/**
* inspect update of one record (before update)
*
* @param Tinebase_Record_Interface $_record the update record
* @param Tinebase_Record_Interface $_oldRecord the current persistent record
* @return void
* @throws Tinebase_Exception_Record_NotAllowed
*
* @todo if shared -> personal remove all admins except new owner
*/
protected function _inspectBeforeUpdate($_record, $_oldRecord)
{
if ($_oldRecord->application_id !== $_record->application_id) {
throw new Tinebase_Exception_Record_NotAllowed('It is not allowed to change the application of a container.');
}
$_record->account_grants = $this->_convertGrantsToRecordSet($_record->account_grants);
Tinebase_Container::getInstance()->checkContainerOwner($_record);
$this->_containerController->setGrants($_record, $_record->account_grants, TRUE, FALSE);
}
/**
* testGetSearchContainerWithoutReadButWithAdminGrant
*/
public function testGetSearchContainerWithoutReadButWithAdminGrant()
{
$newGrants = new Tinebase_Record_RecordSet('Tinebase_Model_Grants');
$newGrants->addRecord(new Tinebase_Model_Grants(array('account_id' => Tinebase_Core::getUser()->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_READ => false, Tinebase_Model_Grants::GRANT_ADD => true, Tinebase_Model_Grants::GRANT_EDIT => true, Tinebase_Model_Grants::GRANT_DELETE => true, Tinebase_Model_Grants::GRANT_ADMIN => true)));
$grants = $this->_instance->setGrants($this->objects['initialContainer'], $newGrants);
$container = $this->_instance->getContainerById($this->objects['initialContainer']);
$this->assertTrue(is_object($container));
$containers = $this->_instance->getPersonalContainer(Tinebase_Core::getUser(), 'Addressbook', Tinebase_Core::getUser(), Tinebase_Model_Grants::GRANT_READ);
$container = $containers->find('name', $this->objects['initialContainer']->name);
$this->assertTrue(is_object($container));
}
/**
* cache invalidation needs a second
*/
public function testSetGrantsCacheInvalidation()
{
$container = $this->objects['initialContainer'];
$sclever = Tinebase_Helper::array_value('sclever', Zend_Registry::get('personas'));
$this->assertEquals(FALSE, $this->_instance->hasGrant($sclever->getId(), $container->getId(), Tinebase_Model_Grants::GRANT_READ), 'sclever should _not_ have a read grant');
// have readGrant for sclever
$this->_instance->setGrants($container->getId(), new Tinebase_Record_RecordSet('Tinebase_Model_Grants', array(array('account_id' => Tinebase_Core::getUser()->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_ADMIN => true), array('account_id' => $sclever->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_READ => true))), TRUE);
sleep(1);
$this->assertEquals(TRUE, $this->_instance->hasGrant($sclever->getId(), $container->getId(), Tinebase_Model_Grants::GRANT_READ), 'sclever _should have_ a read grant');
// remove readGrant for sclever again
$this->_instance->setGrants($container->getId(), new Tinebase_Record_RecordSet('Tinebase_Model_Grants', array(array('account_id' => Tinebase_Core::getUser()->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_ADMIN => true), array('account_id' => $sclever->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_READ => false))), TRUE);
sleep(1);
$this->assertEquals(FALSE, $this->_instance->hasGrant($sclever->getId(), $container->getId(), Tinebase_Model_Grants::GRANT_READ), 'sclever should _not_ have a read grant');
}
