public function testNestedSubPermission()
{
$this->getACL()->setCaching(false);
$this->getACL()->removeObjectRules('jarves/node');
$tokenStorage = $this->getTokenStorage();
$token = new UsernamePasswordToken(UserQuery::create()->findOneByUsername('test'), null, "main");
$tokenStorage->setToken($token);
$user = $this->getPageStack()->getUser();
$this->assertEquals('test', $user->getUsername());
$domain = DomainQuery::create()->findOne();
$root = NodeQuery::create()->findRoot($domain->getId());
$subNode = new Node();
$subNode->setTitle('TestNode tree');
$subNode->insertAsFirstChildOf($root);
$subNode->save();
$subNode2 = new Node();
$subNode2->setTitle('TestNode sub');
$subNode2->insertAsFirstChildOf($subNode);
$subNode2->save();
//make access for all
$rule = new Acl();
$rule->setAccess(true);
$rule->setObject('jarves/node');
$rule->setTargetType(\Jarves\ACL::TARGET_TYPE_USER);
$rule->setTargetId($user->getId());
$rule->setMode(\Jarves\ACL::MODE_ALL);
$rule->setConstraintType(\Jarves\ACL::CONSTRAINT_ALL);
$rule->setPrio(2);
$rule->save();
//revoke access for all children of `TestNode tree`
$rule2 = new Acl();
$rule2->setAccess(false);
$rule2->setObject('jarves/node');
$rule2->setTargetType(\Jarves\ACL::TARGET_TYPE_USER);
$rule2->setTargetId($user->getId());
$rule2->setMode(\Jarves\ACL::MODE_ALL);
$rule2->setConstraintType(\Jarves\ACL::CONSTRAINT_CONDITION);
$rule2->setConstraintCode(json_encode(['title', '=', 'TestNode tree']));
$rule2->setPrio(3);
$rule2->setSub(true);
$rule2->save();
$this->getCacher()->invalidateCache('core');
$node1RequestListing = ACLRequest::create('jarves/node', $subNode->getId())->onlyListingMode();
$node2RequestListing = ACLRequest::create('jarves/node', $subNode2->getId())->onlyListingMode();
$this->assertFalse($this->getACL()->check($node1RequestListing));
$this->assertFalse($this->getACL()->check($node2RequestListing));
$items = $this->getObjects()->getBranch('jarves/node', $subNode->getId(), null, 1, null, ['permissionCheck' => true]);
$this->assertNull($items, 'rule2 revokes the access to all elements');
$item = $this->getObjects()->get('jarves/node', $subNode2->getId(), ['permissionCheck' => true]);
$this->assertNull($item);
// Deactivate sub
$rule2->setSub(false);
$rule2->save();
$this->assertFalse($this->getACL()->check($node1RequestListing));
$this->assertTrue($this->getACL()->check($node2RequestListing));
$items = $this->getObjects()->getBranch('jarves/node', $subNode->getId(), null, 1, null, ['permissionCheck' => true]);
$this->assertEquals('TestNode sub', $items[0]['title'], 'We got TestNode sub');
$item = $this->getObjects()->get('jarves/node', $subNode2->getId(), ['permissionCheck' => true]);
$this->assertEquals('TestNode sub', $item['title'], 'We got TestNode sub');
// Activate access
$rule2->setAccess(true);
$rule2->save();
$this->assertTrue($this->getACL()->check($node1RequestListing));
$this->assertTrue($this->getACL()->check($node2RequestListing));
$items = $this->getObjects()->getBranch('jarves/node', $subNode->getId(), null, 1, null, ['permissionCheck' => true]);
$this->assertEquals('TestNode sub', $items[0]['title'], 'We got TestNode sub');
$subNode->delete();
$subNode2->delete();
$rule->delete();
$rule2->delete();
$this->getACL()->setCaching(true);
}
