public function testRightsPropagationViaRoles()
{
$parentRole = Role::getByName('Sales Manager');
$childRole = Role::getByName('Sales Person');
$childChildRole = Role::getByName('Junior Sales Person');
$userInParentRole = $parentRole->users[0];
$userInChildRole = $childRole->users[0];
$userInChildChildRole = $childChildRole->users[0];
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInChildRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInParentRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
$this->assertTrue($userInParentRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInParentRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInParentRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
$this->assertTrue($userInChildRole->save());
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInParentRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInParentRole->save());
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInParentRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInParentRole->save());
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInChildRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInChildRole->save());
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInChildChildRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
Right::deleteAll();
//Clear the cache since the method above removeAll calls directly to the database.
RightsCache::forgetAll();
$userInParentRoleId = $userInParentRole->id;
$userInChildRoleId = $userInChildRole->id;
$userInChildChildRoleId = $userInChildChildRole->id;
RedBeanModel::forgetAll();
unset($userInParentRole);
unset($userInChildRole);
unset($userInChildChildRole);
$userInParentRole = User::getById($userInParentRoleId);
$userInChildRole = User::getById($userInChildRoleId);
$userInChildChildRole = User::getById($userInChildChildRoleId);
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
}
