Beispiel #1
0
 public function tearDown()
 {
     parent::tearDown();
     $testRole = new Opus_UserRole($this->roleId);
     $testRole->delete();
     $userAccount = new Opus_Account($this->userId);
     $userAccount->delete();
 }
Beispiel #2
0
 /**
  * Post-store hook will be called right after the document has been stored
  * to the database.
  * 
  * @see {Opus_Model_Plugin_Interface::postStore}
  */
 public function postStore(Opus_Model_AbstractDb $model)
 {
     // only index Opus_File instances
     if (false === $model instanceof Opus_File) {
         $this->getLogger()->err(__METHOD__ . '#1 argument must be instance of Opus_File');
         return;
     }
     // only new Opus_File instances
     if (true !== $model->isNewRecord()) {
         return;
     }
     $config = Zend_Registry::get('Zend_Config');
     if (!is_null($config) && isset($config->securityPolicy->files->defaultAccessRole)) {
         $roleName = $config->securityPolicy->files->defaultAccessRole;
         // Empty name -> don't set any role for access
         if (strlen(trim($roleName)) > 0) {
             $accessRole = Opus_UserRole::fetchByName($roleName);
             if (is_null($accessRole)) {
                 $this->getLogger()->err(__METHOD__ . ": Failed to add role '{$roleName}' to file " . $model->getId() . "; '{$roleName}' role does not exist!");
                 return;
             }
             $accessRole->appendAccessFile($model->getId());
             $accessRole->store();
         }
     }
 }
Beispiel #3
0
 /**
  * Publishes documents and adds the given Person as referee.
  *
  * @param array $docIds
  * @param mixed $userId
  * @param Opus_Person $person
  *
  * FIXME capture success or failure for display afterwards
  */
 public function clear(array $docIds = null, $userId = null, $person = null)
 {
     $logger = Zend_Registry::get('Zend_Log');
     foreach ($docIds as $docId) {
         $logger->debug('Change state to "published" for document: ' . $docId);
         $document = new Opus_Document($docId);
         $document->setServerState('published');
         $date = new Opus_Date();
         $date->setNow();
         $document->setServerDatePublished($date);
         $document->setPublishedDate($date);
         $guest_role = Opus_UserRole::fetchByName('guest');
         foreach ($document->getFile() as $file) {
             $guest_role->appendAccessFile($file->getId());
         }
         if (isset($person)) {
             $document->addPersonReferee($person);
         }
         $enrichment = $document->addEnrichment();
         $enrichment->setKeyName('review.accepted_by')->setValue($userId);
         // TODO: Put into same transaction...
         $document->store();
         $guest_role->store();
     }
     return;
 }
Beispiel #4
0
 public function getRolePermissions($acl, $roleName)
 {
     $role = Opus_UserRole::fetchByName($roleName);
     if (is_null($role)) {
         Zend_Registry::get('Zend_Log')->err("Attempt to load unknown role '{$roleName}'.");
         return;
     }
     $resources = $role->listAccessModules();
     $resourcesConfigured = false;
     $accessibleModules = array();
     foreach ($resources as $resource) {
         if (!strncmp('resource_', $resource, 9)) {
             // resource (like languages);
             $resource = new Zend_Acl_Resource(substr($resource, 9));
             $acl->allow($roleName, $resource);
             $resourcesConfigured = true;
         } else {
             if (!strncmp('workflow_', $resource, 9)) {
                 // workflow permission
                 $resource = new Zend_Acl_Resource($resource);
                 $acl->allow($roleName, $resource);
             } else {
                 // module access
                 $accessibleModules[] = $resource;
             }
         }
     }
     if (!$resourcesConfigured) {
         foreach ($accessibleModules as $module) {
             if ($acl->has(new Zend_Acl_Resource($module))) {
                 $acl->allow($roleName, $module);
             }
         }
     }
 }
Beispiel #5
0
 public function testRequestUnpublishedDoc()
 {
     $r = Opus_UserRole::fetchByName('guest');
     $modules = $r->listAccessModules();
     $addOaiModuleAccess = !in_array('oai', $modules);
     if ($addOaiModuleAccess) {
         $r->appendAccessModule('oai');
         $r->store();
     }
     // enable security
     $config = Zend_Registry::get('Zend_Config');
     $security = $config->security;
     $config->security = '1';
     Zend_Registry::set('Zend_Config', $config);
     $doc = $this->createTestDocument();
     $doc->setServerState('unpublished');
     $doc->store();
     $this->dispatch('/oai/container/index/docId/' . $doc->getId());
     if ($addOaiModuleAccess) {
         $r->removeAccessModule('oai');
         $r->store();
     }
     // restore security settings
     $config->security = $security;
     Zend_Registry::set('Zend_Config', $config);
     $this->assertResponseCode(500);
     $this->assertContains('access to requested document is forbidden', $this->getResponse()->getBody());
 }
Beispiel #6
0
 public function testGetRolesMultiOptions()
 {
     $element = new Application_Form_Element_Roles('Roles');
     $options = $element->getRolesMultiOptions();
     $this->assertEquals(count(Opus_UserRole::getAll()), count($options));
     foreach ($options as $value => $label) {
         $this->assertEquals($value, $label);
     }
 }
Beispiel #7
0
 public function tearDown()
 {
     $this->logoutUser();
     $this->restoreSecuritySetting();
     $user = Opus_Account::fetchAccountByLogin($this->userName);
     $user->delete();
     $userRole = Opus_UserRole::fetchByName($this->roleName);
     $userRole->delete();
     parent::tearDown();
 }
Beispiel #8
0
 /**
  * Test setting selected roles.
  */
 public function testSetSelectedRoles()
 {
     $form = new Admin_Form_IpRange();
     $roles = array();
     $roles[] = Opus_UserRole::fetchByName('administrator');
     $form->setSelectedRoles($roles);
     $this->assertEquals(1, $form->getElement('roleadministrator')->getValue());
     // TODO 'guest' is always selected because of policy
     $this->assertEquals(1, $form->getElement('roleguest')->getValue());
 }
Beispiel #9
0
 public function getRolesMultiOptions()
 {
     $roles = Opus_UserRole::getAll();
     $options = array();
     foreach ($roles as $role) {
         $roleName = $role->getDisplayName();
         $options[$roleName] = $roleName;
     }
     return $options;
 }
Beispiel #10
0
 /**
  * Initialize model with the following fields:
  * - staringip
  * - endingip
  * - Name
  *
  * @return void
  */
 protected function _init()
 {
     $startingip = new Opus_Model_Field('Startingip');
     $endingip = new Opus_Model_Field('Endingip');
     $name = new Opus_Model_Field('Name');
     $role = new Opus_Model_Field('Role');
     $startingip->setMandatory(true)->setValidator(new Zend_Validate_NotEmpty())->setValidator(new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_IP));
     $endingip->setMandatory(true)->setValidator(new Zend_Validate_NotEmpty())->setValidator(new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_IP));
     $role->setMultiplicity('*')->setDefault(Opus_UserRole::getAll())->setSelection(true);
     $this->addField($startingip)->addField($endingip)->addField($name)->addField($role);
 }
Beispiel #11
0
 /**
  * Checks if a login name already exists in database.
  * @param string $login
  * @return boolean
  */
 protected function _isRoleUsed($role)
 {
     try {
         $role = Opus_UserRole::fetchByName($role);
         if (empty($role)) {
             return false;
         }
     } catch (Exception $ex) {
         return false;
     }
     return true;
 }
Beispiel #12
0
 public static function parseSelectedRoleNames($postData)
 {
     $roles = Opus_UserRole::getAll();
     $selectedRoles = array();
     foreach ($roles as $roleName) {
         $keyName = 'role' . $roleName;
         // FIXME: Kludge to avoid undefined array indices.
         if (!array_key_exists($keyName, $postData)) {
             continue;
         }
         // If role-checkbox is activated, add role to returned array.
         if ($postData[$keyName]) {
             $selectedRoles[] = $roleName;
         }
     }
     return $selectedRoles;
 }
Beispiel #13
0
 private function addTestAccountWithRoles()
 {
     // Make sure, the role exists.
     $role = Opus_UserRole::fetchByName("administrator");
     $this->assertNotNull($role);
     // Prepare first request.
     $this->login = '******' . rand();
     $this->password = '******';
     $this->roles = array("reviewer", "administrator");
     $this->requestData = array('login' => $this->login, 'password' => $this->password, 'user-roles' => implode(",", $this->roles));
     /* Creating first collection to work with. */
     $this->request->setMethod('POST')->setPost($this->requestData);
     $this->dispatch('/remotecontrol/account/add');
     // Make sure, this request returned successfully.
     $this->assertResponseCode(200);
     $this->assertController('account');
     $this->assertAction('add');
     $body = $this->getResponse()->getBody();
     $this->checkForBadStringsInHtml($body);
     $this->assertContains('SUCCESS', $body);
 }
Beispiel #14
0
 public function addAction()
 {
     $this->_helper->layout()->disableLayout();
     $this->_helper->viewRenderer->setNoRender(true);
     $request = $this->getRequest();
     $login = $request->getParam('login');
     $password = $request->getParam('password');
     $userRoles = $request->getParam('user-roles');
     $testAccount = Opus_Account::fetchAccountByLogin($login);
     if (!is_null($testAccount)) {
         $this->getResponse()->setHttpResponseCode(400);
         $this->getResponse()->setBody("ERROR: Account '{$login}' already exists.");
         return;
     }
     $account = new Opus_Account();
     $account->setLogin($login);
     $account->setPassword($password);
     foreach (explode(",", $userRoles) as $roleName) {
         $roleName = trim($roleName);
         $role = Opus_UserRole::fetchByName($roleName);
         if ($role instanceof Opus_UserRole) {
             $account->addRole($role);
         } else {
             $this->getResponse()->setHttpResponseCode(400);
             $this->getResponse()->setBody("ERROR: Role '{$roleName}' does not exist.");
             return;
         }
     }
     try {
         $account->store();
     } catch (Opus_Security_Exception $e) {
         $this->getResponse()->setHttpResponseCode(400);
         $this->getResponse()->setBody("ERROR: " . $e->getMessage());
         return;
     }
     $this->getResponse()->setBody('SUCCESS');
 }
Beispiel #15
0
 public function testFormWithValidDocumentIdSubmitSetsReviewerRole()
 {
     $this->loginUser('referee', 'refereereferee');
     $loggedUserModel = new Publish_Model_LoggedUser();
     $loggedUserId = $loggedUserModel->getUserId();
     $docId = $this->createValidDocument($loggedUserId);
     $session = new Zend_Session_Namespace('Publish');
     $session->depositConfirmDocumentId = $docId;
     $this->request->setMethod('POST')->setPost(array('reviewerid' => $loggedUserId, 'submit' => 'Send'));
     $this->dispatch('/matheon/select-reviewer/form');
     $this->assertResponseCode(200);
     // Check, that right privilege has been set.
     $reviewer = Opus_UserRole::fetchByName('reviewer');
     $this->assertContains($docId, $reviewer->listAccessDocuments());
 }
Beispiel #16
0
 private function resetSecurity()
 {
     $r = Opus_UserRole::fetchByName('guest');
     if ($this->_addOaiModuleAccess) {
         $r->removeAccessModule('oai');
         $r->store();
     }
     // restore security settings
     $config = Zend_Registry::get('Zend_Config');
     $config->security = $this->_security;
     Zend_Registry::set('Zend_Config', $config);
 }
Beispiel #17
0
 public function updateFileRoles($file, $selectedRoles)
 {
     $selectedRoles = is_array($selectedRoles) ? $selectedRoles : array($selectedRoles);
     $fileId = $file->getId();
     $currentRoleNames = $this->getRolesForFile($fileId);
     // remove roles that are not selected
     foreach ($currentRoleNames as $index => $roleName) {
         if (!in_array($roleName, $selectedRoles)) {
             $role = Opus_UserRole::fetchByName($roleName);
             $role->removeAccessFile($fileId);
             $role->store();
             $this->getLogger()->debug("File ID = {$fileId} access for role '{$roleName}' removed.");
         }
     }
     if (count($selectedRoles) == 1 && is_null($selectedRoles[0])) {
         return;
     }
     // add selected roles
     foreach ($selectedRoles as $roleName) {
         $role = Opus_UserRole::fetchByName($roleName);
         if (!is_null($role)) {
             if (!in_array($roleName, $currentRoleNames)) {
                 $role->appendAccessFile($fileId);
                 $role->store();
                 $this->getLogger()->debug("File ID = {$fileId} access for role '{$roleName}' added.");
             } else {
                 $this->getLogger()->debug("File ID = {$fileId} access for role '{$roleName}' already permitted.");
             }
         } else {
             $this->getLogger()->err(__METHOD__ . " Unknown role '{$roleName}'.'");
         }
     }
 }
Beispiel #18
0
 public function testPopulateFromRole()
 {
     $role = Opus_UserRole::fetchByName('guest');
     $form = new Admin_Form_Role($role->getId());
     $this->assertEquals('guest', $form->getElement('name')->getValue());
 }
Beispiel #19
0
 /**
  * Stores roles for document.
  *
  * @param <type> $request
  *
  * TODO Is it a problem if document is append twice?
  */
 private function storeRoles($request)
 {
     $docId = $request->getParam('docid');
     $roles = Opus_UserRole::getAll();
     foreach ($roles as $role) {
         $roleName = $role->getName();
         $checked = $request->getParam($roleName);
         if ($checked) {
             $role->appendAccessDocument($docId);
             $role->store();
         } else {
             $role->removeAccessDocument($docId);
             $role->store();
         }
     }
 }
Beispiel #20
0
 protected function _isRoleNameExists($name)
 {
     $role = Opus_UserRole::fetchByName($name);
     if (empty($role)) {
         return false;
     } else {
         return true;
     }
 }
Beispiel #21
0
 /** Get OAI-Visibility according to the Role.
  *
  * @param string
  * @return boolean
  */
 private function getVisibilityInOai($subdir)
 {
     if (strpos($subdir, "original") === 0 || strpos($subdir, "html") === 0) {
         return false;
     }
     if (!is_null($this->roleId)) {
         $role = new Opus_UserRole($this->roleId);
         if ($role->getName() == 'guest') {
             return true;
         }
     }
     return false;
 }
Beispiel #22
0
 public function testUserAccessToInstituteWithInstituteRightsRegression3245()
 {
     $testRole = new Opus_UserRole();
     $testRole->setName('TestRole');
     $testRole->appendAccessModule('admin');
     $testRole->appendAccessModule('resource_institutions');
     $this->roleId = $testRole->store();
     $userAccount = new Opus_Account();
     $userAccount->setLogin('role_tester')->setPassword('role_tester');
     $userAccount->setRole($testRole);
     $this->userId = $userAccount->store();
     $this->enableSecurity();
     $this->loginUser('role_tester', 'role_tester');
     $this->useEnglish();
     $this->dispatch('/admin/dnbinstitute/edit/id/1');
     $this->assertNotRedirect();
     $this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
     $this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
 }
Beispiel #23
0
 private function mapRoles()
 {
     $mf = $this->config->migration->mapping->roles;
     $fp = null;
     try {
         $fp = @fopen($mf, 'w');
         if (!$fp) {
             throw new Exception("ERROR Opus3RoleImport: Could not create '" . $mf . "' for Roles.\n");
         }
     } catch (Exception $e) {
         $this->logger->log($e->getMessage(), Zend_Log::ERR);
         return;
     }
     try {
         if (count($this->roles) > 0) {
             foreach ($this->roles as $r) {
                 $name = $r->name;
                 $bereich = $r->bereich;
                 $role = null;
                 if (Opus_UserRole::fetchByname($name)) {
                     $role = Opus_UserRole::fetchByname($name);
                     $this->logger->log("Role in DB found: " . $r->name, Zend_Log::DEBUG);
                 } else {
                     $role = new Opus_UserRole();
                     $role->setName($r->name);
                     $role->store();
                     $this->logger->log("Role imported: " . $r->name, Zend_Log::DEBUG);
                 }
                 $db_ips = array();
                 $db_ips = Opus_Iprange::getAll();
                 if (count($r->ip) > 0) {
                     foreach ($r->ip as $role_ip) {
                         foreach ($db_ips as $db_ip) {
                             if ($role_ip == $db_ip->getDisplayName()) {
                                 $roles = array();
                                 $roles = $db_ip->getRole();
                                 array_push($roles, $role);
                                 $db_ip->setRole($roles);
                                 $db_ip->store();
                             }
                         }
                     }
                 }
                 fputs($fp, $r->bereich . ' ' . $role->getId() . "\n");
             }
         }
     } catch (Exception $e) {
         $this->logger->log($e->getMessage(), Zend_Log::ERR);
     }
     fclose($fp);
 }
Beispiel #24
0
 /**
  * @depends testUpdateActionInvalidInput
  */
 public function testDeleteAction()
 {
     $role = Opus_UserRole::fetchByName('testrole2');
     $this->assertNotNull($role);
     $this->dispatch('/admin/role/delete/id/' . $role->getId());
     $this->assertModule('admin');
     $this->assertController('role');
     $this->assertAction('delete');
     $this->assertRedirect();
 }
Beispiel #25
0
 public function run($argv)
 {
     if (count($argv) < 2) {
         echo "missing file name\n";
         return;
     }
     $ignoreHeader = true;
     if (count($argv) > 3 && $argv[3] == 'noheader') {
         $ignoreHeader = false;
     }
     if (count($argv) > 2) {
         if (!is_readable($argv[2])) {
             echo "fulltext directory '" . $argv[2] . "' is not readable -- check path or permissions\n";
         } else {
             $this->_fulltextDir = $argv[2];
             $this->_guestRole = Opus_UserRole::fetchByName('guest');
         }
     }
     $filename = $argv[1];
     if (!is_readable($filename)) {
         echo "import file does not exist or is not readable\n";
     }
     $file = fopen($filename, 'r');
     if (!$file) {
         echo "Error while opening import file\n";
     }
     $rowCounter = 0;
     $docCounter = 0;
     $errorCounter = 0;
     // TODO Feldtrenner und Feldbegrenzer konfigurierbar machen
     while (($row = fgetcsv($file, 0, "\t", '"', '\\')) != false) {
         $rowCounter++;
         $numOfCols = count($row);
         if ($numOfCols != self::NUM_OF_COLUMNS) {
             echo "unexpected number of columns ({$numOfCols}) in row {$rowCounter}: row is skipped\n";
             // TODO add to reject.log
             continue;
         }
         if ($ignoreHeader && $rowCounter == 1) {
             continue;
         }
         if ($this->processRow($row)) {
             $docCounter++;
         } else {
             $errorCounter++;
         }
     }
     echo "number of rows: {$rowCounter}\n";
     echo "number of created docs: {$docCounter}\n";
     echo "number of skipped docs: {$errorCounter}\n";
     // Informationen zu den vergebenen Bandnummern
     foreach ($this->_seriesIdsMap as $seriesId => $number) {
         echo "series # {$seriesId} : max. number is {$number}\n";
     }
     fclose($file);
 }
Beispiel #26
0
 public function testAccessUserToFileRegression3281()
 {
     $this->enableSecurity();
     // test document access as user with document access rights
     $doc = $this->createTestDocument();
     $doc->setServerState('published');
     $publishedDocId = $doc->store();
     $doc = $this->createTestDocument();
     $doc->setServerState('unpublished');
     $unpublishedDocId = $doc->store();
     $testRole = new Opus_UserRole();
     $testRole->setName('test_access');
     $testRole->appendAccessDocument($unpublishedDocId);
     $testRole->appendAccessDocument($publishedDocId);
     $this->roleId = $testRole->store();
     $userAccount = new Opus_Account();
     $userAccount->setLogin('test_account')->setPassword('role_tester_user2');
     $userAccount->setRole($testRole);
     $this->userId = $userAccount->store();
     $this->loginUser('test_account', 'role_tester_user2');
     $this->tryAccessForDocument($publishedDocId, true);
     $this->tryAccessForDocument($unpublishedDocId, true);
     $this->logoutUser();
 }
Beispiel #27
0
 /**
  * Updates account information.
  */
 public function updateAction()
 {
     if ($this->getRequest()->isPost()) {
         $button = $this->getRequest()->getParam('cancel');
         if (isset($button)) {
             $this->_helper->redirector('index');
             return;
         }
         $id = $this->getRequest()->getParam('id');
         $accountForm = new Admin_Form_Account($id);
         $postData = $this->getRequest()->getPost();
         $passwordChanged = true;
         if (empty($postData['password'])) {
             // modify to pass default validation
             // TODO think about better solution (validation context?)
             $postData['password'] = '******';
             $postData['confirmPassword'] = '******';
             $passwordChanged = false;
         }
         $account = new Opus_Account($id);
         $postData['oldLogin'] = strtolower($account->getLogin());
         if ($accountForm->isValid($postData)) {
             $account->setFirstName($postData['firstname']);
             $account->setLastName($postData['lastname']);
             $account->setEmail($postData['email']);
             $oldLogin = strtolower($account->getLogin());
             // update login name
             $newLogin = $postData['username'];
             if ($newLogin !== $oldLogin) {
                 $account->setLogin($newLogin);
                 $loginChanged = true;
             } else {
                 $loginChanged = false;
             }
             // update password
             if ($passwordChanged) {
                 $password = $postData['password'];
                 $account->setPassword($password);
             }
             // update roles
             $newRoles = Admin_Form_Account::parseSelectedRoles($postData);
             // TODO optimize code
             $hasAdministratorRole = false;
             foreach ($newRoles as $role) {
                 if (strtolower($role->getDisplayName()) === 'administrator') {
                     $hasAdministratorRole = true;
                     break;
                 }
             }
             $currentUser = Zend_Auth::getInstance()->getIdentity();
             $isCurrentUser = $currentUser === $oldLogin ? true : false;
             if (!$hasAdministratorRole && $isCurrentUser) {
                 $newRoles[] = Opus_UserRole::fetchByName('administrator');
             }
             $account->setRole($newRoles);
             $account->store();
             if ($isCurrentUser && ($loginChanged || $passwordChanged)) {
                 Zend_Auth::getInstance()->clearIdentity();
             }
         } else {
             $actionUrl = $this->view->url(array('action' => 'update', 'id' => $id));
             $accountForm->setAction($actionUrl);
             $this->view->form = $accountForm;
             $this->view->title = 'admin_account_edit';
             return $this->renderScript('account/edit.phtml');
         }
     }
     $this->_helper->redirector('index');
 }
Beispiel #28
0
 public function testFileAccess()
 {
     $guest = Opus_UserRole::fetchByName('guest');
     $this->assertContains($this->doc->getFile(0)->getId(), $guest->listAccessFiles());
     $this->assertContains($this->doc->getFile(1)->getId(), $guest->listAccessFiles());
     $this->assertContains($this->doc->getFile(2)->getId(), $guest->listAccessFiles());
 }
Beispiel #29
0
 /**
  * Regression test for OPUSVIER-2337
  */
 public function testUnavailableSolrServerReturns503()
 {
     $this->requireSolrConfig();
     // role guest needs privilege to access module export
     $r = Opus_UserRole::fetchByName('guest');
     $modules = $r->listAccessModules();
     $addOaiModuleAccess = !in_array('export', $modules);
     if ($addOaiModuleAccess) {
         $r->appendAccessModule('export');
         $r->store();
     }
     // manipulate solr configuration
     $config = Zend_Registry::get('Zend_Config');
     $host = $config->searchengine->index->host;
     $port = $config->searchengine->index->port;
     $oldValue = $config->searchengine->index->app;
     $this->disableSolr();
     $security = $config->security;
     $config->security = '1';
     Zend_Registry::set('Zend_Config', $config);
     $this->dispatch('/export/index/index/searchtype/all/export/xml/stylesheet/example');
     $body = $this->getResponse()->getBody();
     // restore security settings
     if ($addOaiModuleAccess) {
         $r->removeAccessModule('export');
         $r->store();
     }
     // restore configuration
     $config = Zend_Registry::get('Zend_Config');
     $config->searchengine->index->app = $oldValue;
     $config->security = $security;
     Zend_Registry::set('Zend_Config', $config);
     $this->assertNotContains("http://{$host}:{$port}/solr/corethatdoesnotexist", $body);
     $this->assertContains("exception 'Application_SearchException' with message 'search server is not responding -- try again later'", $body);
     $this->assertResponseCode(503);
 }
Beispiel #30
0
 public function testRemoveGuestAccess()
 {
     $document = $this->createTestDocument();
     $file = $document->addFile();
     $file->setPathName('testdatei.txt');
     $this->documentId = $document->store();
     $document = new Opus_Document($this->documentId);
     $fileId = $document->getFile(0)->getId();
     $roleGuest = Opus_UserRole::fetchByName('guest');
     $files = $roleGuest->listAccessFiles();
     $this->assertContains($fileId, $files);
     $this->getRequest()->setMethod('POST')->setPost(array('FileManager' => array('Files' => array('File0' => array('Id' => $fileId, 'FileLink' => $fileId, 'Language' => 'deu', 'Comment' => 'Testkommentar', 'Roles' => array('administrator'))), 'Save' => 'Speichern')));
     $this->dispatch('/admin/filemanager/index/id/' . $this->documentId);
     $this->assertRedirectTo('/admin/document/index/id/' . $this->documentId);
     $roleGuest = Opus_UserRole::fetchByName('guest');
     $files = $roleGuest->listAccessFiles();
     $this->assertNotContains($fileId, $files);
 }