public function resolveRecordSharingPerformanceTime($count)
{
$groupMembers = array();
// create group
$this->resetGetArray();
$this->setPostArray(array('Group' => array('name' => "Group {$count}")));
$this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/group/create');
$group = Group::getByName("Group {$count}");
$this->assertNotNull($group);
$this->assertEquals("Group {$count}", strval($group));
$group->setRight('ContactsModule', ContactsModule::getAccessRight());
$group->setRight('ContactsModule', ContactsModule::getCreateRight());
$group->setRight('ContactsModule', ContactsModule::getDeleteRight());
$this->assertTrue($group->save());
$groupId = $group->id;
$group->forgetAll();
$group = Group::getById($groupId);
$this->resetGetArray();
for ($i = 0; $i < $count; $i++) {
$username = static::$baseUsername . "_{$i}_of_{$count}";
// Populate group
$this->setPostArray(array('UserPasswordForm' => array('firstName' => 'Some', 'lastName' => 'Body', 'username' => $username, 'newPassword' => 'myPassword123', 'newPassword_repeat' => 'myPassword123', 'officePhone' => '456765421', 'userStatus' => 'Active')));
$this->runControllerWithRedirectExceptionAndGetContent('/users/default/create');
$user = User::getByUsername($username);
$this->assertNotNull($user);
$groupMembers['usernames'][] = $user->username;
$groupMembers['ids'][] = $user->id;
}
$this->assertCount($count, $groupMembers['ids']);
// set user's group
$this->setGetArray(array('id' => $groupId));
$this->setPostArray(array('GroupUserMembershipForm' => array('userMembershipData' => $groupMembers['ids'])));
$this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/group/editUserMembership');
$group->forgetAll();
$group = Group::getById($groupId);
$this->assertCount($count, $group->users);
foreach ($groupMembers['ids'] as $userId) {
$user = User::getById($userId);
$this->assertEquals($group->id, $user->groups[0]->id);
$this->assertTrue(RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getAccessRight(), $user));
$this->assertTrue(RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getCreateRight(), $user));
$this->assertTrue(RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getDeleteRight(), $user));
}
$this->clearAllCaches();
// go ahead and create contact with group given readwrite, use group's first member to confirm he has create access
$this->logoutCurrentUserLoginNewUserAndGetByUsername($groupMembers['usernames'][0]);
$this->resetGetArray();
$startingState = ContactsUtil::getStartingState();
$this->setPostArray(array('Contact' => array('firstName' => 'John', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id), 'explicitReadWriteModelPermissions' => array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_NONEVERYONE_GROUP, 'nonEveryoneGroup' => $groupId))));
$startTime = microtime(true);
$url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create');
$timeTakenForSave = microtime(true) - $startTime;
$johnDoeContactId = intval(substr($url, strpos($url, 'id=') + 3));
$johnDoeContact = Contact::getById($johnDoeContactId);
$this->assertNotNull($johnDoeContact);
$this->resetPostArray();
$this->setGetArray(array('id' => $johnDoeContactId));
$content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
$this->assertContains('Who can read and write ' . strval($group), $content);
$this->clearAllCaches();
$this->resetPostArray();
// ensure group members have access
foreach ($groupMembers['usernames'] as $member) {
$user = $this->logoutCurrentUserLoginNewUserAndGetByUsername($member);
$this->assertNotNull($user);
$this->setGetArray(array('id' => $johnDoeContactId));
$this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
$this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit');
}
return $timeTakenForSave;
}
/**
* @depends testListContacts
*/
public function testUnprivilegedUserViewUpdateDeleteContacts()
{
Yii::app()->user->userModel = User::getByUsername('super');
$notAllowedUser = UserTestHelper::createBasicUser('Steven');
$notAllowedUser->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$saved = $notAllowedUser->save();
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
$this->assertTrue($everyoneGroup->save());
$contacts = Contact::getByName('Michael Smith with just owner');
$this->assertEquals(1, count($contacts));
$data['department'] = "Support";
// Test with unprivileged user to view, edit and delete account.
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$response = $this->createApiCallWithRelativeUrl('read/' . $contacts[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
$response = $this->createApiCallWithRelativeUrl('update/' . $contacts[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
$response = $this->createApiCallWithRelativeUrl('delete/' . $contacts[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
//now check if user have rights, but no permissions.
$notAllowedUser->setRight('ContactsModule', ContactsModule::getAccessRight());
$notAllowedUser->setRight('ContactsModule', ContactsModule::getCreateRight());
$notAllowedUser->setRight('ContactsModule', ContactsModule::getDeleteRight());
$saved = $notAllowedUser->save();
$this->assertTrue($saved);
$response = $this->createApiCallWithRelativeUrl('read/' . $contacts[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
$response = $this->createApiCallWithRelativeUrl('update/' . $contacts[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
$response = $this->createApiCallWithRelativeUrl('delete/' . $contacts[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
// Allow everyone group to read/write contact
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
unset($data);
$data['explicitReadWriteModelPermissions'] = array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_EVERYONE_GROUP);
$response = $this->createApiCallWithRelativeUrl('update/' . $contacts[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$response = $this->createApiCallWithRelativeUrl('read/' . $contacts[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
unset($data);
$data['department'] = "Support";
$response = $this->createApiCallWithRelativeUrl('update/' . $contacts[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals('Support', $response['data']['department']);
// Test with privileged user
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
//Test Delete
$response = $this->createApiCallWithRelativeUrl('delete/' . $contacts[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$response = $this->createApiCallWithRelativeUrl('read/' . $contacts[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
}
