public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
SecurityTestHelper::createSuperAdmin();
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
Currency::makeBaseCurrency();
//Create a account for testing.
$account = AccountTestHelper::createAccountByNameForOwner('superAccount', $super);
//Create a opportunity for testing.
OpportunityTestHelper::createOpportunityWithAccountByNameForOwner('superOpp', $super, $account);
//Create a two contacts for testing.
ContactTestHelper::createContactWithAccountByNameForOwner('superContact1', $super, $account);
ContactTestHelper::createContactWithAccountByNameForOwner('superContact2', $super, $account);
//Create a note for testing.
NoteTestHelper::createNoteWithOwnerAndRelatedAccount('superNote', $super, $account);
}
public function testGetCountByModelClassName()
{
$super = User::getByUsername('super');
$user = UserTestHelper::createBasicUserWithEmailAddress('newUser');
Yii::app()->user->userModel = $super;
$this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL));
$this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER));
$this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $super->id));
$this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $user->id));
NoteTestHelper::createNoteByNameForOwner('test1', $super);
$this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL));
$this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER));
$this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $super->id));
$this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $user->id));
NoteTestHelper::createNoteByNameForOwner('test1', $user);
$this->assertEquals(2, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL));
$this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER));
$this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $user->id));
}
public function testRenderSummaryContentWithNote()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$billy = User::getByUsername('billy');
$account = AccountTestHelper::createAccountByNameForOwner('noteAccount', $super);
$note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('aMeeting', $super, $account);
$content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL, 'HomeModule');
$content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER, 'HomeModule');
$content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL, 'UserModule');
$content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER, 'UserModule');
}
public function testAddingNoteAndDeletingNoteAndThenTheSocialItemsAreRemoved()
{
$super = User::getByUsername('super');
$this->assertEquals(0, SocialItem::getCount());
$accounts = Account::getByName('anAccount');
$note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('aNote', $super, $accounts[0]);
$socialItem = new SocialItem();
$socialItem->description = 'My test description';
$socialItem->note = $note;
$saved = $socialItem->save();
$this->assertTrue($saved);
$socialItemId = $socialItem->id;
$noteId = $note->id;
$note->forget();
$this->assertEquals(1, SocialItem::getCount());
$note = Note::getById($noteId);
$deleted = $note->delete();
$this->assertTrue($deleted);
$this->assertEquals(0, SocialItem::getCount());
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create superAccount owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
//Test nobody, access to edit and details of superAccount should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$superAccount->addPermissions($nobody, Permission::READ);
$this->assertTrue($superAccount->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create note for an superAccount using the super user
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount);
//Test nobody, access to edit and details of notes should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give nobody access to details view only
Yii::app()->user->userModel = $super;
$note->addPermissions($nobody, Permission::READ);
$this->assertTrue($note->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($note, $nobody);
//Now access to notes view by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Now access to notes edit and delete by Nobody should fail
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$note->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($note, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody);
//Now access to notes view and edit by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Now access to notes delete by Nobody should fail
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//revoke the permission from the nobody user to access the note
Yii::app()->user->userModel = $super;
$note->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($note, $nobody);
//Now nobodys, access to edit, details and delete of notes should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give nobody access to details, edit and delete view
Yii::app()->user->userModel = $super;
$note->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($note->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody);
//Now nobodys, access to delete of notes should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $note->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create account owned by super
$account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$account2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($account2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a note owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$note2 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForRole', $super, $account2);
//Test userInChildRole, access to notes details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentRole, access to notes details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give userInChildRole access to READ permision for notes
Yii::app()->user->userModel = $super;
$note2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($note2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($note2, $userInChildRole);
//Test userInChildRole, access to notes details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Test userInChildRole, access to notes edit and delete should fail.
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentRole, access to notes details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Test userInParentRole, access to notes edit and delete should fail.
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give userInChildRole access to read and write for the notes
Yii::app()->user->userModel = $super;
$note2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($note2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note2, $userInChildRole);
//Test userInChildRole, access to notes edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Test userInChildRole, access to notes delete should fail.
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentRole, access to notes edit should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Test userInParentRole, access to notes delete should fail.
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//revoke userInChildRole access to read and write notes
Yii::app()->user->userModel = $super;
$note2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($note2, $userInChildRole);
//Test userInChildRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $note2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give userInChildRole access to read, write and delete for the notes
Yii::app()->user->userModel = $super;
$note2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
$this->assertTrue($note2->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note2, $userInChildRole);
//Test userInParentRole, access to delete should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $note2->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$this->assertTrue($userInChildGroup->save());
//create account owned by super
$account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
//Test userInParentGroup, access to details should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$account3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($account3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a note owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$note3 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForGroup', $super, $account3);
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_ACCESS_NOTES);
$userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_CREATE_NOTES);
$userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_DELETE_NOTES);
$this->assertTrue($userInChildGroup->save());
//Test userInParentGroup, access to notes details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInChildGroup, access to notes details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$note3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($note3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($note3, $parentGroup);
//Test userInParentGroup, access to notes details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Test userInParentGroup, access to notes edit and delete should fail.
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInChildGroup, access to notes details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
//Test userInChildGroup, access to notes edit and delete should fail.
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$note3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($note3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($note3, $parentGroup);
//Test userInParentGroup, access to edit notes should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Test userInParentGroup, access to notes delete should fail.
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInChildGroup, access to edit notes should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $note3->id));
$this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
//Test userInChildGroup, access to notes delete should fail.
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//revoke parentGroup access to notes read and write
Yii::app()->user->userModel = $super;
$note3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($note3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($note3, $parentGroup);
//Test userInChildGroup, access to notes detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//Test userInParentGroup, access to notes detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
$this->setGetArray(array('id' => $note3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
//give parentGroup access to read, write and delete
Yii::app()->user->userModel = $super;
$note3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
$this->assertTrue($note3->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($note3, $parentGroup);
//Test userInChildGroup, access to notes delete should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $note3->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
protected function addNote()
{
$this->checkActivityItemRelationCount('Note', 'First Note', 0);
NoteTestHelper::createNoteWithOwnerAndRelatedAccount('First Note', Yii::app()->user->userModel, $this->selectedModels[1]);
}
/**
* @depends testApiServerUrl
*/
public function testEditNoteWIthIncorrectDataType()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$note = NoteTestHelper::createNoteByNameForOwner('Newest Note', $super);
// Provide data with wrong type.
$data['occurredOnDateTime'] = "A";
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/create/', 'POST', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals(2, count($response['errors']));
$id = $note->id;
$data = array();
$data['occurredOnDateTime'] = "A";
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/update/' . $id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals(1, count($response['errors']));
}
/**
* @depends testCreateAndGetNoteById
*/
public function testRemoveActivityItemFromActivity()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$firstNote = NoteTestHelper::createNoteByNameForOwner('Note with relations', $super);
$secondNote = NoteTestHelper::createNoteByNameForOwner('Second note with relations', $super);
$thirdContact = ContactTestHelper::createContactByNameForOwner('Third', $super);
$firstContact = ContactTestHelper::createContactByNameForOwner('First', $super);
$secondContact = ContactTestHelper::createContactByNameForOwner('Second', $super);
$firstNote->activityItems->add($firstContact);
$firstNote->activityItems->add($secondContact);
$firstNote->save();
$this->assertEquals(2, count($firstNote->activityItems));
$this->assertEquals($firstContact->id, $firstNote->activityItems[0]->id);
$this->assertEquals($secondContact->id, $firstNote->activityItems[1]->id);
$noteId = $firstNote->id;
$firstNote->forget();
$firstNote = Note::getById($noteId);
$this->assertEquals(2, count($firstNote->activityItems));
$this->assertEquals($firstContact->getClassId('Item'), $firstNote->activityItems[0]->id);
$this->assertEquals($secondContact->getClassId('Item'), $firstNote->activityItems[1]->id);
$firstNote->activityItems->remove($firstContact);
$firstNote->save();
$this->assertEquals(1, count($firstNote->activityItems));
$this->assertEquals($secondContact->getClassId('Item'), $firstNote->activityItems[0]->id);
$firstNote->forget();
$firstNote = Note::getById($noteId);
$this->assertEquals(1, count($firstNote->activityItems));
$this->assertEquals($secondContact->getClassId('Item'), $firstNote->activityItems[0]->id);
}
