public function test_can_do_group_privilege() { $topic = $this->create_object('midcom_db_topic'); $person = $this->create_user(); $group = $this->create_object('midcom_db_group'); $this->create_object('midcom_db_member', array('gid' => $group->id, 'uid' => $person->id)); midcom::get('auth')->request_sudo('midcom.core'); $topic->set_privilege('midgard:read', 'group:' . $group->guid, MIDCOM_PRIVILEGE_DENY); $user = new midcom_core_user($person); midcom::get('auth')->drop_sudo(); $auth = new midcom_services_auth(); $auth->initialize(); $this->assertTrue($auth->can_do('midgard:read', $topic)); $auth->user = $user; $this->assertFalse($auth->can_do('midgard:read', $topic)); }
public function test_can_do() { $topic = $this->create_object('midcom_db_topic'); $person = $this->create_user(); $user = new midcom_core_user($person); $auth = new midcom_services_auth(); $auth->initialize(); $this->assertFalse($auth->can_do('midgard:read', null)); $this->assertTrue($auth->can_do('midgard:read', $topic)); $this->assertFalse($auth->can_do('midgard:delete', $topic)); $auth->admin = true; $this->assertFalse($auth->can_do('midgard:delete', $topic)); $auth->user = $user; $this->assertTrue($auth->can_do('midgard:delete', $topic)); $auth->admin = false; $this->assertFalse($auth->can_do('midgard:delete', $topic)); $person2 = $this->create_user(); $user2 = new midcom_core_user($person2); $topic2 = $this->create_object('midcom_db_topic'); midcom::get('auth')->request_sudo('midcom.core'); $topic2->set_privilege('midgard:delete', $user2->id, MIDCOM_PRIVILEGE_ALLOW); midcom::get('auth')->drop_sudo(); $auth->user = $user2; $this->assertTrue($auth->can_do('midgard:delete', $topic2)); }