62,9 +62,9 @@ public function searchBook(Request $request, $bookId)`
`62`	`62`	`return redirect()->back();`
`63`	`63`	`}`
`64`	`64`	`$searchTerm = $request->get('term');`
`65`		`- $whereTerm = [['book_id', '=', $bookId]];`
`66`		`- $pages = $this->pageRepo->getBySearch($searchTerm, $whereTerm);`
`67`		`- $chapters = $this->chapterRepo->getBySearch($searchTerm, $whereTerm);`
	`65`	`+ $searchWhereTerms = [['book_id', '=', $bookId]];`
	`66`	`+ $pages = $this->pageRepo->getBySearch($searchTerm, $searchWhereTerms);`
	`67`	`+ $chapters = $this->chapterRepo->getBySearch($searchTerm, $searchWhereTerms);`
`68`	`68`	`return view('search/book', ['pages' => $pages, 'chapters' => $chapters, 'searchTerm' => $searchTerm]);`
`69`	`69`	`}`
`70`	`70`
Original file line number	Diff line number	Diff line change
`@@ -31,13 +31,16 @@ public function index()`
`31`	`31`	`*/`
`32`	`32`	`public function update(Request $request)`
`33`	`33`	`{`
	`34`	`+ $this->preventAccessForDemoUsers();`
`34`	`35`	`$this->checkPermission('settings-update');`
	`36`	`+`
`35`	`37`	`// Cycles through posted settings and update them`
`36`	`38`	`foreach($request->all() as $name => $value) {`
`37`	`39`	`if(strpos($name, 'setting-') !== 0) continue;`
`38`	`40`	`$key = str_replace('setting-', '', trim($name));`
`39`	`41`	`Setting::put($key, $value);`
`40`	`42`	`}`
	`43`	`+`
`41`	`44`	`session()->flash('success', 'Settings Saved');`
`42`	`45`	`return redirect('/settings');`
`43`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,16 @@ public function attachPermission(Permission $permission)`
`43`	`43`	`*/`
`44`	`44`	`public static function getDefault()`
`45`	`45`	`{`
`46`		`- return static::where('name', '=', static::$default)->first();`
	`46`	`+ return static::getRole(static::$default);`
	`47`	`+ }`
	`48`	`+`
	`49`	`+ /**`
	`50`	`+ * Get the role object for the specified role.`
	`51`	`+ * @param $roleName`
	`52`	`+ * @return mixed`
	`53`	`+ */`
	`54`	`+ public static function getRole($roleName)`
	`55`	`+ {`
	`56`	`+ return static::where('name', '=', $roleName)->first();`
`47`	`57`	`}`
`48`	`58`	`}`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ function entityActivity($entity, $count = 20, $page = 0)`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`/**`
`110`		`- * Filters out similar acitivity.`
	`110`	`+ * Filters out similar activity.`
`111`	`111`	`* @param Activity[] $activity`
`112`	`112`	`* @return array`
`113`	`113`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ class DummyContentSeeder extends Seeder`
`12`	`12`	`public function run()`
`13`	`13`	`{`
`14`	`14`	`$user = factory(BookStack\User::class, 1)->create();`
`15`		`- $role = \BookStack\Role::where('name', '=', 'admin')->first();`
	`15`	`+ $role = \BookStack\Role::getDefault();`
`16`	`16`	`$user->attachRole($role);`
`17`	`17`
`18`	`18`