|
6 | 6 | use PHPUnit\Framework\Attributes\Test; |
7 | 7 | use Statamic\Entries\Collection; |
8 | 8 | use Statamic\Facades\User; |
| 9 | +use Statamic\Fields\Blueprint; |
9 | 10 | use Tests\FakesRoles; |
10 | 11 | use Tests\PreventSavingStacheItemsToDisk; |
11 | 12 | use Tests\TestCase; |
@@ -90,4 +91,84 @@ public function it_shows_only_entries_in_index_for_sites_user_can_access() |
90 | 91 |
|
91 | 92 | $this->assertEquals($expected, $entries->pluck('slug')->all()); |
92 | 93 | } |
| 94 | + |
| 95 | + #[Test] |
| 96 | + public function it_shows_only_entries_in_index_the_user_can_access() |
| 97 | + { |
| 98 | + $this->setTestRole('view-own-entries', [ |
| 99 | + 'access cp', |
| 100 | + 'view test entries', |
| 101 | + ]); |
| 102 | + |
| 103 | + $this->setTestRole('view-other-authors-entries', [ |
| 104 | + 'access cp', |
| 105 | + 'view test entries', |
| 106 | + 'view other authors test entries', |
| 107 | + ]); |
| 108 | + |
| 109 | + $userOne = tap(User::make()->assignRole('view-own-entries'))->save(); |
| 110 | + $userTwo = tap(User::make()->assignRole('view-other-authors-entries'))->save(); |
| 111 | + |
| 112 | + Blueprint::make('with-author') |
| 113 | + ->setNamespace('collections/test') |
| 114 | + ->ensureField('author', []) |
| 115 | + ->save(); |
| 116 | + |
| 117 | + Blueprint::make('without-author') |
| 118 | + ->setNamespace('collections/test') |
| 119 | + ->save(); |
| 120 | + |
| 121 | + $collection = tap(Collection::make('test'))->save(); |
| 122 | + |
| 123 | + EntryFactory::collection($collection) |
| 124 | + ->slug('entry-user-one') |
| 125 | + ->data(['blueprint' => 'with-author', 'author' => $userOne->id()]) |
| 126 | + ->create(); |
| 127 | + |
| 128 | + EntryFactory::collection($collection) |
| 129 | + ->slug('entry-user-two') |
| 130 | + ->data(['blueprint' => 'with-author', 'author' => $userTwo->id()]) |
| 131 | + ->create(); |
| 132 | + |
| 133 | + EntryFactory::collection($collection) |
| 134 | + ->slug('entry-with-multiple-authors') |
| 135 | + ->data(['blueprint' => 'with-author', 'author' => [$userOne->id(), $userTwo->id()]]) |
| 136 | + ->create(); |
| 137 | + |
| 138 | + EntryFactory::collection($collection) |
| 139 | + ->slug('entry-without-author') |
| 140 | + ->data(['blueprint' => 'without-author']) |
| 141 | + ->create(); |
| 142 | + |
| 143 | + $responseUserOne = $this |
| 144 | + ->actingAs($userOne) |
| 145 | + ->get(cp_route('collections.entries.index', ['collection' => 'test'])) |
| 146 | + ->assertOk(); |
| 147 | + |
| 148 | + $entries = collect($responseUserOne->getData()->data); |
| 149 | + |
| 150 | + $expected = [ |
| 151 | + 'entry-user-one', |
| 152 | + 'entry-with-multiple-authors', |
| 153 | + 'entry-without-author', |
| 154 | + ]; |
| 155 | + |
| 156 | + $this->assertEquals($expected, $entries->pluck('slug')->all()); |
| 157 | + |
| 158 | + $responseUserTwo = $this |
| 159 | + ->actingAs($userTwo) |
| 160 | + ->get(cp_route('collections.entries.index', ['collection' => 'test'])) |
| 161 | + ->assertOk(); |
| 162 | + |
| 163 | + $entries = collect($responseUserTwo->getData()->data); |
| 164 | + |
| 165 | + $expected = [ |
| 166 | + 'entry-user-one', |
| 167 | + 'entry-user-two', |
| 168 | + 'entry-with-multiple-authors', |
| 169 | + 'entry-without-author', |
| 170 | + ]; |
| 171 | + |
| 172 | + $this->assertEquals($expected, $entries->pluck('slug')->all()); |
| 173 | + } |
93 | 174 | } |
0 commit comments