public function testSetWriteDenyPermission()
{
$readWriteBit = Permission::READ | Permission::WRITE | Permission::CHANGE_OWNER | Permission::CHANGE_PERMISSIONS;
$this->assertEquals(27, $readWriteBit);
$items = NamedSecurableItem::getAll();
$this->assertEquals(0, count($items));
$securableItem1 = new NamedSecurableItem();
$securableItem1->name = 'TestItem';
$saved = $securableItem1->save();
$this->assertTrue($saved);
$group = new Group();
$group->name = 'myTestGroup';
$saved = $group->save();
$this->assertTrue($saved);
$this->assertEquals(array(Permission::NONE, Permission::NONE), $securableItem1->getExplicitActualPermissions($group));
$securableItem1->addPermissions($group, Permission::WRITE, Permission::DENY);
$securableItem1->save();
$this->assertEquals(array(Permission::NONE, Permission::WRITE), $securableItem1->getExplicitActualPermissions($group));
$securableItem1->addPermissions($group, Permission::READ);
$securableItem1->save();
$this->assertEquals(array(Permission::READ, Permission::WRITE), $securableItem1->getExplicitActualPermissions($group));
$securableItem2 = new NamedSecurableItem();
$securableItem2->name = 'TestItem2';
$saved = $securableItem2->save();
$this->assertTrue($saved);
$items = NamedSecurableItem::getAll();
$this->assertEquals(2, count($items));
$securableItem1->forget();
$securableItem2->forget();
$newItem = NamedSecurableItem::getByName('HomeModule');
$permission = 'WRITE';
$newItem->addPermissions($group, constant('Permission::' . $permission), Permission::ALLOW);
$this->assertTrue($newItem->save());
$newItem->forget();
$group->forget();
$group = Group::getByName('myTestGroup');
$newItem = NamedSecurableItem::getByName('HomeModule');
$explicitPermissions = $newItem->getExplicitActualPermissions($group);
$this->assertEquals(array(Permission::WRITE, Permission::NONE), $explicitPermissions);
$effectivePermissions = $newItem->getEffectivePermissions($group);
$this->assertEquals(Permission::WRITE, $effectivePermissions);
$resolvedPermission = PermissionsUtil::resolveExplicitOrInheritedPermission($explicitPermissions, Permission::WRITE);
$this->assertEquals(PERMISSION::ALLOW, $resolvedPermission);
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$compareData = array('HomeModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW)));
$this->assertEquals($compareData['HomeModule'], $data['HomeModule']);
$group->forget();
}
protected function setSomePermissions()
{
if (!SECURITY_OPTIMIZED) {
return;
}
$accounts = Account::getAll();
$account = $accounts[0];
$user = User::getByUsername('bobby');
$this->assertNotEquals($account->owner->id, $user->id);
$everyone = Group::getByName('Everyone');
$account->addPermissions($user, Permission::READ);
$account->addPermissions($user, Permission::WRITE, Permission::DENY);
$account->addPermissions($everyone, Permission::CHANGE_OWNER);
$this->assertTrue($account->save());
try {
$securableItem1 = NamedSecurableItem::getByName('Account');
} catch (NotFoundException $e) {
$securableItem1 = new NamedSecurableItem();
$securableItem->name = 'Account';
}
$securableItem1->addPermissions($everyone, Permission::DELETE);
$this->assertTrue($securableItem1->save());
try {
$securableItem2 = NamedSecurableItem::getByName('Account');
} catch (NotFoundException $e) {
$securableItem2 = new NamedSecurableItem();
$securableItem->name = 'AccountsModule';
}
$securableItem2->addPermissions($everyone, Permission::CHANGE_PERMISSIONS);
$this->assertTrue($securableItem2->save());
}
public function testPermissionsOnNamedSecurableItems()
{
$accounts = Account::getByName('Supermart');
$this->assertEquals(1, count($accounts));
$account = $accounts[0];
$owner = $account->owner;
$user = User::getByUsername('bobby');
$this->assertNotEquals($owner->id, $user->id);
$everyone = Group::getByName(Group::EVERYONE_GROUP_NAME);
$group = Group::getByName('Sales Staff');
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($group));
// Putting permissions on.
$securableItem1 = new NamedSecurableItem();
$securableItem1->name = 'Account';
$securableItem1->addPermissions($everyone, Permission::READ);
$securableItem1->addPermissions($user, Permission::DELETE);
$securableItem1->addPermissions($group, Permission::WRITE);
$this->assertTrue($securableItem1->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::READ_WRITE_DELETE, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($group));
$securableItem2 = new NamedSecurableItem();
$securableItem2->name = 'AccountsModule';
$securableItem2->addPermissions($everyone, Permission::CHANGE_OWNER);
$securableItem2->addPermissions($group, Permission::DELETE);
$this->assertTrue($securableItem2->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group));
$account->addPermissions($user, Permission::CHANGE_OWNER);
$account->addPermissions($group, Permission::READ, Permission::DENY);
$this->assertTrue($account->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::WRITE | Permission::DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::WRITE | Permission::DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group));
// Taking permissions off.
$account->removeAllPermissions();
$this->assertTrue($account->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group));
$securableItem2->removeAllPermissions();
$this->assertTrue($securableItem2->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::READ_WRITE_DELETE, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($group));
$securableItem1->removeAllPermissions();
$this->assertTrue($securableItem1->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($group));
$securableItem2->delete();
unset($securableItem2);
$securableItem1->delete();
unset($securableItem1);
}
