public function testABitOfEverythingAsAnExample()
{
$superAdminDude = new User();
$superAdminDude->title->value = 'Miss';
$superAdminDude->username = '******';
$superAdminDude->firstName = 'Laura';
$superAdminDude->lastName = 'Laurason';
$superAdminDude->setPassword('laura');
$this->assertTrue($superAdminDude->save());
$adminDude = new User();
$adminDude->title->value = 'Mr.';
$adminDude->username = '******';
$adminDude->firstName = 'Jason';
$adminDude->lastName = 'Jasonson';
$adminDude->setPassword('jason');
$this->assertTrue($adminDude->save());
$accountOwner = new User();
$accountOwner->title->value = 'Mr.';
// :P
$accountOwner->username = '******';
$accountOwner->firstName = 'lisa';
$accountOwner->lastName = 'Lisason';
$accountOwner->setPassword('lisay');
$this->assertTrue($accountOwner->save());
$salesDude1 = new User();
$salesDude1->title->value = 'Mr.';
$salesDude1->username = '******';
$salesDude1->firstName = 'Ray';
$salesDude1->lastName = 'Rayson';
$salesDude1->setPassword('ray45');
$this->assertTrue($salesDude1->save());
$salesDude2 = new User();
$salesDude2->title->value = 'Mr.';
$salesDude2->username = '******';
$salesDude2->firstName = 'Stafford';
$salesDude2->lastName = 'Staffordson';
$salesDude2->setPassword('stafford');
$this->assertTrue($salesDude2->save());
$managementDudette = new User();
$managementDudette->title->value = 'Ms.';
$managementDudette->username = '******';
$managementDudette->firstName = 'Donna';
$managementDudette->lastName = 'Donnason';
$managementDudette->setPassword('donna');
$this->assertTrue($managementDudette->save());
$supportDude = new User();
$supportDude->title->value = 'Mr.';
$supportDude->username = '******';
$supportDude->firstName = 'Ross';
$supportDude->lastName = 'Rosson';
$supportDude->setPassword('rossy');
$this->assertTrue($supportDude->save());
$superAdminDudes = new Group();
$superAdminDudes->name = 'Super Admin Dudes';
$superAdminDudes->users->add($superAdminDude);
$this->assertTrue($superAdminDudes->save());
$adminDudes = new Group();
$adminDudes->name = 'Admin Dudes';
$adminDudes->users->add($adminDude);
$adminDudes->groups->add($superAdminDudes);
$this->assertTrue($adminDudes->save());
$superAdminDudes->setPolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES, 0);
$this->assertTrue($superAdminDudes->save());
$adminDudes->setRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS);
$adminDudes->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB);
$adminDudes->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE);
$adminDudes->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$adminDudes->setPolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS, 90);
$this->assertTrue($adminDudes->save());
$salesDudes = new Group();
$salesDudes->name = 'Sales Dudes';
$salesDudes->users->add($salesDude1);
$salesDudes->users->add($salesDude2);
$this->assertTrue($salesDudes->save());
$managementDudes = new Group();
$managementDudes->name = 'Management Dudes';
$managementDudes->users->add($managementDudette);
$this->assertTrue($managementDudes->save());
$everyone = Group::getByName(Group::EVERYONE_GROUP_NAME);
$everyone->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB);
$everyone->setPolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES, 1);
$everyone->setPolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS, 30);
$this->assertTrue($everyone->save());
Yii::app()->user->userModel = $accountOwner;
$account = new Account();
$account->name = 'Doozy Co.';
$this->assertTrue($account->save());
// The account has no explicit permissions set at this point.
// The account owner has full permissions implicitly.
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner));
// Nobody else has permissions.
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude));
// Everyone is given read permissions to the account.
$everyone = Group::getByName(Group::EVERYONE_GROUP_NAME);
$account->addPermissions($everyone, Permission::READ);
$account->save();
// In one step everyone has read permissions, except the owner who still has full.
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($supportDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
// Sales Dudes is given write permissions to the account.
$account->addPermissions($salesDudes, Permission::WRITE);
$account->save();
// The Sales Dudes group and everyone in it has write.
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($supportDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
// Management Dudes is given change owner permissions to the account.
$account->addPermissions($managementDudes, Permission::CHANGE_OWNER);
$account->save();
// The Managment Dudes group and everyone in it has change owner.
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($supportDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
// We want to remove Support Dude's read on the account.
// The first way... having thought about our security and groups well...
// Everyone's read permission is removed, and instead Sales Dudes
// and Managment Dudes are given read permissions. Order is irrelevant.
$account->removePermissions($everyone, Permission::READ);
$account->addPermissions($salesDudes, Permission::READ);
$account->addPermissions($managementDudes, Permission::READ);
$account->save();
// The effect is that Support Dude and Admin Dudes lose read permissions because
// now nobody has that permission via Everyone.
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone));
// Permissions are set back.
$account->addPermissions($everyone, Permission::READ);
$account->removePermissions($salesDudes, Permission::READ);
$account->removePermissions($managementDudes, Permission::READ);
$account->save();
// Support Dude and Admin Dudes get their read back.
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($supportDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
// The second way... more ad-hoc...
// We explicitly deny. Deny's have precedence over allows.
$account->addPermissions($supportDude, Permission::READ, Permission::DENY);
$account->save();
// The effect is that Support Dude loses read permissions but
// Everyone else still has read.
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
// Managment Dudes has all permissions is denied.
// This takes precedence over the read permission the group was given.
$account->addPermissions($managementDudes, Permission::ALL, Permission::DENY);
$account->save();
// The effect is that Management Dudes lose all permissions
// regardless of what they have been granted.
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
// We'll give Management Dudes back their permissions.
$account->removePermissions($managementDudes, Permission::ALL, Permission::DENY);
// And give management dudette change permissions.
$account->addPermissions($managementDudette, Permission::CHANGE_PERMISSIONS);
$account->save();
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::READ | Permission::CHANGE_PERMISSIONS | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
// Then we'll just nuke eveyone's permissions. If you use this it is for
// the kind of scenario where an admin wants to re-setup permissions from scratch
// so you'd put a Do You Really Want To Do This???? kind of message.
Permission::deleteAll();
// Removing all permissions is done directly on the database,
// so we need to forget our account and get it back again.
$accountId = $account->id;
$account->forget();
unset($account);
$account = Account::getById($accountId);
// Nobody else has permissions again.
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDude));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDude1));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDude2));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudette));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudes));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude));
// TODO
// - Permissions on modules.
// - Permissions on types.
// - Permissions on fields.
// All users have the right to login via the web, because the Everyone group was granted that right.
$this->assertEquals(Right::ALLOW, $adminDude->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
$this->assertEquals(Right::ALLOW, $adminDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
$this->assertEquals(Right::ALLOW, $salesDude1->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
$this->assertEquals(Right::ALLOW, $salesDude2->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
$this->assertEquals(Right::ALLOW, $managementDudette->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
$this->assertEquals(Right::ALLOW, $salesDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
$this->assertEquals(Right::ALLOW, $managementDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
$this->assertEquals(Right::ALLOW, $supportDude->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
$this->assertEquals(Right::ALLOW, $everyone->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
$this->assertEquals(Right::ALLOW, $adminDude->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS));
$this->assertEquals(Right::ALLOW, $adminDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS));
$this->assertEquals(Right::DENY, $salesDude1->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS));
$this->assertEquals(Right::DENY, $salesDude2->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS));
$this->assertEquals(Right::DENY, $managementDudette->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS));
$this->assertEquals(Right::DENY, $salesDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS));
$this->assertEquals(Right::DENY, $managementDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS));
$this->assertEquals(Right::DENY, $supportDude->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS));
$this->assertEquals(Right::DENY, $everyone->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS));
// All users have a password expiry days of 30 because it was set on Everyone, but that was overridden
// for Admin Dudes with a more generous password expiry policy set for them.
$this->assertEquals(90, $adminDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(90, $adminDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(90, $adminDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(90, $adminDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(30, $salesDude1->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(30, $salesDude2->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(30, $managementDudette->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(30, $salesDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(30, $managementDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(30, $supportDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
$this->assertEquals(30, $everyone->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS));
// But all users' passwords, except Super Admin Dudes, expire because of the policy set on Everyone,
// which is set more specifically for Super Admin Dudes.
$this->assertEquals(0, $superAdminDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(0, $superAdminDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(1, $adminDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(1, $adminDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(1, $salesDude1->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(1, $salesDude2->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(1, $managementDudette->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(1, $salesDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(1, $managementDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(1, $supportDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
$this->assertEquals(1, $everyone->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES));
// The policy set on Super Admin Dudes that their passwords don't expire is more explicit than the Everyone
// setting and so takes precedence. While ALLOW for permissions and rights is just required from any one
// source (explicit or inherited from a group) and DENY on any source overrides it, the effective policy
// is the most explicit. A policy set specifically on a user overrides a policy set on a group they are
// directly in, which overrides one that that group is in, and so on, which overrides anything set on the
// Everyone group. If nothing is set the policy value is null.
// TODO
// - Roles.
}
public function testMakeBySecurableItem()
{
Yii::app()->user->userModel = User::getByUsername('super');
$group2 = Group::getByName('Group2');
$group3 = Group::getByName('Group3');
$account = new Account();
$account->name = 'aTestAccount';
$account->owner = Yii::app()->user->userModel;
$this->assertTrue($account->save());
$account->addPermissions($group2, Permission::READ_WRITE);
$account->addPermissions($group3, Permission::READ);
$this->assertTrue($account->save());
$accountId = $account->id;
$account->forget();
unset($account);
$explicitReadWriteModelPermissions = ExplicitReadWriteModelPermissionsUtil::makeBySecurableItem(Account::getById($accountId));
$this->assertTrue($explicitReadWriteModelPermissions instanceof ExplicitReadWriteModelPermissions);
$readWritePermitables = $explicitReadWriteModelPermissions->getReadWritePermitables();
$readOnlyPermitables = $explicitReadWriteModelPermissions->getReadOnlyPermitables();
$this->assertEquals(1, count($readWritePermitables));
$this->assertEquals(1, count($readOnlyPermitables));
$this->assertEquals($group3, $readOnlyPermitables[$group3->id]);
$this->assertEquals($group2, $readWritePermitables[$group2->id]);
}
/**
* @depends testUserAddedToGroup_Slide21
*/
public function testUserAddedToGroup_Slide22()
{
$u2 = User::getByUsername('u2.');
$u99 = User::getByUsername('u99.');
Yii::app()->user->userModel = $u99;
$g1 = Group::getByName('G1.');
$g2 = Group::getByName('G2.');
$g3 = Group::getByName('G3.');
$g3->groups->add($g2);
$this->assertTrue($g3->save());
$g2->groups->add($g1);
$this->assertTrue($g2->save());
Yii::app()->user->userModel = $u99;
$a3 = new Account();
$a3->name = 'A3.';
$a3->addPermissions($g1, Permission::READ);
$this->assertTrue($a3->save());
//Called in OwnedSecurableItem::afterSave();
//ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a3);
$a2 = new Account();
$a2->name = 'A2.';
$a2->addPermissions($g2, Permission::READ);
$this->assertTrue($a2->save());
//Called in OwnedSecurableItem::afterSave();
//ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a2);
$a1 = new Account();
$a1->name = 'A1.';
$a1->addPermissions($g3, Permission::READ);
$this->assertTrue($a1->save());
//Called in OwnedSecurableItem::afterSave();
//ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a1);
ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a3, $g1);
ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a2, $g2);
ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a1, $g3);
//Utilize method that is used by user interface to handle removing users from a group.
$form = new GroupUserMembershipForm();
$fakePostData = array('userMembershipData' => array(0 => $u2->id), 'userNonMembershipData' => array());
$form = GroupUserMembershipFormUtil::setFormFromCastedPost($form, $fakePostData);
$saved = GroupUserMembershipFormUtil::setMembershipFromForm($form, $g1);
//This is completed above in GroupUserMembershipFormUtil::setMembershipFromForm
//$g1->users->add($u2);
//$this->assertTrue($g1->save());
//ReadPermissionsOptimizationUtil::userAddedToGroup($g1, $u2);
$this->assertEquals(array(array('A1', 'G1', 1), array('A1', 'G2', 1), array('A1', 'G3', 1), array('A1', 'R5', 1), array('A1', 'R6', 1), array('A2', 'G1', 1), array('A2', 'G2', 1), array('A2', 'R5', 1), array('A2', 'R6', 1), array('A3', 'G1', 1), array('A3', 'R5', 1), array('A3', 'R6', 1)), self::getAccountMungeRows());
$this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt());
//Utilize method that is used by user interface to handle removing users from a group.
$form = new GroupUserMembershipForm();
$fakePostData = array('userMembershipData' => array(), 'userNonMembershipData' => array());
$form = GroupUserMembershipFormUtil::setFormFromCastedPost($form, $fakePostData);
$saved = GroupUserMembershipFormUtil::setMembershipFromForm($form, $g1);
//This is completed above in GroupUserMembershipFormUtil::setMembershipFromForm
//$g1->users->remove($u2);
//$this->assertTrue($g1->save());
//ReadPermissionsOptimizationUtil::userRemovedFromGroup($g1, $u2);
$this->assertEquals(array(array('A1', 'G1', 1), array('A1', 'G2', 1), array('A1', 'G3', 1), array('A2', 'G1', 1), array('A2', 'G2', 1), array('A3', 'G1', 1)), self::getAccountMungeRows());
$this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt());
$a1->delete();
$a2->delete();
$a3->delete();
$g1->group = null;
$this->assertTrue($g1->save());
$g2->group = null;
$this->assertTrue($g2->save());
$g3->group = null;
$this->assertTrue($g3->save());
}
/**
* @depends testCreateStarredTables
*/
public function testUnmarkModelAsStarredForAllUsers()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$steven = UserTestHelper::createBasicUser('Steven');
$account = new Account();
$account->owner = $super;
$account->name = 'Test Account';
$account->officePhone = '1234567890';
$account->addPermissions($steven, Permission::READ);
$this->assertTrue($account->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account, $steven);
StarredUtil::markModelAsStarred($account);
Yii::app()->user->userModel = $steven;
StarredUtil::markModelAsStarred($account);
$starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id);
$this->assertEquals(2, $starredRecords);
StarredUtil::unmarkModelAsStarredForAllUsers($account);
$starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id);
$this->assertEquals(0, $starredRecords);
}
public function testDeleteSecurableItemDeletesItsPermissions()
{
$user = User::getByUsername('billy');
$account = new Account();
$account->name = 'Waxamatronic';
$account->addPermissions($user, Permission::READ);
$this->assertTrue($account->save());
$this->assertEquals(1, count($account->permissions));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($user));
$account->delete();
unset($account);
$userId = $user->id;
unset($user);
RedBeanModel::forgetAll();
$this->assertEquals(0, count(Permission::getAll()));
}
