function test_creategroup() { $user = User::create( array( 'username' => 'testcaseuser', 'email' => '*****@*****.**', 'password' => 'test') ); $this->assert_true( $user instanceof User, 'Could not create test user.' ); $group = UserGroup::create( array( 'name' => 'new test group' ) ); $this->assert_true( $group instanceof UserGroup, 'Could not create a new group named "new test group".' ); ACL::create_token( 'test permission', 'A permission for test cases', 'Administration' ); ACL::create_token( 'test deny permission', 'A permission for test cases', 'Administration' ); $this->assert_true( ACL::token_exists('test permission'), 'The test permission was not created.' ); $this->assert_true( ACL::token_exists(' test PeRmission '), 'Permission names are not normalized.' ); $group->add( 'testcaseuser' ); $group->grant( 'test permission' ); $group->deny( 'test deny permisSion' ); $group->update(); $newgroup = UserGroup::get( 'new test group' ); $this->assert_true( in_array( $user->id, $newgroup->members ), 'The created user is not a member of the new group.' ); $this->assert_true( in_array( ACL::token_id( 'test permission' ), array_keys( $newgroup->permissions ) ), 'The group does not have the new permission.' ); $this->assert_true( ACL::group_can( 'new test group', 'test permission' ), 'The group does not have the new permission.' ); $this->assert_false( ACL::group_can( 'new test group', 'test deny permission' ), 'The group has a denied permission.' ); $this->assert_true( $user->can( 'test permission' ), 'The user does not have a permission his group has been granted.' ); }
public function test_group_permissions() { ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' ); $this->assert_true( ACL::token_exists( 'acltest' ), 'Could not create acltest permission.' ); $this->assert_true( ACL::token_exists( 'acLtEst ' ), 'Permission names are not normalized.' ); $token_id = ACL::token_id( 'acltest' ); ACL::grant_group( $this->acl_group->id, $token_id, 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group.' ); ACL::revoke_group_token( $this->acl_group->id, $token_id ); $this->assert_false( ACL::group_can( $this->acl_group->id, $token_id, 'full' ), 'Could not revoke acltest permission from acltest-group.' ); // check alternate means of granting a permission $this->acl_group->grant( 'acltest', 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group through UserGroup call.' ); // full > read/edit $this->assert_true( $this->acl_group->can( 'acltest', 'read' ), "Group with 'full' acltest permission cannot 'read'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'edit' ), "Group with 'full' acltest permission cannot 'edit'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), "Group with 'full' acltest permission cannot 'full'." ); $this->assert_exception( 'InvalidArgumentException', "'write' is an invalid token flag." ); $this->acl_group->can( 'acltest', 'write' ); ACL::destroy_token( 'acltest' ); }
public function test_group_permissions() { $this->markTestSkipped('Test does not match class code; needs updating'); ACL::create_permission('acltest', 'A test ACL permission'); $this->assertTrue(ACL::token_exists('acltest'), 'Could not create acltest permission.'); $token_id = ACL::token_id('acltest'); ACL::grant_group($this->acl_group->id, $token_id, 'full'); $this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group.'); ACL::revoke_group_permission($this->acl_group->id, $token_id); $this->assert_false(ACL::group_can($this->acl_group->id, $token_id, 'full'), 'Could not revoke acltest permission from acltest-group.'); // check alternate means of granting a permission $this->acl_group->grant('acltest', 'full'); $this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group through UserGroup call.'); // full > read/write $this->assertTrue($this->acl_group->can('acltest', 'read'), "Group with 'full' acltest permission cannot 'read'."); $this->assertTrue($this->acl_group->can('acltest', 'write'), "Group with 'full' acltest permission cannot 'write'."); }
private function upgrade_db_post_4770() { // Add CRUD access tokens for other users' unpublished posts ACL::create_token('post_unpublished', _t("Permissions to other users' unpublished posts"), _t('Content'), true); // If a group doesn't have super_user permission, deny access to post_unpublished $groups = UserGroups::get_all(); foreach ($groups as $group) { if (!ACL::group_can($group->id, 'super_user', 'read')) { $group->deny('post_unpublished'); } } }