public function getLinked() { if ($this->link_to_type == 'authoritative_plant') { return Authoritative_Plant::getOneFromDb(['authoritative_plant_id' => $this->link_to_id], $this->dbConnection); } if ($this->link_to_type == 'notebook_page') { return Notebook_Page::getOneFromDb(['notebook_page_id' => $this->link_to_id], $this->dbConnection); } return 0; }
if ($action == 'create') { if (!isset($_REQUEST['notebook_id']) || !is_numeric($_REQUEST['notebook_id'])) { util_redirectToAppPage('app_code/notebook.php?action=list', 'failure', util_lang('no_notebook_specified')); } // $notebook_page = new Notebook_Page(['notebook_id' => $_REQUEST['notebook_id'],'DB'=>$DB]); // $notebook_page->notebook_page_id = 'NEW'; // $notebook_page = Notebook_Page::createNewNotebookPageForNotebook($_REQUEST['notebook_id'], $DB); } else { if ($_REQUEST['notebook_page_id'] == 'NEW') { $notebook_page = Notebook_Page::createNewNotebookPageForNotebook($_REQUEST['notebook_id'], $DB); } else { if (!isset($_REQUEST['notebook_page_id']) || !is_numeric($_REQUEST['notebook_page_id'])) { util_redirectToAppPage('app_code/notebook.php?action=list', 'failure', util_lang('no_notebook_page_specified')); } $notebook_page = Notebook_Page::getOneFromDb(['notebook_page_id' => $_REQUEST['notebook_page_id']], $DB); if (!$notebook_page->matchesDb) { util_redirectToAppPage('app_code/notebook.php?action=list', 'failure', util_lang('no_notebook_page_found')); } } } # 3. confirm that the user is allowed to take that action on that object (if not, redirect them to the home page with an appropriate warning) if (!$USER->canActOnTarget($ACTIONS[$action], $notebook_page)) { // util_prePrintR("action is $action"); if ($action != 'view' && isset($_REQUEST['notebook_page_id']) && is_numeric($_REQUEST['notebook_page_id'])) { util_redirectToAppPage('app_code/notebook_page.php?action=view¬ebook_page_id=' . $notebook_page->notebook_page_id, 'failure', util_lang('no_permission')); } util_redirectToAppPage('app_code/notebook.php?action=list', 'failure', util_lang('no_permission')); } if ($action != 'delete') { require_once '../app_head.php';
function testCanActOnTarget() { $n1 = Notebook::getOneFromDb(['notebook_id' => 1001], $this->DB); // owned by 101 $n2 = Notebook::getOneFromDb(['notebook_id' => 1003], $this->DB); // owned by 102 $n3 = Notebook::getOneFromDb(['notebook_id' => 1004], $this->DB); // owned by 110 $np1 = Notebook_Page::getOneFromDb(['notebook_page_id' => 1101], $this->DB); // part of notebook 101 $s1 = Specimen::getOneFromDb(['specimen_id' => 8001], $this->DB); // owned by 110 $s2 = Specimen::getOneFromDb(['specimen_id' => 8002], $this->DB); // owned by 101 $mds = Metadata_Structure::getOneFromDb(['metadata_structure_id' => 6004], $this->DB); $mdts = Metadata_Term_Set::getOneFromDb(['metadata_term_set_id' => 6101], $this->DB); $mdtv = Metadata_Term_Value::getOneFromDb(['metadata_term_value_id' => 6211], $this->DB); $ap = Authoritative_Plant::getOneFromDb(['authoritative_plant_id' => 5001], $this->DB); $actions_list = Action::getAllFromDb([], $this->DB); $actions = []; foreach ($actions_list as $act_elt) { $actions[$act_elt->name] = $act_elt; } // basic, field user $u = User::getOneFromDb(['user_id' => 101], $this->DB); $this->assertTrue($u->canActOnTarget($actions['view'], $n1)); $this->assertTrue($u->canActOnTarget($actions['edit'], $n1)); $this->assertTrue($u->canActOnTarget($actions['create'], $n1)); $this->assertTrue($u->canActOnTarget($actions['delete'], $n1)); $this->assertTrue($u->canActOnTarget($actions['publish'], $n1)); $this->assertFalse($u->canActOnTarget($actions['verify'], $n1)); $this->assertFalse($u->canActOnTarget($actions['view'], $n2)); $this->assertFalse($u->canActOnTarget($actions['edit'], $n2)); $this->assertTrue($u->canActOnTarget($actions['create'], $n2)); $this->assertFalse($u->canActOnTarget($actions['delete'], $n2)); $this->assertFalse($u->canActOnTarget($actions['publish'], $n2)); $this->assertFalse($u->canActOnTarget($actions['verify'], $n2)); $this->assertTrue($u->canActOnTarget($actions['view'], $n3)); $this->assertFalse($u->canActOnTarget($actions['edit'], $n3)); $this->assertTrue($u->canActOnTarget($actions['create'], $n3)); $this->assertFalse($u->canActOnTarget($actions['delete'], $n3)); $this->assertFalse($u->canActOnTarget($actions['publish'], $n3)); $this->assertFalse($u->canActOnTarget($actions['verify'], $n3)); $this->assertTrue($u->canActOnTarget($actions['view'], $np1)); $this->assertTrue($u->canActOnTarget($actions['edit'], $np1)); $this->assertTrue($u->canActOnTarget($actions['create'], $np1)); $this->assertTrue($u->canActOnTarget($actions['delete'], $np1)); $this->assertTrue($u->canActOnTarget($actions['publish'], $np1)); $this->assertFalse($u->canActOnTarget($actions['verify'], $np1)); $this->assertTrue($u->canActOnTarget($actions['view'], $s1)); $this->assertFalse($u->canActOnTarget($actions['edit'], $s1)); $this->assertTrue($u->canActOnTarget($actions['create'], $s1)); $this->assertFalse($u->canActOnTarget($actions['delete'], $s1)); $this->assertFalse($u->canActOnTarget($actions['publish'], $s1)); $this->assertFalse($u->canActOnTarget($actions['verify'], $s1)); $this->assertTrue($u->canActOnTarget($actions['view'], $s2)); $this->assertTrue($u->canActOnTarget($actions['edit'], $s2)); $this->assertTrue($u->canActOnTarget($actions['create'], $s2)); $this->assertTrue($u->canActOnTarget($actions['delete'], $s2)); $this->assertTrue($u->canActOnTarget($actions['publish'], $s2)); $this->assertFalse($u->canActOnTarget($actions['verify'], $s2)); $this->assertTrue($u->canActOnTarget($actions['view'], $mds)); $this->assertFalse($u->canActOnTarget($actions['edit'], $mds)); $this->assertFalse($u->canActOnTarget($actions['create'], $mds)); $this->assertFalse($u->canActOnTarget($actions['delete'], $mds)); $this->assertFalse($u->canActOnTarget($actions['publish'], $mds)); $this->assertFalse($u->canActOnTarget($actions['verify'], $mds)); $this->assertTrue($u->canActOnTarget($actions['view'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['edit'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['create'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['delete'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['publish'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['verify'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['view'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['edit'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['create'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['delete'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['publish'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['verify'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['view'], $ap)); $this->assertFalse($u->canActOnTarget($actions['edit'], $ap)); $this->assertFalse($u->canActOnTarget($actions['create'], $ap)); $this->assertFalse($u->canActOnTarget($actions['delete'], $ap)); $this->assertFalse($u->canActOnTarget($actions['publish'], $ap)); $this->assertFalse($u->canActOnTarget($actions['verify'], $ap)); // basic user on arbitrary object $this->assertTrue($u->canActOnTarget($actions['view'], new Authoritative_Plant(['DB' => $this->DB]))); // system admin $u->flag_is_system_admin = true; $this->assertTrue($u->canActOnTarget($actions['view'], $n1)); $this->assertTrue($u->canActOnTarget($actions['edit'], $n1)); $this->assertTrue($u->canActOnTarget($actions['create'], $n1)); $this->assertTrue($u->canActOnTarget($actions['delete'], $n1)); $this->assertTrue($u->canActOnTarget($actions['publish'], $n1)); $this->assertTrue($u->canActOnTarget($actions['verify'], $n1)); $this->assertTrue($u->canActOnTarget($actions['view'], $n2)); $this->assertTrue($u->canActOnTarget($actions['edit'], $n2)); $this->assertTrue($u->canActOnTarget($actions['create'], $n2)); $this->assertTrue($u->canActOnTarget($actions['delete'], $n2)); $this->assertTrue($u->canActOnTarget($actions['publish'], $n2)); $this->assertTrue($u->canActOnTarget($actions['verify'], $n2)); $this->assertTrue($u->canActOnTarget($actions['view'], $n3)); $this->assertTrue($u->canActOnTarget($actions['edit'], $n3)); $this->assertTrue($u->canActOnTarget($actions['create'], $n3)); $this->assertTrue($u->canActOnTarget($actions['delete'], $n3)); $this->assertTrue($u->canActOnTarget($actions['publish'], $n3)); $this->assertTrue($u->canActOnTarget($actions['verify'], $n3)); $this->assertTrue($u->canActOnTarget($actions['view'], $s1)); $this->assertTrue($u->canActOnTarget($actions['edit'], $s1)); $this->assertTrue($u->canActOnTarget($actions['create'], $s1)); $this->assertTrue($u->canActOnTarget($actions['delete'], $s1)); $this->assertTrue($u->canActOnTarget($actions['publish'], $s1)); $this->assertTrue($u->canActOnTarget($actions['verify'], $s1)); $this->assertTrue($u->canActOnTarget($actions['view'], $s2)); $this->assertTrue($u->canActOnTarget($actions['edit'], $s2)); $this->assertTrue($u->canActOnTarget($actions['create'], $s2)); $this->assertTrue($u->canActOnTarget($actions['delete'], $s2)); $this->assertTrue($u->canActOnTarget($actions['publish'], $s2)); $this->assertTrue($u->canActOnTarget($actions['verify'], $s2)); $this->assertTrue($u->canActOnTarget($actions['view'], $mds)); $this->assertTrue($u->canActOnTarget($actions['edit'], $mds)); $this->assertTrue($u->canActOnTarget($actions['create'], $mds)); $this->assertTrue($u->canActOnTarget($actions['delete'], $mds)); $this->assertTrue($u->canActOnTarget($actions['publish'], $mds)); $this->assertTrue($u->canActOnTarget($actions['verify'], $mds)); $this->assertTrue($u->canActOnTarget($actions['view'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['edit'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['create'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['delete'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['publish'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['verify'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['view'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['edit'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['create'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['delete'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['publish'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['verify'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['view'], $ap)); $this->assertTrue($u->canActOnTarget($actions['edit'], $ap)); $this->assertTrue($u->canActOnTarget($actions['create'], $ap)); $this->assertTrue($u->canActOnTarget($actions['delete'], $ap)); $this->assertTrue($u->canActOnTarget($actions['publish'], $ap)); $this->assertTrue($u->canActOnTarget($actions['verify'], $ap)); // public user $u = User::getOneFromDb(['user_id' => 109], $this->DB); $this->assertFalse($u->canActOnTarget($actions['view'], $n1)); $this->assertFalse($u->canActOnTarget($actions['edit'], $n1)); $this->assertFalse($u->canActOnTarget($actions['create'], $n1)); $this->assertFalse($u->canActOnTarget($actions['delete'], $n1)); $this->assertFalse($u->canActOnTarget($actions['publish'], $n1)); $this->assertFalse($u->canActOnTarget($actions['verify'], $n1)); $this->assertFalse($u->canActOnTarget($actions['view'], $n2)); $this->assertFalse($u->canActOnTarget($actions['edit'], $n2)); $this->assertFalse($u->canActOnTarget($actions['create'], $n2)); $this->assertFalse($u->canActOnTarget($actions['delete'], $n2)); $this->assertFalse($u->canActOnTarget($actions['publish'], $n2)); $this->assertFalse($u->canActOnTarget($actions['verify'], $n2)); $this->assertTrue($u->canActOnTarget($actions['view'], $n3)); $this->assertFalse($u->canActOnTarget($actions['edit'], $n3)); $this->assertFalse($u->canActOnTarget($actions['create'], $n3)); $this->assertFalse($u->canActOnTarget($actions['delete'], $n3)); $this->assertFalse($u->canActOnTarget($actions['publish'], $n3)); $this->assertFalse($u->canActOnTarget($actions['verify'], $n3)); $this->assertTrue($u->canActOnTarget($actions['view'], $s1)); $this->assertFalse($u->canActOnTarget($actions['edit'], $s1)); $this->assertFalse($u->canActOnTarget($actions['create'], $s1)); $this->assertFalse($u->canActOnTarget($actions['delete'], $s1)); $this->assertFalse($u->canActOnTarget($actions['publish'], $s1)); $this->assertFalse($u->canActOnTarget($actions['verify'], $s1)); $this->assertFalse($u->canActOnTarget($actions['view'], $s2)); $this->assertFalse($u->canActOnTarget($actions['edit'], $s2)); $this->assertFalse($u->canActOnTarget($actions['create'], $s2)); $this->assertFalse($u->canActOnTarget($actions['delete'], $s2)); $this->assertFalse($u->canActOnTarget($actions['publish'], $s2)); $this->assertFalse($u->canActOnTarget($actions['verify'], $s2)); $this->assertTrue($u->canActOnTarget($actions['view'], $mds)); $this->assertFalse($u->canActOnTarget($actions['edit'], $mds)); $this->assertFalse($u->canActOnTarget($actions['create'], $mds)); $this->assertFalse($u->canActOnTarget($actions['delete'], $mds)); $this->assertFalse($u->canActOnTarget($actions['publish'], $mds)); $this->assertFalse($u->canActOnTarget($actions['verify'], $mds)); $this->assertTrue($u->canActOnTarget($actions['view'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['edit'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['create'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['delete'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['publish'], $mdts)); $this->assertFalse($u->canActOnTarget($actions['verify'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['view'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['edit'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['create'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['delete'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['publish'], $mdtv)); $this->assertFalse($u->canActOnTarget($actions['verify'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['view'], $ap)); $this->assertFalse($u->canActOnTarget($actions['edit'], $ap)); $this->assertFalse($u->canActOnTarget($actions['create'], $ap)); $this->assertFalse($u->canActOnTarget($actions['delete'], $ap)); $this->assertFalse($u->canActOnTarget($actions['publish'], $ap)); $this->assertFalse($u->canActOnTarget($actions['verify'], $ap)); // manager $u = User::getOneFromDb(['user_id' => 110], $this->DB); // manager user $this->assertTrue($u->canActOnTarget($actions['view'], $n1)); $this->assertTrue($u->canActOnTarget($actions['edit'], $n1)); $this->assertTrue($u->canActOnTarget($actions['create'], $n1)); $this->assertTrue($u->canActOnTarget($actions['delete'], $n1)); $this->assertTrue($u->canActOnTarget($actions['publish'], $n1)); $this->assertTrue($u->canActOnTarget($actions['verify'], $n1)); $this->assertTrue($u->canActOnTarget($actions['view'], $n2)); $this->assertTrue($u->canActOnTarget($actions['edit'], $n2)); $this->assertTrue($u->canActOnTarget($actions['create'], $n2)); $this->assertTrue($u->canActOnTarget($actions['delete'], $n2)); $this->assertTrue($u->canActOnTarget($actions['publish'], $n2)); $this->assertTrue($u->canActOnTarget($actions['verify'], $n2)); $this->assertTrue($u->canActOnTarget($actions['view'], $n3)); $this->assertTrue($u->canActOnTarget($actions['edit'], $n3)); $this->assertTrue($u->canActOnTarget($actions['create'], $n3)); $this->assertTrue($u->canActOnTarget($actions['delete'], $n3)); $this->assertTrue($u->canActOnTarget($actions['publish'], $n3)); $this->assertTrue($u->canActOnTarget($actions['verify'], $n3)); $this->assertTrue($u->canActOnTarget($actions['view'], $s1)); $this->assertTrue($u->canActOnTarget($actions['edit'], $s1)); $this->assertTrue($u->canActOnTarget($actions['create'], $s1)); $this->assertTrue($u->canActOnTarget($actions['delete'], $s1)); $this->assertTrue($u->canActOnTarget($actions['publish'], $s1)); $this->assertTrue($u->canActOnTarget($actions['verify'], $s1)); $this->assertTrue($u->canActOnTarget($actions['view'], $s2)); $this->assertTrue($u->canActOnTarget($actions['edit'], $s2)); $this->assertTrue($u->canActOnTarget($actions['create'], $s2)); $this->assertTrue($u->canActOnTarget($actions['delete'], $s2)); $this->assertTrue($u->canActOnTarget($actions['publish'], $s2)); $this->assertTrue($u->canActOnTarget($actions['verify'], $s2)); $this->assertTrue($u->canActOnTarget($actions['view'], $mds)); $this->assertTrue($u->canActOnTarget($actions['edit'], $mds)); $this->assertTrue($u->canActOnTarget($actions['create'], $mds)); $this->assertTrue($u->canActOnTarget($actions['delete'], $mds)); $this->assertTrue($u->canActOnTarget($actions['publish'], $mds)); $this->assertTrue($u->canActOnTarget($actions['verify'], $mds)); $this->assertTrue($u->canActOnTarget($actions['view'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['edit'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['create'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['delete'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['publish'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['verify'], $mdts)); $this->assertTrue($u->canActOnTarget($actions['view'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['edit'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['create'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['delete'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['publish'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['verify'], $mdtv)); $this->assertTrue($u->canActOnTarget($actions['view'], $ap)); $this->assertTrue($u->canActOnTarget($actions['edit'], $ap)); $this->assertTrue($u->canActOnTarget($actions['create'], $ap)); $this->assertTrue($u->canActOnTarget($actions['delete'], $ap)); $this->assertTrue($u->canActOnTarget($actions['publish'], $ap)); $this->assertTrue($u->canActOnTarget($actions['verify'], $ap)); }
public function getNotebookPage() { return Notebook_Page::getOneFromDb(['notebook_page_id' => $this->notebook_page_id], $this->dbConnection); }
function testDeleteNotebookPage() { $np = Notebook_Page::getOneFromDb(['notebook_page_id' => 1101], $this->DB); $this->assertTrue($np->matchesDb); $this->doLoginBasic(); $this->get('http://localhost/digitalfieldnotebooks/app_code/notebook_page.php?action=delete¬ebook_page_id=1101'); $this->checkBasicAsserts(); $np2 = Notebook_Page::getOneFromDb(['notebook_page_id' => 1101], $this->DB); $this->assertFalse($np2->matchesDb); }
# 2. confirm that the user is allowed to take that action $has_permission = $USER->flag_is_system_admin; if (!$has_permission) { $USER->cacheRoleActionTargets(); // first check global notebook perms if (in_array('global_notebook', array_keys($USER->cached_role_action_targets_hash_by_target_type_by_id))) { foreach ($USER->cached_role_action_targets_hash_by_target_type_by_id['global_notebook'] as $glob_rat) { if ($glob_rat->action_id == $ACTIONS['create']->action_id || $glob_rat->action_id == $ACTIONS['edit']->action_id) { $has_permission = true; break; } } } // and if not that, then check specific perms if (!$has_permission) { $notebook_page = Notebook_Page::getOneFromDb(['notebook_page_id' => $notebook_page_id], $DB); if (!$notebook_page->matchesDb) { $results['note'] = util_lang('msg_record_missing') . ' : notebook_page ' . htmlentities($notebook_page_id); echo json_encode($results); exit; } $has_permission = $USER->canActOnTarget($ACTIONS['edit'], $notebook_page); } } if (!$has_permission) { $results['note'] = util_lang('no_permission'); echo json_encode($results); exit; } # 3. branch behavior based on the action # create - return an appropriate form field set
function testDoDelete() { $np = Notebook_Page::getOneFromDb(['notebook_page_id' => 1101], $this->DB); $np->loadSpecimens(); $np->loadPageFields(); $this->assertTrue($np->matchesDb); $this->assertTrue($np->page_fields[0]->matchesDb); $this->assertTrue($np->page_fields[1]->matchesDb); $this->assertTrue($np->page_fields[2]->matchesDb); $this->assertTrue($np->page_fields[3]->matchesDb); $this->assertTrue($np->specimens[0]->matchesDb); $this->assertTrue($np->specimens[1]->matchesDb); //*********** $np->doDelete(); //*********** $np2 = Notebook_Page::createNewNotebookPageForNotebook(1001, $this->DB); $this->assertFalse($np2->matchesDb); $npf = Notebook_Page_Field::getOneFromDb(['notebook_page_field_id' => 1201], $this->DB); $this->assertFalse($npf->matchesDb); $npf = Notebook_Page_Field::getOneFromDb(['notebook_page_field_id' => 1202], $this->DB); $this->assertFalse($npf->matchesDb); $npf = Notebook_Page_Field::getOneFromDb(['notebook_page_field_id' => 1203], $this->DB); $this->assertFalse($npf->matchesDb); $npf = Notebook_Page_Field::getOneFromDb(['notebook_page_field_id' => 1204], $this->DB); $this->assertFalse($npf->matchesDb); $s = Specimen::getOneFromDb(['specimen_id' => 8002], $this->DB); $this->assertFalse($s->matchesDb); $s = Specimen::getOneFromDb(['specimen_id' => 8003], $this->DB); $this->assertFalse($s->matchesDb); $si = Specimen_Image::getOneFromDb(['specimen_image_id' => 8103], $this->DB); $this->assertFalse($si->matchesDb); $si = Specimen_Image::getOneFromDb(['specimen_image_id' => 8104], $this->DB); $this->assertFalse($si->matchesDb); }