/** * @depends testSetWriteDenyPermission */ public function testPermissionsUtilGetAllModulePermissionsData() { $this->assertEquals(User::getByUsername('super'), Yii::app()->user->userModel); $securableItem3 = new NamedSecurableItem(); $securableItem3->name = 'TestItem3'; $saved = $securableItem3->save(); $this->assertTrue($saved); $group = new Group(); $group->name = 'modulePermissionsGroup'; $saved = $group->save(); $this->assertTrue($saved); $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group); $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContactsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'LeadsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'MeetingsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'NotesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'OpportunitiesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContractsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'TasksModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'UsersModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null))); $this->assertEquals($compareData['AccountsModule'], $data['AccountsModule']); $this->assertEquals($compareData['ContactsModule'], $data['ContactsModule']); $this->assertEquals($compareData['LeadsModule'], $data['LeadsModule']); $this->assertEquals($compareData['OpportunitiesModule'], $data['OpportunitiesModule']); $this->assertEquals($compareData['ContractsModule'], $data['ContractsModule']); $this->assertEquals($compareData['TasksModule'], $data['TasksModule']); $this->assertEquals($compareData['NotesModule'], $data['NotesModule']); $this->assertEquals($compareData['MeetingsModule'], $data['MeetingsModule']); $this->assertEquals($compareData['UsersModule'], $data['UsersModule']); $group->forget(); $securableItem3->forget(); }
protected function setSomePermissions() { if (!SECURITY_OPTIMIZED) { return; } $accounts = Account::getAll(); $account = $accounts[0]; $user = User::getByUsername('bobby'); $this->assertNotEquals($account->owner->id, $user->id); $everyone = Group::getByName('Everyone'); $account->addPermissions($user, Permission::READ); $account->addPermissions($user, Permission::WRITE, Permission::DENY); $account->addPermissions($everyone, Permission::CHANGE_OWNER); $this->assertTrue($account->save()); try { $securableItem1 = NamedSecurableItem::getByName('Account'); } catch (NotFoundException $e) { $securableItem1 = new NamedSecurableItem(); $securableItem->name = 'Account'; } $securableItem1->addPermissions($everyone, Permission::DELETE); $this->assertTrue($securableItem1->save()); try { $securableItem2 = NamedSecurableItem::getByName('Account'); } catch (NotFoundException $e) { $securableItem2 = new NamedSecurableItem(); $securableItem->name = 'AccountsModule'; } $securableItem2->addPermissions($everyone, Permission::CHANGE_PERMISSIONS); $this->assertTrue($securableItem2->save()); }
public function testPermissionsOnNamedSecurableItems() { $accounts = Account::getByName('Supermart'); $this->assertEquals(1, count($accounts)); $account = $accounts[0]; $owner = $account->owner; $user = User::getByUsername('bobby'); $this->assertNotEquals($owner->id, $user->id); $everyone = Group::getByName(Group::EVERYONE_GROUP_NAME); $group = Group::getByName('Sales Staff'); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($group)); // Putting permissions on. $securableItem1 = new NamedSecurableItem(); $securableItem1->name = 'Account'; $securableItem1->addPermissions($everyone, Permission::READ); $securableItem1->addPermissions($user, Permission::DELETE); $securableItem1->addPermissions($group, Permission::WRITE); $this->assertTrue($securableItem1->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::READ_WRITE_DELETE, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($group)); $securableItem2 = new NamedSecurableItem(); $securableItem2->name = 'AccountsModule'; $securableItem2->addPermissions($everyone, Permission::CHANGE_OWNER); $securableItem2->addPermissions($group, Permission::DELETE); $this->assertTrue($securableItem2->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group)); $account->addPermissions($user, Permission::CHANGE_OWNER); $account->addPermissions($group, Permission::READ, Permission::DENY); $this->assertTrue($account->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::WRITE | Permission::DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::WRITE | Permission::DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group)); // Taking permissions off. $account->removeAllPermissions(); $this->assertTrue($account->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group)); $securableItem2->removeAllPermissions(); $this->assertTrue($securableItem2->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::READ_WRITE_DELETE, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($group)); $securableItem1->removeAllPermissions(); $this->assertTrue($securableItem1->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($group)); $securableItem2->delete(); unset($securableItem2); $securableItem1->delete(); unset($securableItem1); }