public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
SecurityTestHelper::createSuperAdmin();
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
Currency::makeBaseCurrency();
//Create a account for testing.
$account = AccountTestHelper::createAccountByNameForOwner('superAccount', $super);
//Create a opportunity for testing.
OpportunityTestHelper::createOpportunityWithAccountByNameForOwner('superOpp', $super, $account);
//Create a two contacts for testing.
ContactTestHelper::createContactWithAccountByNameForOwner('superContact1', $super, $account);
ContactTestHelper::createContactWithAccountByNameForOwner('superContact2', $super, $account);
//Create a note for testing.
NoteTestHelper::createNoteWithOwnerAndRelatedAccount('superNote', $super, $account);
}
public function testRenderSummaryContentWithNote()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$billy = User::getByUsername('billy');
$account = AccountTestHelper::createAccountByNameForOwner('noteAccount', $super);
$note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('aMeeting', $super, $account);
$content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL, 'HomeModule');
$content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER, 'HomeModule');
$content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL, 'UserModule');
$content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER, 'UserModule');
}
public function testAddingNoteAndDeletingNoteAndThenTheSocialItemsAreRemoved()
{
$super = User::getByUsername('super');
$this->assertEquals(0, SocialItem::getCount());
$accounts = Account::getByName('anAccount');
$note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('aNote', $super, $accounts[0]);
$socialItem = new SocialItem();
$socialItem->description = 'My test description';
$socialItem->note = $note;
$saved = $socialItem->save();
$this->assertTrue($saved);
$socialItemId = $socialItem->id;
$noteId = $note->id;
$note->forget();
$this->assertEquals(1, SocialItem::getCount());
$note = Note::getById($noteId);
$deleted = $note->delete();
$this->assertTrue($deleted);
$this->assertEquals(0, SocialItem::getCount());
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create superAccount owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
//Test nobody, access to edit and details of superAccount should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$superAccount->addPermissions($nobody, Permission::READ);
$this->assertTrue($superAccount->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create note for an superAccount using the super user
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount);
//Test nobody, access to edit and details of notes should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give nobody access to details view only
Yii::app()->user->userModel = $super;
$note->addPermissions($nobody, Permission::READ);
$this->assertTrue($note->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($note, $nobody);
//Now access to notes view by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Now access to notes edit and delete by Nobody should fail
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$note->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($note, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody);
//Now access to notes view and edit by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Now access to notes delete by Nobody should fail
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//revoke the permission from the nobody user to access the note
Yii::app()->user->userModel = $super;
$note->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($note, $nobody);
//Now nobodys, access to edit, details and delete of notes should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give nobody access to details, edit and delete view
Yii::app()->user->userModel = $super;
$note->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($note->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody);
//Now nobodys, access to delete of notes should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create account owned by super
$account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$account2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($account2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a note owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$note2 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForRole', $super, $account2);
//Test userInChildRole, access to notes details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentRole, access to notes details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give userInChildRole access to READ permision for notes
Yii::app()->user->userModel = $super;
$note2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($note2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($note2, $userInChildRole);
//Test userInChildRole, access to notes details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Test userInChildRole, access to notes edit and delete should fail.
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentRole, access to notes details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Test userInParentRole, access to notes edit and delete should fail.
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give userInChildRole access to read and write for the notes
Yii::app()->user->userModel = $super;
$note2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($note2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note2, $userInChildRole);
//Test userInChildRole, access to notes edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Test userInChildRole, access to notes delete should fail.
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentRole, access to notes edit should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Test userInParentRole, access to notes delete should fail.
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//revoke userInChildRole access to read and write notes
Yii::app()->user->userModel = $super;
$note2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($note2, $userInChildRole);
//Test userInChildRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $note2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give userInChildRole access to read, write and delete for the notes
Yii::app()->user->userModel = $super;
$note2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
$this->assertTrue($note2->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note2, $userInChildRole);
//Test userInParentRole, access to delete should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$this->assertTrue($userInChildGroup->save());
//create account owned by super
$account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
//Test userInParentGroup, access to details should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$account3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($account3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a note owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$note3 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForGroup', $super, $account3);
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_ACCESS_NOTES);
$userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_CREATE_NOTES);
$userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_DELETE_NOTES);
$this->assertTrue($userInChildGroup->save());
//Test userInParentGroup, access to notes details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInChildGroup, access to notes details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$note3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($note3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($note3, $parentGroup);
//Test userInParentGroup, access to notes details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Test userInParentGroup, access to notes edit and delete should fail.
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInChildGroup, access to notes details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Test userInChildGroup, access to notes edit and delete should fail.
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$note3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($note3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($note3, $parentGroup);
//Test userInParentGroup, access to edit notes should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Test userInParentGroup, access to notes delete should fail.
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInChildGroup, access to edit notes should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $note3->id));
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Test userInChildGroup, access to notes delete should fail.
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//revoke parentGroup access to notes read and write
Yii::app()->user->userModel = $super;
$note3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($note3, $parentGroup);
//Test userInChildGroup, access to notes detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentGroup, access to notes detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give parentGroup access to read, write and delete
Yii::app()->user->userModel = $super;
$note3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
$this->assertTrue($note3->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($note3, $parentGroup);
//Test userInChildGroup, access to notes delete should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
protected function addNote()
{
$this->checkActivityItemRelationCount('Note', 'First Note', 0);
NoteTestHelper::createNoteWithOwnerAndRelatedAccount('First Note', Yii::app()->user->userModel, $this->selectedModels[1]);
}
/**
* @depends testUnprivilegedUserViewUpdateDeleteNotes
*/
public function testSearchNotes()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$anotherUser = User::getByUsername('steven');
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$firstAccount = AccountTestHelper::createAccountByNameTypeAndIndustryForOwner('First Account', 'Customer', 'Automotive', $super);
$secondAccount = AccountTestHelper::createAccountByNameTypeAndIndustryForOwner('Second Account', 'Customer', 'Automotive', $super);
NoteTestHelper::createNoteWithOwnerAndRelatedAccount('First Note', $super, $firstAccount);
NoteTestHelper::createNoteWithOwnerAndRelatedAccount('Second Note', $super, $firstAccount);
NoteTestHelper::createNoteWithOwnerAndRelatedAccount('Third Note', $super, $secondAccount);
NoteTestHelper::createNoteWithOwnerAndRelatedAccount('Forth Note', $anotherUser, $secondAccount);
NoteTestHelper::createNoteWithOwnerAndRelatedAccount('Fifth Note', $super, $firstAccount);
$searchParams = array('pagination' => array('page' => 1, 'pageSize' => 3), 'search' => array('description' => ''), 'sort' => 'description');
$searchParamsQuery = http_build_query($searchParams);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(3, count($response['data']['items']));
$this->assertEquals(5, $response['data']['totalCount']);
$this->assertEquals(1, $response['data']['currentPage']);
$this->assertEquals('Fifth Note', $response['data']['items'][0]['description']);
$this->assertEquals('First Note', $response['data']['items'][1]['description']);
$this->assertEquals('Forth Note', $response['data']['items'][2]['description']);
// Second page
$searchParams['pagination']['page'] = 2;
$searchParamsQuery = http_build_query($searchParams);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(2, count($response['data']['items']));
$this->assertEquals(5, $response['data']['totalCount']);
$this->assertEquals(2, $response['data']['currentPage']);
$this->assertEquals('Second Note', $response['data']['items'][0]['description']);
$this->assertEquals('Third Note', $response['data']['items'][1]['description']);
// Search by name
$searchParams['pagination']['page'] = 1;
$searchParams['search']['description'] = 'First Note';
$searchParamsQuery = http_build_query($searchParams);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(1, count($response['data']['items']));
$this->assertEquals(1, $response['data']['totalCount']);
$this->assertEquals(1, $response['data']['currentPage']);
$this->assertEquals('First Note', $response['data']['items'][0]['description']);
// No results
$searchParams['pagination']['page'] = 1;
$searchParams['search']['description'] = 'First Note 2';
$searchParamsQuery = http_build_query($searchParams);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(0, $response['data']['totalCount']);
$this->assertFalse(isset($response['data']['items']));
// Search by name desc.
$searchParams = array('pagination' => array('page' => 1, 'pageSize' => 3), 'search' => array('description' => ''), 'sort' => 'description.desc');
$searchParamsQuery = http_build_query($searchParams);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(3, count($response['data']['items']));
$this->assertEquals(5, $response['data']['totalCount']);
$this->assertEquals(1, $response['data']['currentPage']);
$this->assertEquals('Third Note', $response['data']['items'][0]['description']);
$this->assertEquals('Second Note', $response['data']['items'][1]['description']);
$this->assertEquals('Forth Note', $response['data']['items'][2]['description']);
// Second page
$searchParams['pagination']['page'] = 2;
$searchParamsQuery = http_build_query($searchParams);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(2, count($response['data']['items']));
$this->assertEquals(5, $response['data']['totalCount']);
$this->assertEquals(2, $response['data']['currentPage']);
$this->assertEquals('First Note', $response['data']['items'][0]['description']);
$this->assertEquals('Fifth Note', $response['data']['items'][1]['description']);
// Search by owner, order by name desc
$searchParams = array('pagination' => array('page' => 1, 'pageSize' => 3), 'search' => array('owner' => array('id' => $super->id)), 'sort' => 'description.desc');
$searchParamsQuery = http_build_query($searchParams);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(4, $response['data']['totalCount']);
$this->assertEquals(3, count($response['data']['items']));
$this->assertEquals(1, $response['data']['currentPage']);
$this->assertEquals('Third Note', $response['data']['items'][0]['description']);
$this->assertEquals('Second Note', $response['data']['items'][1]['description']);
$this->assertEquals('First Note', $response['data']['items'][2]['description']);
// Second page
$searchParams['pagination']['page'] = 2;
$searchParamsQuery = http_build_query($searchParams);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(1, count($response['data']['items']));
$this->assertEquals(4, $response['data']['totalCount']);
$this->assertEquals(2, $response['data']['currentPage']);
$this->assertEquals('Fifth Note', $response['data']['items'][0]['description']);
// Search by account, order by name desc
$searchParams = array('pagination' => array('page' => 1, 'pageSize' => 3), 'search' => array('activityItems' => array('id' => $firstAccount->getClassId('Item'))), 'sort' => 'description.desc');
$searchParamsQuery = http_build_query($searchParams);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals(3, count($response['data']['items']));
$this->assertEquals(3, $response['data']['totalCount']);
$this->assertEquals(1, $response['data']['currentPage']);
$this->assertEquals('Second Note', $response['data']['items'][0]['description']);
$this->assertEquals('First Note', $response['data']['items'][1]['description']);
$this->assertEquals('Fifth Note', $response['data']['items'][2]['description']);
}
/**
* @depends testNobodyCanReadWriteDeleteAndStrValOfNoteFunctionsCorrectly
*/
public function testAUserCanDeleteANoteNotOwnedButHasExplicitDeletePermission()
{
//Create superAccount owned by user super.
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$superAccount = AccountTestHelper::createAccountByNameForOwner('AccountTest', $super);
//create a nobody user
$nobody = User::getByUsername('nobody');
//create note for an superAccount using the super user
$note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount);
//give nobody access to both details, edit and delete view in order to check the delete of a note
Yii::app()->user->userModel = User::getByUsername('super');
$nobody->forget();
$nobody = User::getByUsername('nobody');
$note->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($note->save());
Yii::app()->user->userModel = User::getByUsername('nobody');
$noteId = $note->id;
$note->forget();
$note = Note::getById($noteId);
$note->delete();
}
