public function testBooleanOperators()
{
$vo_acr = AccessRestrictions::load(true);
// OR
$va_access_restrictions = array("administrate/setup/list_editor/ListEditorController" => array("default" => array("operator" => "OR", "actions" => array("can_edit_ca_lists", "can_create_ca_lists", "can_delete_ca_lists"))));
$vo_acr->opa_acr = $va_access_restrictions;
// no role -> can't access controller
$this->opt_role->setMode(ACCESS_WRITE);
$this->opt_role->setRoleActions(array());
$this->opt_role->update();
ca_users::$s_user_action_access_cache = array();
$vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit");
$this->assertFalse($vb_access);
// has one of the OR-ed roles -> can access controller
$this->opt_role->setMode(ACCESS_WRITE);
$va_actions = $va_access_restrictions["administrate/setup/list_editor/ListEditorController"]["default"]["actions"];
$this->opt_role->setRoleActions(array($va_actions[array_rand($va_actions)]));
$this->opt_role->update();
ca_users::$s_user_action_access_cache = array();
$vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit");
$this->assertTrue($vb_access);
// AND
$va_access_restrictions = array("administrate/setup/list_editor/ListEditorController" => array("default" => array("operator" => "AND", "actions" => array("can_edit_ca_lists", "can_create_ca_lists", "can_delete_ca_lists"))));
$vo_acr->opa_acr = $va_access_restrictions;
// no role -> can't access controller
$this->opt_role->setMode(ACCESS_WRITE);
$this->opt_role->setRoleActions(array());
$this->opt_role->update();
ca_users::$s_user_action_access_cache = array();
$vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit");
$this->assertFalse($vb_access);
// has one of the AND-ed roles -> can't access controller
$this->opt_role->setMode(ACCESS_WRITE);
$va_actions = $va_access_restrictions["administrate/setup/list_editor/ListEditorController"]["default"]["actions"];
$this->opt_role->setRoleActions(array($va_actions[array_rand($va_actions)]));
$this->opt_role->update();
ca_users::$s_user_action_access_cache = array();
$vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit");
$this->assertFalse($vb_access);
// has all AND-ed roles -> can access controller
$this->opt_role->setMode(ACCESS_WRITE);
$this->opt_role->setRoleActions($va_actions);
$this->opt_role->update();
ca_users::$s_user_action_access_cache = array();
$vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit");
$this->assertTrue($vb_access);
}
