/**
* @depends testListTasks
*/
public function testUnprivilegedUserViewUpdateDeleteTasks()
{
Yii::app()->user->userModel = User::getByUsername('super');
$notAllowedUser = UserTestHelper::createBasicUser('Steven');
$notAllowedUser->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$saved = $notAllowedUser->save();
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
$this->assertTrue($everyoneGroup->save());
$tasks = Task::getByName('Check bills');
$this->assertEquals(1, count($tasks));
$data['completed'] = 1;
// Test with unprivileged user to view, edit and delete account.
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/read/' . $tasks[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/read/' . $tasks[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/read/' . $tasks[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
//now check if user have rights, but no permissions.
$notAllowedUser->setRight('TasksModule', TasksModule::getAccessRight());
$notAllowedUser->setRight('TasksModule', TasksModule::getCreateRight());
$notAllowedUser->setRight('TasksModule', TasksModule::getDeleteRight());
$saved = $notAllowedUser->save();
$this->assertTrue($saved);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/read/' . $tasks[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/update/' . $tasks[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/delete/' . $tasks[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
// Allow everyone group to read/write task
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
unset($data);
$data['explicitReadWriteModelPermissions'] = array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_EVERYONE_GROUP);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/update/' . $tasks[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/read/' . $tasks[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
unset($data);
$data['completed'] = 1;
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/update/' . $tasks[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(1, $response['data']['completed']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/delete/' . $tasks[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
// Test with privileged user
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
//Test Delete
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/delete/' . $tasks[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/tasks/task/api/read/' . $tasks[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
}
/**
* Test if all newly created items was pulled from read permission tables via API.
* Please note that here we do not test if data are inserted in read permission tables correctly, that is
* part of read permission subscription tests
* @throws NotFoundException
* @throws NotImplementedException
* @throws NotSupportedException
*/
public function testGetCreatedTasks()
{
$timestamp = time();
sleep(1);
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$lisa = UserTestHelper::createBasicUser('Lisa');
$lisa->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$lisa->setRight('TasksModule', TasksModule::getAccessRight());
$this->assertTrue($lisa->save());
$this->deleteAllModelsAndRecordsFromReadPermissionTable('Task');
$job = new ReadPermissionSubscriptionUpdateJob();
ReadPermissionsOptimizationUtil::rebuild();
$task1 = TaskTestHelper::createTaskByNameForOwner('Task1', $super);
sleep(1);
$task2 = TaskTestHelper::createTaskByNameForOwner('Task2', $super);
sleep(1);
$task3 = TaskTestHelper::createTaskByNameForOwner('Task3', $super);
sleep(1);
$this->assertTrue($job->run());
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$data = array('sinceTimestamp' => $timestamp, 'pagination' => array('pageSize' => 2, 'page' => 1));
$response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(3, $response['data']['totalCount']);
$this->assertEquals(2, $response['data']['pageSize']);
$this->assertEquals(1, $response['data']['currentPage']);
$this->assertEquals($task1->id, $response['data']['items'][0]['id']);
$this->assertEquals($super->id, $response['data']['items'][0]['owner']['id']);
$this->assertEquals($task1->name, $response['data']['items'][0]['name']);
$this->assertEquals($task2->id, $response['data']['items'][1]['id']);
$this->assertEquals($super->id, $response['data']['items'][1]['owner']['id']);
$this->assertEquals($task2->name, $response['data']['items'][1]['name']);
$data = array('sinceTimestamp' => 0, 'pagination' => array('pageSize' => 2, 'page' => 2));
$response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(3, $response['data']['totalCount']);
$this->assertEquals(2, $response['data']['pageSize']);
$this->assertEquals(2, $response['data']['currentPage']);
$this->assertEquals($task3->id, $response['data']['items'][0]['id']);
$this->assertEquals($super->id, $response['data']['items'][0]['owner']['id']);
$this->assertEquals($task3->name, $response['data']['items'][0]['name']);
// Change owner of $contact1, it should appear in Lisa's created contacts
$task1->owner = $lisa;
$this->assertTrue($task1->save());
sleep(1);
$this->assertTrue($job->run());
$data = array('sinceTimestamp' => $timestamp, 'pagination' => array('pageSize' => 2, 'page' => 1));
$response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(2, $response['data']['totalCount']);
$this->assertEquals(2, $response['data']['pageSize']);
$this->assertEquals(1, $response['data']['currentPage']);
$this->assertEquals($task2->id, $response['data']['items'][0]['id']);
$this->assertEquals($super->id, $response['data']['items'][0]['owner']['id']);
$this->assertEquals($task2->name, $response['data']['items'][0]['name']);
$this->assertEquals($task3->id, $response['data']['items'][1]['id']);
$this->assertEquals($super->id, $response['data']['items'][1]['owner']['id']);
$this->assertEquals($task3->name, $response['data']['items'][1]['name']);
$authenticationData = $this->login('lisa', 'lisa');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$data = array('sinceTimestamp' => $timestamp, 'pagination' => array('pageSize' => 2, 'page' => 1));
$response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(1, $response['data']['totalCount']);
$this->assertEquals(2, $response['data']['pageSize']);
$this->assertEquals(1, $response['data']['currentPage']);
$this->assertEquals($task1->id, $response['data']['items'][0]['id']);
$this->assertEquals($lisa->id, $response['data']['items'][0]['owner']['id']);
$this->assertEquals($task1->name, $response['data']['items'][0]['name']);
}
