public function testUpdateModelsInReadSubscriptionTableWithPrivilegeEscalations() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $steven = UserTestHelper::createBasicUser('Steven'); $account1 = AccountTestHelper::createAccountByNameForOwner('First Account', $super); ReadPermissionsOptimizationUtil::rebuild(); sleep(1); Yii::app()->user->userModel = $steven; ReadPermissionsSubscriptionUtil::updateReadSubscriptionTableByModelClassnameAndUser('Account', Yii::app()->user->userModel, false, false); $sql = "SELECT * FROM account_read_subscription"; $this->assertTrue(empty($permissionTableRows)); // Add user to everyone group Yii::app()->user->userModel = $super; $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME); $account1->addPermissions($everyoneGroup, Permission::READ); $this->assertTrue($account1->save()); $account1Id = $account1->id; $account1->forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); Yii::app()->user->userModel = $steven; ReadPermissionsSubscriptionUtil::updateReadSubscriptionTableByModelClassnameAndUser('Account', Yii::app()->user->userModel, false, false); $sql = "SELECT * FROM account_read_subscription"; $permissionTableRows = R::getAll($sql); $this->assertEquals(1, count($permissionTableRows)); $this->assertEquals($account1Id, $permissionTableRows[0]['modelid']); $this->assertEquals($steven->id, $permissionTableRows[0]['userid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $permissionTableRows[0]['subscriptiontype']); // Test as super Yii::app()->user->userModel = $super; ReadPermissionsSubscriptionUtil::updateReadSubscriptionTableByModelClassnameAndUser('Account', Yii::app()->user->userModel, false, false); $sql = "SELECT * FROM account_read_subscription WHERE userid = " . Yii::app()->user->userModel->id; $permissionTableRows = R::getAll($sql); $this->assertEquals(1, count($permissionTableRows)); $this->assertEquals($account1Id, $permissionTableRows[0]['modelid']); $this->assertEquals($super->id, $permissionTableRows[0]['userid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $permissionTableRows[0]['subscriptiontype']); // Remove account from everyone group $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME); $account1 = Account::getById($account1Id); $account1->removePermissions($everyoneGroup, Permission::READ); $this->assertTrue($account1->save()); $account1->forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); Yii::app()->user->userModel = $steven; ReadPermissionsSubscriptionUtil::updateReadSubscriptionTableByModelClassnameAndUser('Account', Yii::app()->user->userModel, false, false); $sql = "SELECT * FROM account_read_subscription WHERE userid = " . Yii::app()->user->userModel->id; $permissionTableRows = R::getAll($sql); $this->assertEquals(1, count($permissionTableRows)); $this->assertEquals($account1Id, $permissionTableRows[0]['modelid']); $this->assertEquals($steven->id, $permissionTableRows[0]['userid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $permissionTableRows[0]['subscriptiontype']); }