public static function setUpBeforeClass() { parent::setUpBeforeClass(); SecurityTestHelper::createSuperAdmin(); AllPermissionsOptimizationUtil::rebuild(); $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME); $everyoneGroup->save(); $super = User::getByUsername('super'); //Steven have access to missions module $steven = UserTestHelper::createBasicUser('steven'); $steven->setRight('MissionsModule', MissionsModule::RIGHT_ACCESS_MISSIONS); $steven->save(); //Jack dont have acess to missions module $jack = UserTestHelper::createBasicUser('jack'); $mission = new Mission(); $mission->owner = $super; $mission->takenByUser = $steven; $mission->description = 'My test description'; $mission->reward = 'My test reward'; $mission->status = Mission::STATUS_AVAILABLE; $mission->addPermissions($everyoneGroup, Permission::READ_WRITE); assert($mission->save()); // Not Coding Standard AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($mission, $everyoneGroup); }
public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("User")'); $gameRewards = array(); $gameRewardRandomData = ZurmoRandomDataUtil::getRandomDataByModuleAndModelClassNames('GameRewardsModule', 'GameReward'); for ($i = 0; $i < 10; $i++) { $gameReward = new GameReward(); $gameReward->name = $gameRewardRandomData['names'][$i]; $gameReward->owner = $demoDataHelper->getRandomByModelName('User'); $gameReward->cost = mt_rand(1, 10); $gameReward->quantity = mt_rand(1, 20); for ($j = 0; $j < 5; $j++) { $gameRewardTransaction = new GameRewardTransaction(); $gameRewardTransaction->person = $demoDataHelper->getRandomByModelName('User'); $gameRewardTransaction->quantity = mt_rand(1, 3); $gameReward->transactions->add($gameRewardTransaction); } $gameReward->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $gameReward->save(); if (!$saved) { throw new FailedToSaveModelException(); } $gameReward = GameReward::getById($gameReward->id); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($gameReward, Group::getByName(Group::EVERYONE_GROUP_NAME)); $gameReward->save(); $gameRewards[] = $gameReward->id; } $demoDataHelper->setRangeByModelName('GameReward', $gameRewards[0], $gameRewards[count($gameRewards) - 1]); }
/** * @param DemoDataHelper $demoDataHelper */ public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("User")'); $missions = array(); foreach (self::getMissionData() as $randomMissionData) { $postData = array(); $mission = new Mission(); $mission->setScenario('importModel'); $mission->status = Mission::STATUS_AVAILABLE; $mission->owner = $demoDataHelper->getRandomByModelName('User'); $mission->createdByUser = $mission->owner; $mission->description = $randomMissionData['description']; $mission->reward = $randomMissionData['reward']; //Add some comments foreach ($randomMissionData['comments'] as $commentDescription) { $comment = new Comment(); $comment->setScenario('importModel'); $comment->createdByUser = $demoDataHelper->getRandomByModelName('User'); $comment->description = $commentDescription; $mission->comments->add($comment); } $mission->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $mission->save(); assert('$saved'); $mission = Mission::getById($mission->id); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($mission, Group::getByName(Group::EVERYONE_GROUP_NAME)); $mission->save(); $missions[] = $mission->id; } $demoDataHelper->setRangeByModelName('Mission', $missions[0], $missions[count($missions) - 1]); }
public function testCreateAndGetMissionById() { $super = User::getByUsername('super'); $fileModel = ZurmoTestHelper::createFileModel(); $steven = UserTestHelper::createBasicUser('steven'); $steven->setRight('MissionsModule', MissionsModule::RIGHT_ACCESS_MISSIONS); $steven->save(); $dueStamp = DateTimeUtil::convertTimestampToDbFormatDateTime(time() + 10000); $mission = new Mission(); $mission->owner = $super; $mission->takenByUser = $steven; $mission->dueDateTime = $dueStamp; $mission->description = 'My test description'; $mission->reward = 'My test reward'; $mission->status = Mission::STATUS_AVAILABLE; $mission->files->add($fileModel); $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME); $mission->addPermissions($everyoneGroup, Permission::READ_WRITE); $this->assertTrue($mission->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($mission, $everyoneGroup); $id = $mission->id; $mission->forget(); unset($mission); $mission = Mission::getById($id); $this->assertEquals('My test description', $mission->description); $this->assertEquals('My test reward', $mission->reward); $this->assertEquals(Mission::STATUS_AVAILABLE, $mission->status); $this->assertEquals($super, $mission->owner); $this->assertEquals($steven, $mission->takenByUser); $this->assertEquals(1, $mission->files->count()); $this->assertEquals($fileModel, $mission->files->offsetGet(0)); $this->assertEquals($dueStamp, $mission->dueDateTime); $this->assertTrue(MissionsUtil::hasUserReadMissionLatest($mission, $super)); $this->assertFalse(MissionsUtil::hasUserReadMissionLatest($mission, $steven)); }
/** * @param DemoDataHelper $demoDataHelper */ public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("User")'); $marketingLists = array(); for ($this->index = 0; $this->index < 5; $this->index++) { $marketingList = new MarketingList(); $marketingList->owner = $demoDataHelper->getRandomByModelName('User'); $this->populateModel($marketingList); $marketingList->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $marketingList->save(); assert('$saved'); $marketingList = MarketingList::getById($marketingList->id); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($marketingList, Group::getByName(Group::EVERYONE_GROUP_NAME)); $marketingList->save(); $marketingLists[] = $marketingList->id; } $demoDataHelper->setRangeByModelName('MarketingList', $marketingLists[0], $marketingLists[count($marketingLists) - 1]); }
public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("MarketingList")'); $campaigns = array(); for ($this->index = 0; $this->index < 10; $this->index++) { $campaign = new Campaign(); $this->populateModel($campaign); $campaign->marketingList = $demoDataHelper->getRandomByModelName('MarketingList'); $campaign->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $campaign->save(); if (!$saved) { throw new FailedToSaveModelException(); } $campaign = Campaign::getById($campaign->id); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($campaign, Group::getByName(Group::EVERYONE_GROUP_NAME)); $campaign->save(); $campaigns[] = $campaign->id; } $demoDataHelper->setRangeByModelName('Campaign', $campaigns[0], $campaigns[count($campaigns) - 1]); }
/** * @param DemoDataHelper $demoDataHelper */ public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("User")'); $emailTemplates = array(); $types = array_keys(EmailTemplate::getTypeDropDownArray()); for ($this->index = 0; $this->index < 7; $this->index++) { $emailTemplate = new EmailTemplate(); $emailTemplate->type = $types[$this->index % 2]; $emailTemplate->owner = $demoDataHelper->getRandomByModelName('User'); $this->populateModel($emailTemplate); $emailTemplate->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $emailTemplate->save(); assert('$saved'); $emailTemplate = EmailTemplate::getById($emailTemplate->id); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($emailTemplate, Group::getByName(Group::EVERYONE_GROUP_NAME)); $emailTemplate->save(); $emailTemplates[] = $emailTemplate->id; } $demoDataHelper->setRangeByModelName('EmailTemplate', $emailTemplates[0], $emailTemplates[count($emailTemplates) - 1]); }
/** * @param DemoDataHelper $demoDataHelper */ public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("User")'); $contactStates = ContactState::getAll(); $statesBeginningWithStartingState = ContactsDemoDataMaker::getStatesBeforeOrStartingWithStartingState($contactStates); $contactWebForms = array(); for ($this->index = 0; $this->index < 5; $this->index++) { $contactWebForm = new ContactWebForm(); $contactWebForm->owner = $demoDataHelper->getRandomByModelName('User'); $contactWebForm->defaultOwner = $contactWebForm->owner; $contactWebForm->defaultState = RandomDataUtil::getRandomValueFromArray($statesBeginningWithStartingState); $this->populateModel($contactWebForm); $contactWebForm->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $contactWebForm->save(); assert('$saved'); $contactWebForm = ContactWebForm::getById($contactWebForm->id); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm, Group::getByName(Group::EVERYONE_GROUP_NAME)); $contactWebForm->save(); $contactWebForms[] = $contactWebForm->id; } $demoDataHelper->setRangeByModelName('ContactWebForm', $contactWebForms[0], $contactWebForms[count($contactWebForms) - 1]); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create superAccount owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super); //Test nobody, access to details of superAccount should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $superAccount->addPermissions($nobody, Permission::READ); $this->assertTrue($superAccount->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create meeting for an superAccount using the super user $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount); //Test nobody, access to edit, details and delete of meeting should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give nobody access to details view only Yii::app()->user->userModel = $super; $meeting->addPermissions($nobody, Permission::READ); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody); //Now access to meetings view by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Now access to meetings edit and delete by Nobody should fail $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give nobody access to both details and edit view Yii::app()->user->userModel = $super; $meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody); //Now access to meetings view and edit by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Now access to meetings delete by Nobody should fail $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //revoke the permission from the nobody user to access the meeting Yii::app()->user->userModel = $super; $meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody); //Now nobodys, access to edit, details and delete of meetings should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give nobody access to both details and edit view Yii::app()->user->userModel = $super; $meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody); //Now nobodys, access to delete of meetings should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create account owned by super $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $account2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($account2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a meeting owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $meeting2 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedBySuperForRole', $super, $account2); //Test userInChildRole, access to meetings details, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to meetings details, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give userInChildRole access to READ permision for meetings Yii::app()->user->userModel = $super; $meeting2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting2, $userInChildRole); //Test userInChildRole, access to meetings details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInChildRole, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to meetings details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInParentRole, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give userInChildRole access to read and write for the meetings Yii::app()->user->userModel = $super; $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole); //Test userInChildRole, access to meetings edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInChildRole, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to meetings edit should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInParentRole, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //revoke userInChildRole access to read and write meetings Yii::app()->user->userModel = $super; $meeting2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting2, $userInChildRole); //Test userInChildRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give userInChildRole access to read and write for the meetings Yii::app()->user->userModel = $super; $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole); //Test userInParentRole, access to delete should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS); $this->assertTrue($userInChildGroup->save()); //create account owned by super $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super); //Test userInParentGroup, access to details should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $account3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($account3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a meeting owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $meeting3 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('mettingCreatedBySuperForGroup', $super, $account3); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_ACCESS_MEETINGS); $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_CREATE_MEETINGS); $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_DELETE_MEETINGS); $this->assertTrue($userInChildGroup->save()); //Test userInParentGroup, access to meetings details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInChildGroup, access to meetings details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $meeting3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($meeting3, $parentGroup); //Test userInParentGroup, access to meetings details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInParentGroup, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInChildGroup, access to meetings details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInChildGroup, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($meeting3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup); //Test userInParentGroup, access to edit meetings should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInParentGroup, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInChildGroup, access to edit meetings should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInChildGroup, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //revoke parentGroup access to meetings read and write Yii::app()->user->userModel = $super; $meeting3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($meeting3, $parentGroup); //Test userInChildGroup, access to meetings detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentGroup, access to meetings detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup); //Test userInChildGroup, access to meetings delete should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create project owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super); //Test nobody, access to edit and details should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete'); //give nobody access to read Yii::app()->user->userModel = $super; $project->addPermissions($nobody, Permission::READ); $this->assertTrue($project->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $project->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); //Test nobody, access to edit should fail. $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete'); $projectId = $project->id; $project->forget(); $project = Project::getById($projectId); //give nobody access to read and write Yii::app()->user->userModel = $super; $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); //TODO :Its wierd that giving opportunity errors $this->assertTrue($project->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody); //Now the nobody user should be able to access the edit view and still the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $project->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); $projectId = $project->id; $project->forget(); $project = Project::getById($projectId); //revoke nobody access to read Yii::app()->user->userModel = $super; $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($project->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody); //Test nobody, access to detail should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create project owned by super $project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $project2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($project2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); $projectId = $project2->id; $project2->forget(); $project2 = Project::getById($projectId); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($project2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project2, $userInChildRole); //Test userInChildRole, access to edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); $projectId = $project2->id; $project2->forget(); $project2 = Project::getById($projectId); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($project2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project2, $userInChildRole); //Test userInChildRole, access to detail should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //Test userInParentRole, access to detail should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to Products and creation of Products. $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_ACCESS_PROJECTS); $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_CREATE_PROJECTS); $this->assertTrue($userInChildGroup->save()); //create project owned by super $project3 = ProjectTestHelper::createProjectByNameForOwner('testingParentGroupPermission', $super); //Test userInParentGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //Test userInChildGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $project3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($project3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($project3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); $projectId = $project3->id; $project3->forget(); $project3 = Project::getById($projectId); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($project3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($project3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($project3, $parentGroup); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); $projectId = $project3->id; $project3->forget(); $project3 = Project::getById($projectId); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($project3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($project3, $parentGroup); //Test userInChildGroup, access to detail should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //Test userInParentGroup, access to detail should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); //clear up the role relationships between users so not to effect next assertions $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create contact web form owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super); //Test nobody, access to edit and details should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $contactWebForm->addPermissions($nobody, Permission::READ); $this->assertTrue($contactWebForm->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); //Test nobody, access to edit should fail. $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm->id; $contactWebForm->forget(); $contactWebForm = ContactWebForm::getById($contactWebFormId); //give nobody access to read and write Yii::app()->user->userModel = $super; $contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody); //Now the nobody user should be able to access the edit view and still the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm->id; $contactWebForm->forget(); $contactWebForm = ContactWebForm::getById($contactWebFormId); //revoke nobody access to read Yii::app()->user->userModel = $super; $contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody); //Test nobody, access to detail should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create web form owned by super $contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $contactWebForm2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($contactWebForm2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); $contactWebFormId = $contactWebForm2->id; $contactWebForm2->forget(); $contactWebForm2 = ContactWebForm::getById($contactWebFormId); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $contactWebForm2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm2, $userInChildRole); //Test userInChildRole, access to edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm2->id; $contactWebForm2->forget(); $contactWebForm2 = ContactWebForm::getById($contactWebFormId); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $contactWebForm2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($contactWebForm2, $userInChildRole); //Test userInChildRole, access to detail should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //Test userInParentRole, access to detail should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to ContactWebForms and creation of ContactWebForms. $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS); $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS); $this->assertTrue($userInChildGroup->save()); //create web form owned by super $contactWebForm3 = ContactWebFormTestHelper::createContactWebFormByName('testingParentGroupPermission', $super); //Test userInParentGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //Test userInChildGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $contactWebForm3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($contactWebForm3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($contactWebForm3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); $contactWebFormId = $contactWebForm3->id; $contactWebForm3->forget(); $contactWebForm3 = ContactWebForm::getById($contactWebFormId); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $contactWebForm3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($contactWebForm3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm3, $parentGroup); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm3->id; $contactWebForm3->forget(); $contactWebForm3 = ContactWebForm::getById($contactWebFormId); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $contactWebForm3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($contactWebForm3, $parentGroup); //Test userInChildGroup, access to detail should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //Test userInParentGroup, access to detail should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); //clear up the role relationships between users so not to effect next assertions $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create lead owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super); //Test nobody, access to edit, details and delete should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give nobody access to read Yii::app()->user->userModel = $super; $lead->addPermissions($nobody, Permission::READ); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test nobody, access to edit and delete should fail. $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give nobody access to read and write Yii::app()->user->userModel = $super; $lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody); //Now the nobody user should be able to access the edit view and still the details view Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test nobody, access to delete should fail. $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //revoke nobody access to read Yii::app()->user->userModel = $super; $lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody); //Test nobody, access to detail, edit and delete should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give nobody access to read, write and delete Yii::app()->user->userModel = $super; $lead->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody); //now nobody should be able to delete a lead Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index')); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create lead owned by super $lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super); //Test userInChildRole, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $lead2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInChildRole, access to edit and delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInParentRole, access to edit and delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole); //Test userInChildRole, access to edit and delete should not fail and also detaisl view must be accessible. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInChildRole, access to delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInParentRole, access to delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $lead2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead2, $userInChildRole); //Test userInChildRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give userInChildRole access to read, write and delete Yii::app()->user->userModel = $super; $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole); //Test userInParentRole, access to delete should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index')); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to leads and creation of leads. $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS); $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS); $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS); $this->assertTrue($userInChildGroup->save()); //create lead owned by super $lead3 = LeadTestHelper::createLeadByNameForOwner('leadsParentGroupPermission', $super); //Test userInParentGroup, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInChildGroup, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $lead3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($lead3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInParentGroup, access to delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInChildGroup, access to edit and details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInChildGroup, access to edit and delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $lead3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($lead3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInParentGroup, access to delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInChildGroup, access to delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $lead3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($lead3, $parentGroup); //Test userInChildGroup, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentGroup, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give parentGroup access to read, write and delete Yii::app()->user->userModel = $super; $lead3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup); //Test userInChildGroup, access to delete should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index')); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * Given a SecurableItem, add and remove permissions * based on what the provided ExplicitReadWriteModelPermissions indicates should be done. * Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user * can effectively add permissions even if the current user is no longer the owner. * @param SecurableItem $securableItem * @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions * @param bool $validate * @return bool|void * @throws NotSupportedException */ public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate = false) { assert('$securableItem->id > 0'); $optimizeReadPermissions = $securableItem::hasReadPermissionsOptimization(); $securableItem->setTreatCurrentUserAsOwnerForPermissions(true); $saveSecurableItem = false; if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) { if ($securableItem->addPermissions($permitable, Permission::READ) && $optimizeReadPermissions) { if ($permitable instanceof Group) { AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem); } elseif ($permitable instanceof User) { AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem); } else { throw new NotSupportedException(); } } } } if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) { if ($securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER) && $optimizeReadPermissions) { if ($permitable instanceof Group) { AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem); } elseif ($permitable instanceof User) { AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem); } else { throw new NotSupportedException(); } } } } if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) { $securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW); if ($optimizeReadPermissions) { if ($permitable instanceof Group) { AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem); } elseif ($permitable instanceof User) { AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem); } else { throw new NotSupportedException(); } } } } if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) { $securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW); if ($optimizeReadPermissions) { if ($permitable instanceof Group) { AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem); } elseif ($permitable instanceof User) { AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem); } else { throw new NotSupportedException(); } } } } if ($saveSecurableItem) { $setBackToProcess = false; if ($securableItem->shouldProcessWorkflowOnSave()) { $securableItem->setDoNotProcessWorkflowOnSave(); $setBackToProcess = true; } $saved = $securableItem->save($validate); if ($setBackToProcess) { $securableItem->setProcessWorkflowOnSave(); } $securableItem->setTreatCurrentUserAsOwnerForPermissions(false); return $saved; } $securableItem->setTreatCurrentUserAsOwnerForPermissions(false); return true; }
protected function makeEmailMessage(Contact $contact, $subject = null) { $interval = mt_rand(4, 35) * 86400; if (!isset($subject)) { $subject = 'A test archived sent email'; } //#1 Create Archived - Sent $emailMessage = new EmailMessage(); $emailMessage->setScenario('importModel'); $emailMessage->owner = $contact->owner; $emailMessage->subject = $subject; $emailContent = new EmailMessageContent(); $emailContent->textContent = 'My First Message'; $emailContent->htmlContent = 'Some fake HTML content'; $emailMessage->content = $emailContent; //Sending is current user (super) $sender = new EmailMessageSender(); $sender->fromAddress = '*****@*****.**'; $sender->fromName = 'Super User'; $sender->personsOrAccounts->add(Yii::app()->user->userModel); $emailMessage->sender = $sender; //Recipient is BobMessage $recipient = new EmailMessageRecipient(); $recipient->toAddress = '*****@*****.**'; $recipient->toName = strval($contact); $recipient->personsOrAccounts->add($contact); $recipient->type = EmailMessageRecipient::TYPE_TO; $emailMessage->recipients->add($recipient); $emailMessage->folder = EmailFolder::getByBoxAndType($this->emailBox, EmailFolder::TYPE_SENT); $emailMessage->createdDateTime = DateTimeUtil::convertTimestampToDbFormatDateTime(time() - $interval); $emailMessage->sentDateTime = DateTimeUtil::convertTimestampToDbFormatDateTime(time() - $interval + mt_rand(0, 3) * 86400); $emailMessage->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $emailMessage->save(); if (!$saved) { throw new FailedToSaveModelException(); } $emailMessage = EmailMessage::getById($emailMessage->id); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($emailMessage, Group::getByName(Group::EVERYONE_GROUP_NAME)); $emailMessage->save(); return $emailMessage; }
/** * Add demo tasks for the project * @param type $project */ protected static function addDemoTasks($project, $taskInputCount = 1, &$demoDataHelper) { $randomTasks = self::getRandomTasks(); for ($i = 0; $i < count($randomTasks); $i++) { $task = new Task(); $task->name = $randomTasks[$i]['name']; $task->owner = $demoDataHelper->getRandomByModelName('User'); $task->requestedByUser = $demoDataHelper->getRandomByModelName('User'); $task->completedDateTime = '0000-00-00 00:00:00'; $task->project = $project; $task->status = Task::STATUS_NEW; $task->save(); //Notification subscriber $notificationSubscriber = new NotificationSubscriber(); $notificationSubscriber->person = $demoDataHelper->getRandomByModelName('User'); $notificationSubscriber->hasReadLatest = false; //Task check list items $task->notificationSubscribers->add($notificationSubscriber); $taskCheckListItems = $randomTasks[$i]['checkListItems']; foreach ($taskCheckListItems as $itemKey => $name) { $taskCheckListItem = new TaskCheckListItem(); $taskCheckListItem->name = $name; if ($itemKey * $i * rand(5, 100) % 3 == 0) { $taskCheckListItem->completed = true; } $task->checkListItems->add($taskCheckListItem); ProjectsUtil::logTaskCheckItemEvent($task, $taskCheckListItem); } //Comments $commentItems = $randomTasks[$i]['comments']; foreach ($commentItems as $description) { $comment = new Comment(); $comment->description = $description; $comment->setScenario('importModel'); $comment->createdByUser = $demoDataHelper->getRandomByModelName('User'); $task->comments->add($comment); ProjectsUtil::logAddCommentEvent($task, strval($comment)); } //Add Super user $comment = new Comment(); $comment->description = 'Versatile idea regarding the task'; $task->comments->add($comment); $task->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $task->save(); $currentStatus = $task->status; ProjectsUtil::logAddTaskEvent($task); $task = Task::getById($task->id); $task->status = RandomDataUtil::getRandomValueFromArray(self::getTaskStatusOptions()); $task->save(); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($task, Group::getByName(Group::EVERYONE_GROUP_NAME)); $task->save(); ProjectsUtil::logTaskStatusChangeEvent($task, Task::getStatusDisplayName($currentStatus), Task::getStatusDisplayName(intval($task->status))); } }