public function testRoleNameLikeUserName() { $userAccount = new Opus_Account(); $userAccount->setLogin('_test')->setPassword('role_tester'); $userAccount->setRole(new Opus_UserRole($this->roleId)); $userId = $userAccount->store(); Zend_Auth::getInstance()->getStorage()->write('_test'); $aclProvider = new Application_Security_AclProvider(); $acl = $aclProvider->getAcls(); $userAccount->delete(); $this->assertTrue($acl instanceof Zend_Acl, 'Excpected instance of Zend_Acl'); $this->assertTrue($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'documents'), "expected user has access to resource 'documents'"); $this->assertFalse($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'accounts'), "expected user has no access to resource 'account'"); }
public function testUserAccessToInstituteWithInstituteRightsRegression3245() { $testRole = new Opus_UserRole(); $testRole->setName('TestRole'); $testRole->appendAccessModule('admin'); $testRole->appendAccessModule('resource_institutions'); $this->roleId = $testRole->store(); $userAccount = new Opus_Account(); $userAccount->setLogin('role_tester')->setPassword('role_tester'); $userAccount->setRole($testRole); $this->userId = $userAccount->store(); $this->enableSecurity(); $this->loginUser('role_tester', 'role_tester'); $this->useEnglish(); $this->dispatch('/admin/dnbinstitute/edit/id/1'); $this->assertNotRedirect(); $this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it'); $this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it'); }
public function testAccessUserToFileRegression3281() { $this->enableSecurity(); // test document access as user with document access rights $doc = $this->createTestDocument(); $doc->setServerState('published'); $publishedDocId = $doc->store(); $doc = $this->createTestDocument(); $doc->setServerState('unpublished'); $unpublishedDocId = $doc->store(); $testRole = new Opus_UserRole(); $testRole->setName('test_access'); $testRole->appendAccessDocument($unpublishedDocId); $testRole->appendAccessDocument($publishedDocId); $this->roleId = $testRole->store(); $userAccount = new Opus_Account(); $userAccount->setLogin('test_account')->setPassword('role_tester_user2'); $userAccount->setRole($testRole); $this->userId = $userAccount->store(); $this->loginUser('test_account', 'role_tester_user2'); $this->tryAccessForDocument($publishedDocId, true); $this->tryAccessForDocument($unpublishedDocId, true); $this->logoutUser(); }
/** * Updates account information. */ public function updateAction() { if ($this->getRequest()->isPost()) { $button = $this->getRequest()->getParam('cancel'); if (isset($button)) { $this->_helper->redirector('index'); return; } $id = $this->getRequest()->getParam('id'); $accountForm = new Admin_Form_Account($id); $postData = $this->getRequest()->getPost(); $passwordChanged = true; if (empty($postData['password'])) { // modify to pass default validation // TODO think about better solution (validation context?) $postData['password'] = '******'; $postData['confirmPassword'] = '******'; $passwordChanged = false; } $account = new Opus_Account($id); $postData['oldLogin'] = strtolower($account->getLogin()); if ($accountForm->isValid($postData)) { $account->setFirstName($postData['firstname']); $account->setLastName($postData['lastname']); $account->setEmail($postData['email']); $oldLogin = strtolower($account->getLogin()); // update login name $newLogin = $postData['username']; if ($newLogin !== $oldLogin) { $account->setLogin($newLogin); $loginChanged = true; } else { $loginChanged = false; } // update password if ($passwordChanged) { $password = $postData['password']; $account->setPassword($password); } // update roles $newRoles = Admin_Form_Account::parseSelectedRoles($postData); // TODO optimize code $hasAdministratorRole = false; foreach ($newRoles as $role) { if (strtolower($role->getDisplayName()) === 'administrator') { $hasAdministratorRole = true; break; } } $currentUser = Zend_Auth::getInstance()->getIdentity(); $isCurrentUser = $currentUser === $oldLogin ? true : false; if (!$hasAdministratorRole && $isCurrentUser) { $newRoles[] = Opus_UserRole::fetchByName('administrator'); } $account->setRole($newRoles); $account->store(); if ($isCurrentUser && ($loginChanged || $passwordChanged)) { Zend_Auth::getInstance()->clearIdentity(); } } else { $actionUrl = $this->view->url(array('action' => 'update', 'id' => $id)); $accountForm->setAction($actionUrl); $this->view->form = $accountForm; $this->view->title = 'admin_account_edit'; return $this->renderScript('account/edit.phtml'); } } $this->_helper->redirector('index'); }