public function testDocsPermissions() { $auth = TestingAuxLib::loadAuthManagerMock(); TestingAuxLib::loadX2NonWebUser(); // user has docs update access $user = $this->users('testUser'); $auth->setAccess('AdminIndex', $user->id, array(), false); TestingAuxLib::suLogin('testuser'); $auth->setAccess('DocsAdmin', $user->id, array(), false); $auth->setAccess('DocsUpdateAccess', $user->id, array('X2Model' => new Docs()), true); // can't be edited since edit permissions list is empty $doc = $this->docs('0'); $this->assertFalse((bool) $doc->checkEditPermissions()); // "testuser" is in the edit permissions list $doc = $this->docs('1'); $this->assertTrue((bool) $doc->checkEditPermissions()); $doc = $this->docs('3'); $this->assertTrue((bool) $doc->checkEditPermissions()); // testuser created the the doc $doc = $this->docs('2'); $this->assertTrue((bool) $doc->checkEditPermissions()); // user has docs private update access $auth->clearCache(); $auth->setAccess('AdminIndex', $user->id, array(), false); $auth->setAccess('DocsAdmin', $user->id, array(), false); $auth->setAccess('DocsUpdateAccess', $user->id, array('X2Model' => new Docs()), false); $auth->setAccess('DocsPrivateUpdateAccess', $user->id, array('X2Model' => new Docs()), true); // can't be edited since edit permissions list is empty $doc = $this->docs('0'); $this->assertFalse((bool) $doc->checkEditPermissions()); // "testuser" is in the edit permissions list but since testuser only has private update // access, doc cannot be edited $doc = $this->docs('1'); $this->assertFalse((bool) $doc->checkEditPermissions()); $doc = $this->docs('3'); $this->assertFalse((bool) $doc->checkEditPermissions()); // testuser created the the doc, so they can edit it $doc = $this->docs('2'); $this->assertTrue((bool) $doc->checkEditPermissions()); // user has docs admin access $auth->clearCache(); $auth->setAccess('AdminIndex', $user->id, array(), false); $auth->setAccess('DocsAdmin', $user->id, array(), true); $auth->setAccess('DocsUpdateAccess', $user->id, array('X2Model' => new Docs()), false); $auth->setAccess('DocsPrivateUpdateAccess', $user->id, array('X2Model' => new Docs()), false); // user is docs admin $doc = $this->docs('0'); $this->assertTrue((bool) $doc->checkEditPermissions()); // user is docs admin $doc = $this->docs('1'); $this->assertTrue((bool) $doc->checkEditPermissions()); // user is docs admin $doc = $this->docs('2'); $this->assertTrue((bool) $doc->checkEditPermissions()); TestingAuxLib::restoreX2WebUser(); TestingAuxLib::restoreX2AuthManager(); }
/** * Test visibility and access criteria for each access level */ public function testReadAccessLevels() { $auth = TestingAuxLib::loadAuthManagerMock(); $user = $this->users('user2'); $contactGroupmate = $this->contacts('contactGroupmate'); $contactGroup = $this->contacts('contactGroup'); $contactAnyone = $this->contacts('contactAnyone'); $contactUserPrivate = $this->contacts('contactUserPrivate'); $contactOtherPrivate = $this->contacts('contactOtherPrivate'); $contactInvisible = $this->contacts('contactInvisible'); // private read only access $auth->setAccess('ContactsReadOnlyAccess', $user->id, array(), false); $auth->setAccess('ContactsPrivateReadOnlyAccess', $user->id, array(), true); TestingAuxLib::suLogin('testUser2'); $accessLevel = Contacts::model()->getAccessLevel(); $this->assertEquals(X2PermissionsBehavior::QUERY_SELF, $accessLevel); $contactGroup->asa('permissions')->clearCache(); $this->assertTrue($contactGroup->isVisibleTo(Yii::app()->getSuModel())); $contactGroupmate->asa('permissions')->clearCache(); $this->assertFalse($contactGroupmate->isVisibleTo(Yii::app()->getSuModel())); $contactAnyone->asa('permissions')->clearCache(); $this->assertFalse($contactAnyone->isVisibleTo(Yii::app()->getSuModel())); $contactUserPrivate->asa('permissions')->clearCache(); $this->assertTrue($contactUserPrivate->isVisibleTo(Yii::app()->getSuModel())); $contactOtherPrivate->asa('permissions')->clearCache(); $this->assertFalse($contactOtherPrivate->isVisibleTo(Yii::app()->getSuModel())); $contactInvisible->asa('permissions')->clearCache(); $this->assertFalse($contactInvisible->isVisibleTo(Yii::app()->getSuModel())); $criteria = Contacts::model()->getAccessCriteria(); $contacts = Contacts::model()->findAll($criteria); $this->assertEquals(2, count($contacts)); $this->assertEquals(2, count(array_intersect(array($contactGroup->id, $contactUserPrivate->id), array_map(function ($contact) { return $contact->id; }, $contacts)))); // read only access $auth->setAccess('ContactsReadOnlyAccess', $user->id, array(), true); $auth->setAccess('ContactsPrivateReadOnlyAccess', $user->id, array(), false); $accessLevel = Contacts::model()->getAccessLevel(); $this->assertEquals(X2PermissionsBehavior::QUERY_PUBLIC, $accessLevel); $contactGroup->asa('permissions')->clearCache(); $this->assertTrue($contactGroup->isVisibleTo(Yii::app()->getSuModel())); $contactGroupmate->asa('permissions')->clearCache(); $this->assertTrue($contactGroupmate->isVisibleTo(Yii::app()->getSuModel())); $contactAnyone->asa('permissions')->clearCache(); $this->assertTrue($contactAnyone->isVisibleTo(Yii::app()->getSuModel())); $contactUserPrivate->asa('permissions')->clearCache(); $this->assertTrue($contactUserPrivate->isVisibleTo(Yii::app()->getSuModel())); $contactOtherPrivate->asa('permissions')->clearCache(); $this->assertFalse($contactOtherPrivate->isVisibleTo(Yii::app()->getSuModel())); $contactInvisible->asa('permissions')->clearCache(); $this->assertFalse($contactInvisible->isVisibleTo(Yii::app()->getSuModel())); $criteria = Contacts::model()->getAccessCriteria(); $contacts = Contacts::model()->findAll($criteria); $this->assertEquals(4, count($contacts)); $this->assertEquals(4, count(array_intersect(array($contactGroup->id, $contactGroupmate->id, $contactAnyone->id, $contactUserPrivate->id), array_map(function ($contact) { return $contact->id; }, $contacts)))); // no access $auth->setAccess('ContactsReadOnlyAccess', $user->id, array(), false); $auth->setAccess('ContactsPrivateReadOnlyAccess', $user->id, array(), false); $accessLevel = Contacts::model()->getAccessLevel(); $this->assertEquals(X2PermissionsBehavior::QUERY_NONE, $accessLevel); $contactGroup->asa('permissions')->clearCache(); $this->assertFalse($contactGroup->isVisibleTo(Yii::app()->getSuModel())); $contactGroupmate->asa('permissions')->clearCache(); $this->assertFalse($contactGroupmate->isVisibleTo(Yii::app()->getSuModel())); $contactAnyone->asa('permissions')->clearCache(); $this->assertFalse($contactAnyone->isVisibleTo(Yii::app()->getSuModel())); $contactUserPrivate->asa('permissions')->clearCache(); $this->assertFalse($contactUserPrivate->isVisibleTo(Yii::app()->getSuModel())); $contactOtherPrivate->asa('permissions')->clearCache(); $this->assertFalse($contactOtherPrivate->isVisibleTo(Yii::app()->getSuModel())); $contactInvisible->asa('permissions')->clearCache(); $this->assertFalse($contactInvisible->isVisibleTo(Yii::app()->getSuModel())); $criteria = Contacts::model()->getAccessCriteria(); $contacts = Contacts::model()->findAll($criteria); $this->assertEquals(0, count($contacts)); $this->assertEquals(0, count(array_intersect(array(), array_map(function ($contact) { return $contact->id; }, $contacts)))); // all access $auth->setAccess('ContactsAdmin', $user->id, array(), true); $auth->setAccess('AdminIndex', $user->id, array(), true); $auth->setAccess('ContactsReadOnlyAccess', $user->id, array(), true); $auth->setAccess('ContactsBasicAccess', $user->id, array(), true); $auth->setAccess('ContactsFullAccess', $user->id, array(), true); $auth->setAccess('ContactsUpdateAccess', $user->id, array(), true); $accessLevel = Contacts::model()->getAccessLevel(); $this->assertEquals(X2PermissionsBehavior::QUERY_ALL, $accessLevel); $contactGroup->asa('permissions')->clearCache(); $this->assertTrue($contactGroup->isVisibleTo(Yii::app()->getSuModel())); $contactGroupmate->asa('permissions')->clearCache(); $this->assertTrue($contactGroupmate->isVisibleTo(Yii::app()->getSuModel())); $contactAnyone->asa('permissions')->clearCache(); $this->assertTrue($contactAnyone->isVisibleTo(Yii::app()->getSuModel())); $contactUserPrivate->asa('permissions')->clearCache(); $this->assertTrue($contactUserPrivate->isVisibleTo(Yii::app()->getSuModel())); $contactOtherPrivate->asa('permissions')->clearCache(); $this->assertTrue($contactOtherPrivate->isVisibleTo(Yii::app()->getSuModel())); $contactInvisible->asa('permissions')->clearCache(); $this->assertFalse($contactInvisible->isVisibleTo(Yii::app()->getSuModel())); $criteria = Contacts::model()->getAccessCriteria(); $contacts = Contacts::model()->findAll($criteria); $this->assertEquals(5, count($contacts)); $this->assertEquals(5, count(array_intersect(array($contactGroup->id, $contactGroupmate->id, $contactAnyone->id, $contactUserPrivate->id, $contactOtherPrivate->id), array_map(function ($contact) { return $contact->id; }, $contacts)))); $criteria = Contacts::model()->getAccessCriteria('t', 'X2PermissionsBehavior', true); $contacts = Contacts::model()->findAll($criteria); $this->assertEquals(6, count($contacts)); $this->assertEquals(6, count(array_intersect(array($contactGroup->id, $contactGroupmate->id, $contactAnyone->id, $contactUserPrivate->id, $contactOtherPrivate->id, $contactInvisible->id), array_map(function ($contact) { return $contact->id; }, $contacts)))); TestingAuxLib::restoreX2AuthManager(); }