public static function setUpBeforeClass() { parent::setUpBeforeClass(); SecurityTestHelper::createSuperAdmin(); $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; Currency::makeBaseCurrency(); //Create a account for testing. $account = AccountTestHelper::createAccountByNameForOwner('superAccount', $super); //Create a opportunity for testing. OpportunityTestHelper::createOpportunityWithAccountByNameForOwner('superOpp', $super, $account); //Create a two contacts for testing. ContactTestHelper::createContactWithAccountByNameForOwner('superContact1', $super, $account); ContactTestHelper::createContactWithAccountByNameForOwner('superContact2', $super, $account); //Create a note for testing. NoteTestHelper::createNoteWithOwnerAndRelatedAccount('superNote', $super, $account); }
public function testRenderSummaryContentWithNote() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $billy = User::getByUsername('billy'); $account = AccountTestHelper::createAccountByNameForOwner('noteAccount', $super); $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('aMeeting', $super, $account); $content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL, 'HomeModule'); $content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER, 'HomeModule'); $content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL, 'UserModule'); $content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER, 'UserModule'); }
public function testAddingNoteAndDeletingNoteAndThenTheSocialItemsAreRemoved() { $super = User::getByUsername('super'); $this->assertEquals(0, SocialItem::getCount()); $accounts = Account::getByName('anAccount'); $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('aNote', $super, $accounts[0]); $socialItem = new SocialItem(); $socialItem->description = 'My test description'; $socialItem->note = $note; $saved = $socialItem->save(); $this->assertTrue($saved); $socialItemId = $socialItem->id; $noteId = $note->id; $note->forget(); $this->assertEquals(1, SocialItem::getCount()); $note = Note::getById($noteId); $deleted = $note->delete(); $this->assertTrue($deleted); $this->assertEquals(0, SocialItem::getCount()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create superAccount owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super); //Test nobody, access to edit and details of superAccount should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $superAccount->addPermissions($nobody, Permission::READ); $this->assertTrue($superAccount->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create note for an superAccount using the super user $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount); //Test nobody, access to edit and details of notes should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give nobody access to details view only Yii::app()->user->userModel = $super; $note->addPermissions($nobody, Permission::READ); $this->assertTrue($note->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($note, $nobody); //Now access to notes view by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Now access to notes edit and delete by Nobody should fail $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give nobody access to both details and edit view Yii::app()->user->userModel = $super; $note->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($note, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody); //Now access to notes view and edit by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Now access to notes delete by Nobody should fail $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //revoke the permission from the nobody user to access the note Yii::app()->user->userModel = $super; $note->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($note, $nobody); //Now nobodys, access to edit, details and delete of notes should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give nobody access to details, edit and delete view Yii::app()->user->userModel = $super; $note->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($note->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody); //Now nobodys, access to delete of notes should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create account owned by super $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $account2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($account2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a note owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $note2 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForRole', $super, $account2); //Test userInChildRole, access to notes details, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentRole, access to notes details, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give userInChildRole access to READ permision for notes Yii::app()->user->userModel = $super; $note2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($note2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($note2, $userInChildRole); //Test userInChildRole, access to notes details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Test userInChildRole, access to notes edit and delete should fail. $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentRole, access to notes details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Test userInParentRole, access to notes edit and delete should fail. $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give userInChildRole access to read and write for the notes Yii::app()->user->userModel = $super; $note2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($note2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note2, $userInChildRole); //Test userInChildRole, access to notes edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Test userInChildRole, access to notes delete should fail. $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentRole, access to notes edit should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Test userInParentRole, access to notes delete should fail. $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //revoke userInChildRole access to read and write notes Yii::app()->user->userModel = $super; $note2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($note2, $userInChildRole); //Test userInChildRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $note2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give userInChildRole access to read, write and delete for the notes Yii::app()->user->userModel = $super; $note2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE); $this->assertTrue($note2->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note2, $userInChildRole); //Test userInParentRole, access to delete should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS); $this->assertTrue($userInChildGroup->save()); //create account owned by super $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super); //Test userInParentGroup, access to details should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $account3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($account3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a note owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $note3 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForGroup', $super, $account3); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_ACCESS_NOTES); $userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_CREATE_NOTES); $userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_DELETE_NOTES); $this->assertTrue($userInChildGroup->save()); //Test userInParentGroup, access to notes details, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInChildGroup, access to notes details, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $note3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($note3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($note3, $parentGroup); //Test userInParentGroup, access to notes details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Test userInParentGroup, access to notes edit and delete should fail. $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInChildGroup, access to notes details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Test userInChildGroup, access to notes edit and delete should fail. $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $note3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($note3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($note3, $parentGroup); //Test userInParentGroup, access to edit notes should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Test userInParentGroup, access to notes delete should fail. $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInChildGroup, access to edit notes should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $note3->id)); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Test userInChildGroup, access to notes delete should fail. $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //revoke parentGroup access to notes read and write Yii::app()->user->userModel = $super; $note3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($note3, $parentGroup); //Test userInChildGroup, access to notes detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentGroup, access to notes detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give parentGroup access to read, write and delete Yii::app()->user->userModel = $super; $note3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE); $this->assertTrue($note3->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($note3, $parentGroup); //Test userInChildGroup, access to notes delete should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
protected function addNote() { $this->checkActivityItemRelationCount('Note', 'First Note', 0); NoteTestHelper::createNoteWithOwnerAndRelatedAccount('First Note', Yii::app()->user->userModel, $this->selectedModels[1]); }
/** * @depends testUnprivilegedUserViewUpdateDeleteNotes */ public function testSearchNotes() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $anotherUser = User::getByUsername('steven'); $authenticationData = $this->login(); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $firstAccount = AccountTestHelper::createAccountByNameTypeAndIndustryForOwner('First Account', 'Customer', 'Automotive', $super); $secondAccount = AccountTestHelper::createAccountByNameTypeAndIndustryForOwner('Second Account', 'Customer', 'Automotive', $super); NoteTestHelper::createNoteWithOwnerAndRelatedAccount('First Note', $super, $firstAccount); NoteTestHelper::createNoteWithOwnerAndRelatedAccount('Second Note', $super, $firstAccount); NoteTestHelper::createNoteWithOwnerAndRelatedAccount('Third Note', $super, $secondAccount); NoteTestHelper::createNoteWithOwnerAndRelatedAccount('Forth Note', $anotherUser, $secondAccount); NoteTestHelper::createNoteWithOwnerAndRelatedAccount('Fifth Note', $super, $firstAccount); $searchParams = array('pagination' => array('page' => 1, 'pageSize' => 3), 'search' => array('description' => ''), 'sort' => 'description'); $searchParamsQuery = http_build_query($searchParams); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals(3, count($response['data']['items'])); $this->assertEquals(5, $response['data']['totalCount']); $this->assertEquals(1, $response['data']['currentPage']); $this->assertEquals('Fifth Note', $response['data']['items'][0]['description']); $this->assertEquals('First Note', $response['data']['items'][1]['description']); $this->assertEquals('Forth Note', $response['data']['items'][2]['description']); // Second page $searchParams['pagination']['page'] = 2; $searchParamsQuery = http_build_query($searchParams); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals(2, count($response['data']['items'])); $this->assertEquals(5, $response['data']['totalCount']); $this->assertEquals(2, $response['data']['currentPage']); $this->assertEquals('Second Note', $response['data']['items'][0]['description']); $this->assertEquals('Third Note', $response['data']['items'][1]['description']); // Search by name $searchParams['pagination']['page'] = 1; $searchParams['search']['description'] = 'First Note'; $searchParamsQuery = http_build_query($searchParams); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals(1, count($response['data']['items'])); $this->assertEquals(1, $response['data']['totalCount']); $this->assertEquals(1, $response['data']['currentPage']); $this->assertEquals('First Note', $response['data']['items'][0]['description']); // No results $searchParams['pagination']['page'] = 1; $searchParams['search']['description'] = 'First Note 2'; $searchParamsQuery = http_build_query($searchParams); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals(0, $response['data']['totalCount']); $this->assertFalse(isset($response['data']['items'])); // Search by name desc. $searchParams = array('pagination' => array('page' => 1, 'pageSize' => 3), 'search' => array('description' => ''), 'sort' => 'description.desc'); $searchParamsQuery = http_build_query($searchParams); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals(3, count($response['data']['items'])); $this->assertEquals(5, $response['data']['totalCount']); $this->assertEquals(1, $response['data']['currentPage']); $this->assertEquals('Third Note', $response['data']['items'][0]['description']); $this->assertEquals('Second Note', $response['data']['items'][1]['description']); $this->assertEquals('Forth Note', $response['data']['items'][2]['description']); // Second page $searchParams['pagination']['page'] = 2; $searchParamsQuery = http_build_query($searchParams); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals(2, count($response['data']['items'])); $this->assertEquals(5, $response['data']['totalCount']); $this->assertEquals(2, $response['data']['currentPage']); $this->assertEquals('First Note', $response['data']['items'][0]['description']); $this->assertEquals('Fifth Note', $response['data']['items'][1]['description']); // Search by owner, order by name desc $searchParams = array('pagination' => array('page' => 1, 'pageSize' => 3), 'search' => array('owner' => array('id' => $super->id)), 'sort' => 'description.desc'); $searchParamsQuery = http_build_query($searchParams); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals(4, $response['data']['totalCount']); $this->assertEquals(3, count($response['data']['items'])); $this->assertEquals(1, $response['data']['currentPage']); $this->assertEquals('Third Note', $response['data']['items'][0]['description']); $this->assertEquals('Second Note', $response['data']['items'][1]['description']); $this->assertEquals('First Note', $response['data']['items'][2]['description']); // Second page $searchParams['pagination']['page'] = 2; $searchParamsQuery = http_build_query($searchParams); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals(1, count($response['data']['items'])); $this->assertEquals(4, $response['data']['totalCount']); $this->assertEquals(2, $response['data']['currentPage']); $this->assertEquals('Fifth Note', $response['data']['items'][0]['description']); // Search by account, order by name desc $searchParams = array('pagination' => array('page' => 1, 'pageSize' => 3), 'search' => array('activityItems' => array('id' => $firstAccount->getClassId('Item'))), 'sort' => 'description.desc'); $searchParamsQuery = http_build_query($searchParams); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/list/filter/' . $searchParamsQuery, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals(3, count($response['data']['items'])); $this->assertEquals(3, $response['data']['totalCount']); $this->assertEquals(1, $response['data']['currentPage']); $this->assertEquals('Second Note', $response['data']['items'][0]['description']); $this->assertEquals('First Note', $response['data']['items'][1]['description']); $this->assertEquals('Fifth Note', $response['data']['items'][2]['description']); }
/** * @depends testNobodyCanReadWriteDeleteAndStrValOfNoteFunctionsCorrectly */ public function testAUserCanDeleteANoteNotOwnedButHasExplicitDeletePermission() { //Create superAccount owned by user super. $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountTest', $super); //create a nobody user $nobody = User::getByUsername('nobody'); //create note for an superAccount using the super user $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount); //give nobody access to both details, edit and delete view in order to check the delete of a note Yii::app()->user->userModel = User::getByUsername('super'); $nobody->forget(); $nobody = User::getByUsername('nobody'); $note->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($note->save()); Yii::app()->user->userModel = User::getByUsername('nobody'); $noteId = $note->id; $note->forget(); $note = Note::getById($noteId); $note->delete(); }