public static function setUpBeforeClass() { parent::setUpBeforeClass(); SecurityTestHelper::createSuperAdmin(); $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; Currency::makeBaseCurrency(); //Create a account for testing. $account = AccountTestHelper::createAccountByNameForOwner('superAccount', $super); //Create a opportunity for testing. OpportunityTestHelper::createOpportunityWithAccountByNameForOwner('superOpp', $super, $account); //Create a two contacts for testing. ContactTestHelper::createContactWithAccountByNameForOwner('superContact1', $super, $account); ContactTestHelper::createContactWithAccountByNameForOwner('superContact2', $super, $account); //Create a note for testing. NoteTestHelper::createNoteWithOwnerAndRelatedAccount('superNote', $super, $account); }
public function testGetCountByModelClassName() { $super = User::getByUsername('super'); $user = UserTestHelper::createBasicUserWithEmailAddress('newUser'); Yii::app()->user->userModel = $super; $this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL)); $this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER)); $this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $super->id)); $this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $user->id)); NoteTestHelper::createNoteByNameForOwner('test1', $super); $this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL)); $this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER)); $this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $super->id)); $this->assertEquals(0, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $user->id)); NoteTestHelper::createNoteByNameForOwner('test1', $user); $this->assertEquals(2, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL)); $this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER)); $this->assertEquals(1, LatestActivitiesUtil::getCountByModelClassName('Note', array(), $user->id)); }
public function testRenderSummaryContentWithNote() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $billy = User::getByUsername('billy'); $account = AccountTestHelper::createAccountByNameForOwner('noteAccount', $super); $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('aMeeting', $super, $account); $content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL, 'HomeModule'); $content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER, 'HomeModule'); $content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL, 'UserModule'); $content = ActivitiesUtil::renderSummaryContent($note, 'someUrl', LatestActivitiesConfigurationForm::OWNED_BY_FILTER_USER, 'UserModule'); }
public function testAddingNoteAndDeletingNoteAndThenTheSocialItemsAreRemoved() { $super = User::getByUsername('super'); $this->assertEquals(0, SocialItem::getCount()); $accounts = Account::getByName('anAccount'); $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('aNote', $super, $accounts[0]); $socialItem = new SocialItem(); $socialItem->description = 'My test description'; $socialItem->note = $note; $saved = $socialItem->save(); $this->assertTrue($saved); $socialItemId = $socialItem->id; $noteId = $note->id; $note->forget(); $this->assertEquals(1, SocialItem::getCount()); $note = Note::getById($noteId); $deleted = $note->delete(); $this->assertTrue($deleted); $this->assertEquals(0, SocialItem::getCount()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create superAccount owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super); //Test nobody, access to edit and details of superAccount should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $superAccount->addPermissions($nobody, Permission::READ); $this->assertTrue($superAccount->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create note for an superAccount using the super user $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount); //Test nobody, access to edit and details of notes should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give nobody access to details view only Yii::app()->user->userModel = $super; $note->addPermissions($nobody, Permission::READ); $this->assertTrue($note->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($note, $nobody); //Now access to notes view by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Now access to notes edit and delete by Nobody should fail $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give nobody access to both details and edit view Yii::app()->user->userModel = $super; $note->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($note, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody); //Now access to notes view and edit by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Now access to notes delete by Nobody should fail $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //revoke the permission from the nobody user to access the note Yii::app()->user->userModel = $super; $note->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($note, $nobody); //Now nobodys, access to edit, details and delete of notes should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give nobody access to details, edit and delete view Yii::app()->user->userModel = $super; $note->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($note->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody); //Now nobodys, access to delete of notes should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $note->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create account owned by super $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $account2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($account2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a note owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $note2 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForRole', $super, $account2); //Test userInChildRole, access to notes details, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentRole, access to notes details, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give userInChildRole access to READ permision for notes Yii::app()->user->userModel = $super; $note2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($note2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($note2, $userInChildRole); //Test userInChildRole, access to notes details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Test userInChildRole, access to notes edit and delete should fail. $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentRole, access to notes details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Test userInParentRole, access to notes edit and delete should fail. $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give userInChildRole access to read and write for the notes Yii::app()->user->userModel = $super; $note2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($note2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note2, $userInChildRole); //Test userInChildRole, access to notes edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Test userInChildRole, access to notes delete should fail. $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentRole, access to notes edit should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Test userInParentRole, access to notes delete should fail. $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //revoke userInChildRole access to read and write notes Yii::app()->user->userModel = $super; $note2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($note2, $userInChildRole); //Test userInChildRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $note2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give userInChildRole access to read, write and delete for the notes Yii::app()->user->userModel = $super; $note2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE); $this->assertTrue($note2->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note2, $userInChildRole); //Test userInParentRole, access to delete should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $note2->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS); $this->assertTrue($userInChildGroup->save()); //create account owned by super $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super); //Test userInParentGroup, access to details should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $account3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($account3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a note owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $note3 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForGroup', $super, $account3); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_ACCESS_NOTES); $userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_CREATE_NOTES); $userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_DELETE_NOTES); $this->assertTrue($userInChildGroup->save()); //Test userInParentGroup, access to notes details, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInChildGroup, access to notes details, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $note3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($note3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($note3, $parentGroup); //Test userInParentGroup, access to notes details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Test userInParentGroup, access to notes edit and delete should fail. $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInChildGroup, access to notes details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerWithNoExceptionsAndGetContent('notes/default/details'); //Test userInChildGroup, access to notes edit and delete should fail. $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $note3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($note3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($note3, $parentGroup); //Test userInParentGroup, access to edit notes should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Test userInParentGroup, access to notes delete should fail. $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInChildGroup, access to edit notes should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $note3->id)); $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit'); //Test userInChildGroup, access to notes delete should fail. $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //revoke parentGroup access to notes read and write Yii::app()->user->userModel = $super; $note3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($note3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($note3, $parentGroup); //Test userInChildGroup, access to notes detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //Test userInParentGroup, access to notes detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details'); $this->setGetArray(array('id' => $note3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit'); $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete'); //give parentGroup access to read, write and delete Yii::app()->user->userModel = $super; $note3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE); $this->assertTrue($note3->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($note3, $parentGroup); //Test userInChildGroup, access to notes delete should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $note3->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
protected function addNote() { $this->checkActivityItemRelationCount('Note', 'First Note', 0); NoteTestHelper::createNoteWithOwnerAndRelatedAccount('First Note', Yii::app()->user->userModel, $this->selectedModels[1]); }
/** * @depends testApiServerUrl */ public function testEditNoteWIthIncorrectDataType() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $authenticationData = $this->login(); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $note = NoteTestHelper::createNoteByNameForOwner('Newest Note', $super); // Provide data with wrong type. $data['occurredOnDateTime'] = "A"; $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/create/', 'POST', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals(2, count($response['errors'])); $id = $note->id; $data = array(); $data['occurredOnDateTime'] = "A"; $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/update/' . $id, 'PUT', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals(1, count($response['errors'])); }
/** * @depends testCreateAndGetNoteById */ public function testRemoveActivityItemFromActivity() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $firstNote = NoteTestHelper::createNoteByNameForOwner('Note with relations', $super); $secondNote = NoteTestHelper::createNoteByNameForOwner('Second note with relations', $super); $thirdContact = ContactTestHelper::createContactByNameForOwner('Third', $super); $firstContact = ContactTestHelper::createContactByNameForOwner('First', $super); $secondContact = ContactTestHelper::createContactByNameForOwner('Second', $super); $firstNote->activityItems->add($firstContact); $firstNote->activityItems->add($secondContact); $firstNote->save(); $this->assertEquals(2, count($firstNote->activityItems)); $this->assertEquals($firstContact->id, $firstNote->activityItems[0]->id); $this->assertEquals($secondContact->id, $firstNote->activityItems[1]->id); $noteId = $firstNote->id; $firstNote->forget(); $firstNote = Note::getById($noteId); $this->assertEquals(2, count($firstNote->activityItems)); $this->assertEquals($firstContact->getClassId('Item'), $firstNote->activityItems[0]->id); $this->assertEquals($secondContact->getClassId('Item'), $firstNote->activityItems[1]->id); $firstNote->activityItems->remove($firstContact); $firstNote->save(); $this->assertEquals(1, count($firstNote->activityItems)); $this->assertEquals($secondContact->getClassId('Item'), $firstNote->activityItems[0]->id); $firstNote->forget(); $firstNote = Note::getById($noteId); $this->assertEquals(1, count($firstNote->activityItems)); $this->assertEquals($secondContact->getClassId('Item'), $firstNote->activityItems[0]->id); }