Added permission visiblity control to image-delete button

Includes test to cover. For #3697
2022-09-05 15:52:12 +01:00 · 2022-09-05 15:52:12 +01:00 · fbef0d06f2
commit fbef0d06f2
parent b698bb0e07
3 changed files with 32 additions and 7 deletions
--- a/app/Http/Controllers/Images/ImageController.php
+++ b/app/Http/Controllers/Images/ImageController.php
@ -14,12 +14,9 @@ use Illuminate\Validation\ValidationException;

 class ImageController extends Controller
 {
-    protected $imageRepo;
-    protected $imageService;
-
-    /**
-     * ImageController constructor.
-     */
+    protected ImageRepo $imageRepo;
+    protected ImageService $imageService;
+    
    public function __construct(ImageRepo $imageRepo, ImageService $imageService)
    {
        $this->imageRepo = $imageRepo;
--- a/resources/views/pages/parts/image-manager-form.blade.php
+++ b/resources/views/pages/parts/image-manager-form.blade.php
@ -20,10 +20,12 @@
        </div>
        <div class="grid half">
            <div>
-                <button type="button"
+                @if(userCan('image-delete', $image))
+                    <button type="button"
                        id="image-manager-delete"
                        title="{{ trans('common.delete') }}"
                        class="button icon outline">@icon('delete')</button>
+                @endif
            </div>
            <div class="text-right">
                <button type="submit"
--- a/tests/Uploads/ImageTest.php
+++ b/tests/Uploads/ImageTest.php
@ -457,6 +457,32 @@ class ImageTest extends TestCase
        $this->assertFalse(file_exists(public_path($relPath)), 'Uploaded image has not been deleted as expected');
    }

+    public function test_image_manager_delete_button_only_shows_with_permission()
+    {
+        $page = Page::query()->first();
+        $this->asAdmin();
+        $imageName = 'first-image.png';
+        $relPath = $this->getTestImagePath('gallery', $imageName);
+        $this->deleteImage($relPath);
+        $viewer = $this->getViewer();
+
+        $this->uploadImage($imageName, $page->id);
+        $image = Image::first();
+
+        $resp = $this->get("/images/edit/{$image->id}");
+        $this->withHtml($resp)->assertElementExists('button#image-manager-delete[title="Delete"]');
+
+        $resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}");
+        $this->withHtml($resp)->assertElementNotExists('button#image-manager-delete[title="Delete"]');
+
+        $this->giveUserPermissions($viewer, ['image-delete-all']);
+
+        $resp = $this->actingAs($viewer)->get("/images/edit/{$image->id}");
+        $this->withHtml($resp)->assertElementExists('button#image-manager-delete[title="Delete"]');
+
+        $this->deleteImage($relPath);
+    }
+
    protected function getTestProfileImage()
    {
        $imageName = 'profile.png';