diff --git a/tests/Permissions/RolesTest.php b/tests/Permissions/RolesTest.php index 83d1b98a8..d0e42c6ee 100644 --- a/tests/Permissions/RolesTest.php +++ b/tests/Permissions/RolesTest.php @@ -1,7 +1,10 @@ see('Cannot be deleted'); } - - public function test_image_delete_own_permission() { $this->giveUserPermissions($this->user, ['image-update-all']); @@ -620,4 +621,22 @@ class RolesTest extends BrowserKitTest ->dontSeeInDatabase('images', ['id' => $image->id]); } + public function test_role_permission_removal() + { + // To cover issue fixed in f99c8ff99aee9beb8c692f36d4b84dc6e651e50a. + $page = Page::first(); + $viewerRole = \BookStack\Role::getRole('viewer'); + $viewer = $this->getViewer(); + $this->actingAs($viewer)->visit($page->getUrl())->assertResponseOk(); + + $this->asAdmin()->put('/settings/roles/' . $viewerRole->id, [ + 'display_name' => $viewerRole->display_name, + 'description' => $viewerRole->description, + 'permission' => [] + ])->assertResponseStatus(302); + + $this->expectException(HttpException::class); + $this->actingAs($viewer)->visit($page->getUrl())->assertResponseStatus(404); + } + }