public function testRoleNameLikeUserName()
{
$userAccount = new Opus_Account();
$userAccount->setLogin('_test')->setPassword('role_tester');
$userAccount->setRole(new Opus_UserRole($this->roleId));
$userId = $userAccount->store();
Zend_Auth::getInstance()->getStorage()->write('_test');
$aclProvider = new Application_Security_AclProvider();
$acl = $aclProvider->getAcls();
$userAccount->delete();
$this->assertTrue($acl instanceof Zend_Acl, 'Excpected instance of Zend_Acl');
$this->assertTrue($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'documents'), "expected user has access to resource 'documents'");
$this->assertFalse($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'accounts'), "expected user has no access to resource 'account'");
}
public function testUserAccessToInstituteWithInstituteRightsRegression3245()
{
$testRole = new Opus_UserRole();
$testRole->setName('TestRole');
$testRole->appendAccessModule('admin');
$testRole->appendAccessModule('resource_institutions');
$this->roleId = $testRole->store();
$userAccount = new Opus_Account();
$userAccount->setLogin('role_tester')->setPassword('role_tester');
$userAccount->setRole($testRole);
$this->userId = $userAccount->store();
$this->enableSecurity();
$this->loginUser('role_tester', 'role_tester');
$this->useEnglish();
$this->dispatch('/admin/dnbinstitute/edit/id/1');
$this->assertNotRedirect();
$this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
$this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
}
public function testAccessUserToFileRegression3281()
{
$this->enableSecurity();
// test document access as user with document access rights
$doc = $this->createTestDocument();
$doc->setServerState('published');
$publishedDocId = $doc->store();
$doc = $this->createTestDocument();
$doc->setServerState('unpublished');
$unpublishedDocId = $doc->store();
$testRole = new Opus_UserRole();
$testRole->setName('test_access');
$testRole->appendAccessDocument($unpublishedDocId);
$testRole->appendAccessDocument($publishedDocId);
$this->roleId = $testRole->store();
$userAccount = new Opus_Account();
$userAccount->setLogin('test_account')->setPassword('role_tester_user2');
$userAccount->setRole($testRole);
$this->userId = $userAccount->store();
$this->loginUser('test_account', 'role_tester_user2');
$this->tryAccessForDocument($publishedDocId, true);
$this->tryAccessForDocument($unpublishedDocId, true);
$this->logoutUser();
}
/**
* Updates account information.
*/
public function updateAction()
{
if ($this->getRequest()->isPost()) {
$button = $this->getRequest()->getParam('cancel');
if (isset($button)) {
$this->_helper->redirector('index');
return;
}
$id = $this->getRequest()->getParam('id');
$accountForm = new Admin_Form_Account($id);
$postData = $this->getRequest()->getPost();
$passwordChanged = true;
if (empty($postData['password'])) {
// modify to pass default validation
// TODO think about better solution (validation context?)
$postData['password'] = '******';
$postData['confirmPassword'] = '******';
$passwordChanged = false;
}
$account = new Opus_Account($id);
$postData['oldLogin'] = strtolower($account->getLogin());
if ($accountForm->isValid($postData)) {
$account->setFirstName($postData['firstname']);
$account->setLastName($postData['lastname']);
$account->setEmail($postData['email']);
$oldLogin = strtolower($account->getLogin());
// update login name
$newLogin = $postData['username'];
if ($newLogin !== $oldLogin) {
$account->setLogin($newLogin);
$loginChanged = true;
} else {
$loginChanged = false;
}
// update password
if ($passwordChanged) {
$password = $postData['password'];
$account->setPassword($password);
}
// update roles
$newRoles = Admin_Form_Account::parseSelectedRoles($postData);
// TODO optimize code
$hasAdministratorRole = false;
foreach ($newRoles as $role) {
if (strtolower($role->getDisplayName()) === 'administrator') {
$hasAdministratorRole = true;
break;
}
}
$currentUser = Zend_Auth::getInstance()->getIdentity();
$isCurrentUser = $currentUser === $oldLogin ? true : false;
if (!$hasAdministratorRole && $isCurrentUser) {
$newRoles[] = Opus_UserRole::fetchByName('administrator');
}
$account->setRole($newRoles);
$account->store();
if ($isCurrentUser && ($loginChanged || $passwordChanged)) {
Zend_Auth::getInstance()->clearIdentity();
}
} else {
$actionUrl = $this->view->url(array('action' => 'update', 'id' => $id));
$accountForm->setAction($actionUrl);
$this->view->form = $accountForm;
$this->view->title = 'admin_account_edit';
return $this->renderScript('account/edit.phtml');
}
}
$this->_helper->redirector('index');
}
