public function testArePermissionsFlushedOnRemovingParentFromChildRole() { Contact::deleteAll(); try { $role = Role::getByName('Parent'); $role->delete(); } catch (NotFoundException $e) { } try { $user = User::getByUsername('jim'); $user->delete(); } catch (NotFoundException $e) { } try { $user = User::getByUsername('jane'); $user->delete(); } catch (NotFoundException $e) { } // we could have used helpers to do a lot of the following stuff (such as creating users, roles, // etc) but we wanted to mimic user's interaction as closely as possible. Hence using walkthroughs // for everything // create Parent and Child Roles, Create Jim to be member of Child role // create parent role $this->resetGetArray(); $this->setPostArray(array('Role' => array('name' => 'Parent'))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/role/create'); $parentRole = Role::getByName('Parent'); $this->assertNotNull($parentRole); $this->assertEquals('Parent', strval($parentRole)); $parentRoleId = $parentRole->id; // create child role $this->resetGetArray(); $this->setPostArray(array('Role' => array('name' => 'Child', 'role' => array('id' => $parentRoleId)))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/role/create'); $childRole = Role::getByName('Child'); $this->assertNotNull($childRole); $this->assertEquals('Child', strval($childRole)); $parentRole->forgetAll(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forgetAll(); $childRole = Role::getById($childRoleId); $this->assertEquals($childRole->id, $parentRole->roles[0]->id); // create jim's user $this->resetGetArray(); $this->setPostArray(array('UserPasswordForm' => array('firstName' => 'Some', 'lastName' => 'Body', 'username' => 'jim', 'newPassword' => 'myPassword123', 'newPassword_repeat' => 'myPassword123', 'officePhone' => '456765421', 'userStatus' => 'Active', 'role' => array('id' => $childRoleId)))); $this->runControllerWithRedirectExceptionAndGetContent('/users/default/create'); $jim = User::getByUsername('jim'); $this->assertNotNull($jim); $childRole->forgetAll(); $childRole = Role::getById($childRoleId); $this->assertEquals($childRole->id, $jim->role->id); // give jim rights to contact's module $jim->setRight('ContactsModule', ContactsModule::getAccessRight()); $jim->setRight('ContactsModule', ContactsModule::getCreateRight()); $this->assertTrue($jim->save()); $jim->forgetAll(); $jim = User::getByUsername('jim'); // create jane's user $this->resetGetArray(); $this->setPostArray(array('UserPasswordForm' => array('firstName' => 'Some', 'lastName' => 'Body', 'username' => 'jane', 'newPassword' => 'myPassword123', 'newPassword_repeat' => 'myPassword123', 'officePhone' => '456765421', 'userStatus' => 'Active', 'role' => array('id' => $parentRoleId)))); $this->runControllerWithRedirectExceptionAndGetContent('/users/default/create'); $jane = User::getByUsername('jane'); $this->assertNotNull($jane); $parentRole->forgetAll(); $parentRole = Role::getById($parentRoleId); $this->assertEquals($parentRole->id, $jane->role->id); // give jane rights to contact's module, we need to do this because once the link between parent and child // role is broken jane won't be able to access the listview of contacts $jane->setRight('ContactsModule', ContactsModule::getAccessRight()); $this->assertTrue($jane->save()); $jane->forgetAll(); $jane = User::getByUsername('jane'); // create a contact from jim's account // create ContactStates ContactsModule::loadStartingData(); // ensure contact states have been created $this->assertEquals(6, count(ContactState::GetAll())); $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim'); // go ahead and create contact with parent role given readwrite. $startingState = ContactsUtil::getStartingState(); $this->resetGetArray(); $this->setPostArray(array('Contact' => array('firstName' => 'Jim', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id)))); $url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create'); $jimDoeContactId = intval(substr($url, strpos($url, 'id=') + 3)); $jimDoeContact = Contact::getById($jimDoeContactId); $this->assertNotNull($jimDoeContact); $this->resetPostArray(); $this->setGetArray(array('id' => $jimDoeContactId)); $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->assertContains('Who can read and write Owner', $content); // create a contact using jane which she would see at all times $this->logoutCurrentUserLoginNewUserAndGetByUsername('jane'); $this->resetGetArray(); $this->setPostArray(array('Contact' => array('firstName' => 'Jane', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id)))); $url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create'); $janeDoeContactId = intval(substr($url, strpos($url, 'id=') + 3)); $janeDoeContact = Contact::getById($jimDoeContactId); $this->assertNotNull($janeDoeContact); $this->resetPostArray(); $this->setGetArray(array('id' => $janeDoeContactId)); $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->assertContains('Who can read and write Owner', $content); // ensure jim can see that contact everywhere // jim should have access to see contact on list view $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim'); $this->resetGetArray(); // get the page, ensure the name of contact does show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertContains('Jim Doe</a></td><td>', $content); $this->assertNotContains('Jane Doe</a></td><td>', $content); // jim should have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jim should have access to jimDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jim should not have access to janeDoeContact's detail view $this->setGetArray(array('id' => $janeDoeContactId)); try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->fail('Accessing details action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // jim should have access to janeDoeContact's edit view try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); $this->fail('Accessing edit action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // ensure jane can see that contact everywhere // jane should have access to see contact on list view $this->logoutCurrentUserLoginNewUserAndGetByUsername('jane'); $this->resetGetArray(); // get the page, ensure the name of contact does show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertContains('Jim Doe</a></td><td>', $content); $this->assertContains('Jane Doe</a></td><td>', $content); // jane should have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jane should have access to jimDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jane should have access to janeDoeContact's detail view $this->setGetArray(array('id' => $janeDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jane should have access to janeDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // unlink Parent role from child $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $this->setGetArray(array('id' => $childRoleId)); $this->setPostArray(array('Role' => array('name' => 'Child', 'role' => array('id' => '')))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/role/edit'); $childRole = Role::getByName('Child'); $this->assertNotNull($childRole); $this->assertEquals('Child', strval($childRole)); $parentRole->forgetAll(); $parentRole = Role::getById($parentRoleId); $this->assertNotNull($parentRole); $this->assertCount(0, $parentRole->roles); // ensure jim can still see that contact everywhere // jim should have access to see contact on list view $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim'); $this->resetGetArray(); // get the page, ensure the name of contact does show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertContains('Jim Doe</a></td><td>', $content); $this->assertNotContains('Jane Doe</a></td><td>', $content); // jim should have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jim should have access to jimDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jim should not have access to janeDoeContact's detail view $this->setGetArray(array('id' => $janeDoeContactId)); try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->fail('Accessing details action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // jim should have access to janeDoeContact's edit view try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); $this->fail('Accessing edit action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // ensure jane can not see that contact anywhere // jane should have access to see contact on list view $this->logoutCurrentUserLoginNewUserAndGetByUsername('jane'); $this->resetGetArray(); // get the page, ensure the name of contact does not show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertNotContains('Jim Doe</a></td><td>', $content); $this->assertContains('Jane Doe</a></td><td>', $content); // jane should have access to janeDoeContact's detail view $this->setGetArray(array('id' => $janeDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jane should have access to janeDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jane should not have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->fail('Accessing details action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // jane should not have access to jimDoeContact's edit view try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); $this->fail('Accessing edit action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } }
public function testRightsPropagationViaRoles() { $parentRole = Role::getByName('Sales Manager'); $childRole = Role::getByName('Sales Person'); $childChildRole = Role::getByName('Junior Sales Person'); $userInParentRole = $parentRole->users[0]; $userInChildRole = $childRole->users[0]; $userInChildChildRole = $childChildRole->users[0]; $this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $this->assertTrue($userInChildRole->save()); $this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $userInParentRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY); $this->assertTrue($userInParentRole->save()); $this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $userInParentRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $this->assertTrue($userInParentRole->save()); $this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY); $this->assertTrue($userInChildRole->save()); $this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $userInParentRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $this->assertTrue($userInParentRole->save()); $this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $userInParentRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $this->assertTrue($userInParentRole->save()); $this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $this->assertTrue($userInChildRole->save()); $this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $userInChildRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $this->assertTrue($userInChildRole->save()); $this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $userInChildChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $this->assertTrue($userInChildChildRole->save()); $this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::ALLOW, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); Right::deleteAll(); //Clear the cache since the method above removeAll calls directly to the database. RightsCache::forgetAll(); $userInParentRoleId = $userInParentRole->id; $userInChildRoleId = $userInChildRole->id; $userInChildChildRoleId = $userInChildChildRole->id; RedBeanModel::forgetAll(); unset($userInParentRole); unset($userInChildRole); unset($userInChildChildRole); $userInParentRole = User::getById($userInParentRoleId); $userInChildRole = User::getById($userInChildRoleId); $userInChildChildRole = User::getById($userInChildChildRoleId); $this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API)); }
public static function createRoles() { foreach (self::$parentToChildRoleNames as $parentRoleName => $childRoleName) { if ($childRoleName !== null) { $childRole = new Role(); $childRole->name = $childRoleName; $childRole->validate(); $saved = $childRole->save(); assert('$saved'); } try { $parentRole = Role::getByName($parentRoleName); } catch (NotFoundException $e) { $parentRole = new Role(); } $parentRole->name = $parentRoleName; if ($childRoleName !== null) { $parentRole->roles->add($childRole); } $saved = $parentRole->save(); assert('$saved'); $parentRole->forget(); if ($childRoleName !== null) { $childRole->forget(); } } foreach (self::$usernamesToUserInfo as $username => $userInfo) { $roleName = $userInfo[2]; if ($roleName !== null) { assert('is_string($roleName)'); $role = Role::getByName($roleName); $user = User::getByUsername($username); $role->users->add($user); $saved = $role->save(); assert('$saved'); $user->forget(); //do this so that if you retrieve the $user, $user->role will be known. } } }
protected function addOrRemoveRoleFromParent($roleName, $parentName = null, $add = true) { if (!isset($parentName)) { $parentName = $roleName . 'Parent'; } $role = Role::getByName($roleName); try { $parentRole = Role::getByName($parentName); } catch (NotFoundException $e) { $parentRole = $this->createRole($parentName); } if ($add) { $parentRole->roles->add($role); } else { if ($parentRole->roles->contains($role)) { $parentRole->roles->remove($role); } else { throw new NotFoundException('Child role not found in parent'); } } $saved = $parentRole->save(); $this->assertTrue($saved); }
public function testUsersAddedToRoleRolesParentAndGrandParent_Slide23() { $u99 = User::getByUsername('u99.'); Yii::app()->user->userModel = $u99; $u1 = User::getByUsername('u1.'); $u2 = User::getByUsername('u2.'); $u3 = User::getByUsername('u3.'); // set role to null $u1->role = null; $this->assertTrue($u1->save()); $u1->forget(); $u2->role = null; $this->assertTrue($u2->save()); $u2->forget(); $u3->role = null; $this->assertTrue($u3->save()); $u3->forget(); // get roles $r1 = Role::getByName('R1.'); $r2 = Role::getByName('R2.'); $r3 = Role::getByName('R3.'); // set roles-parent-grandparent relationship // r2 is parent of r1 $r1->role = $r2; $this->assertTrue($r1->save()); $r1->forget(); // r3 is parent of r2 $r2->role = $r3; $this->assertTrue($r2->save()); $r2->forget(); $r3->forget(); // set user-role mappings $u1 = User::getByUsername('u1.'); $u2 = User::getByUsername('u2.'); $u3 = User::getByUsername('u3.'); $r1 = Role::getByName('R1.'); $r2 = Role::getByName('R2.'); $r3 = Role::getByName('R3.'); $u1->role = $r1; $this->assertTrue($u1->save()); //Called in $u1->afterSave(); //ReadPermissionsOptimizationUtil::userAddedToRole($u1); $u1->forget(); $r1->forget(); $u2->role = $r2; $this->assertTrue($u2->save()); //Called in $u2->afterSave(); //ReadPermissionsOptimizationUtil::userAddedToRole($u2); $u2->forget(); $r2->forget(); $u3->role = $r3; $this->assertTrue($u3->save()); //Called in $u3->afterSave(); //ReadPermissionsOptimizationUtil::userAddedToRole($u3); $u3->forget(); $r3->forget(); /* * Hierarchy: * R3 ---------------------------- U3 * # * # * R2 ---------------------------- U2 * # * # * R1 ---------------------------- U1 */ $u1 = User::getByUsername('u1.'); $u2 = User::getByUsername('u2.'); $u3 = User::getByUsername('u3.'); // create an account using U1 Yii::app()->user->userModel = $u1; $a1 = new Account(); $a1->name = 'A1.'; $this->assertTrue($a1->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a1); // create an account using U2 Yii::app()->user->userModel = $u2; $a2 = new Account(); $a2->name = 'A2.'; $this->assertTrue($a2->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a2); // create an account using U3 Yii::app()->user->userModel = $u3; $a3 = new Account(); $a3->name = 'A3.'; $this->assertTrue($a3->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a3); Yii::app()->user->userModel = $u99; $this->assertEquals(array(array('A1', 'R2', '1'), array('A1', 'R3', '1'), array('A2', 'R3', '1')), self::getAccountMungeRows()); $this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt()); // break the link between R1 and R2 $r1->role = null; $this->assertTrue($r1->save()); // Called in $r1->beforeSave(); //ReadPermissionsSubscriptionUtil::roleParentBeingRemoved(); // A1's munge ids for R2 and R3 will be gone $this->assertEquals(array(array('A2', 'R3', '1')), self::getAccountMungeRows()); $this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt()); // break the link between R2 and R3 $r2->role = null; $this->assertTrue($r2->save()); // Called in $r2->beforeSave(); //ReadPermissionsSubscriptionUtil::roleParentBeingRemoved(); // A2's munge id R3 will be gone $this->assertEmpty(self::getAccountMungeRows()); $this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt()); // doing for the sake for tearDown $r1 = Role::getByName('R1.'); $r2 = Role::getByName('R2.'); $r1->role = $r2; $this->assertTrue($r1->save()); $r2->role = $r3; $this->assertTrue($r2->save()); $u2 = User::getByUsername('u2.'); $u2->role = Role::getByName('R4.'); $this->assertTrue($u2->save()); }
/** * @depends testUserAddedToRoleWhereUserIsMemberOfGroupWithChildrenGroups_Slide19 */ public function testUserAddedToRoleWhereUserIsMemberOfGroupWithChildrenGroups_Slide20() { $u1 = User::getByUsername('u1.'); $u99 = User::getByUsername('u99.'); Yii::app()->user->userModel = $u99; $u1->role = null; $this->assertTrue($u1->save()); $g1 = Group::getByName('G1.'); $g2 = Group::getByName('G2.'); $g3 = Group::getByName('G3.'); $g1->groups->add($g2); $this->assertTrue($g1->save()); $g2->groups->add($g3); $this->assertTrue($g2->save()); $g3->users->add($u1); $this->assertTrue($g3->save()); $u1->forget(); //Forget the user, so the user knows what groups it is part of. $u1 = User::getByUsername('u1.'); $r1 = Role::getByName('R1.'); $r2 = Role::getByName('R2.'); $r3 = Role::getByName('R3.'); $a1 = new Account(); $a1->name = 'A1.'; $a1->addPermissions($g1, Permission::READ); $this->assertTrue($a1->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a1); $a2 = new Account(); $a2->name = 'A2.'; $a2->addPermissions($g2, Permission::READ); $this->assertTrue($a2->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a2); $a3 = new Account(); $a3->name = 'A3.'; $a3->addPermissions($g3, Permission::READ); $this->assertTrue($a3->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a3); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a1, $g1); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a2, $g2); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a3, $g3); $u1->role = $r1; $this->assertTrue($u1->save()); //Called in $u1->afterSave(); //ReadPermissionsOptimizationUtil::userAddedToRole($u1); $r1->forget(); //Forget R1 so when it is utilized below, it will know that u1 is a member. $this->assertEquals(array(array('A1', 'G1', 1), array('A1', 'G2', 1), array('A1', 'G3', 1), array('A1', 'R2', 1), array('A1', 'R3', 1), array('A2', 'G2', 1), array('A2', 'G3', 1), array('A2', 'R2', 1), array('A2', 'R3', 1), array('A3', 'G3', 1), array('A3', 'R2', 1), array('A3', 'R3', 1)), self::getAccountMungeRows()); $this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt()); $u1->forget(); //Forget the user, so the user knows what groups it is part of. $u1 = User::getByUsername('u1.'); $u1->role = null; $this->assertTrue($u1->save()); RedBeanModelsCache::forgetAll(); RedBeansCache::forgetAll(); $this->assertEquals(array(array('A1', 'G1', 1), array('A1', 'G2', 1), array('A1', 'G3', 1), array('A2', 'G2', 1), array('A2', 'G3', 1), array('A3', 'G3', 1)), self::getAccountMungeRows()); $this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt()); $a1->delete(); $a2->delete(); $a3->delete(); $g1->group = null; $this->assertTrue($g1->save()); $g2->group = null; $this->assertTrue($g2->save()); $g3->forget(); $g3 = Group::getByName('G3.'); $g3->group = null; $g3->users->removeAll(); $this->assertTrue($g3->save()); $r1 = Role::getByName('R1.'); $u1->role = $r1; $this->assertTrue($u1->save()); }
public function testPermissionsPropagationViaRolesWhenChildRoleHaveNoUsers() { $childRole = Role::getByName('Sales Person'); foreach ($childRole->users as $user) { $childRole->users->remove($user); $this->assertTrue($childRole->save()); } $parentRole = Role::getByName('Sales Manager'); $childChildRole = Role::getByName('Junior Sales Person'); $userInParentRole = $parentRole->users[0]; $userInChildChildRole = $childChildRole->users[0]; $this->assertEquals(0, count($childRole->users)); Permission::removeAll(); $accounts = Account::getAll(); $account = $accounts[0]; $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($account->owner)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($userInParentRole)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($userInChildChildRole)); $account->addPermissions($userInChildChildRole, Permission::READ); $this->assertTrue($account->save()); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($userInParentRole)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($userInChildChildRole)); }
/** * Test when user change role, from one to another to null * @depends testRoleChangeOrDeleteScenario2 */ public function testRoleChangeOrDeleteScenario4() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $job = new ReadPermissionSubscriptionUpdateForAccountJob(); $jobBasedOnBuildTable = new ReadPermissionSubscriptionUpdateForAccountFromBuildTableJob(); Yii::app()->jobQueue->deleteAll(); $this->deleteAllModelsAndRecordsFromReadPermissionTable('Account'); Yii::app()->jobQueue->deleteAll(); sleep(1); $user1 = self::$johnny; $user2 = self::$billy; $user3 = self::$david; $account = AccountTestHelper::createAccountByNameForOwner('Forth Account For Roles', $user1); Yii::app()->jobQueue->deleteAll(); // Set user role $role1 = Role::getByName('Role1'); $role2 = Role::getByName('Role2'); $role3 = Role::getByName('Role3'); $role4 = Role::getByName('Role4'); // Just to trigger role changes Yii::app()->jobQueue->deleteAll(); $user1->role = null; $this->assertTrue($user1->save()); RedBeanModel::forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($job->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(2, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); $this->assertEquals($user1->id, $rows[1]['userid']); $this->assertEquals($account->id, $rows[1]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']); // Now set $role1 for $user1 Yii::app()->jobQueue->deleteAll(); $user1->role = $role1; $this->assertTrue($user1->save()); RedBeanModel::forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($job->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(3, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); $this->assertEquals($user1->id, $rows[1]['userid']); $this->assertEquals($account->id, $rows[1]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']); $this->assertEquals($user2->id, $rows[2]['userid']); $this->assertEquals($account->id, $rows[2]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[2]['subscriptiontype']); // Now set $role4 for $user1 Yii::app()->jobQueue->deleteAll(); $user1->role = $role4; $this->assertTrue($user1->save()); RedBeanModel::forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($job->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(4, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); $this->assertEquals($user1->id, $rows[1]['userid']); $this->assertEquals($account->id, $rows[1]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']); $this->assertEquals($user2->id, $rows[2]['userid']); $this->assertEquals($account->id, $rows[2]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows[2]['subscriptiontype']); $this->assertEquals($user3->id, $rows[3]['userid']); $this->assertEquals($account->id, $rows[3]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[3]['subscriptiontype']); // Now set $role1 for $user1 Yii::app()->jobQueue->deleteAll(); $user1->role = null; $this->assertTrue($user1->save()); RedBeanModel::forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($job->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(4, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); $this->assertEquals($user1->id, $rows[1]['userid']); $this->assertEquals($account->id, $rows[1]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']); $this->assertEquals($user2->id, $rows[2]['userid']); $this->assertEquals($account->id, $rows[2]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows[2]['subscriptiontype']); $this->assertEquals($user3->id, $rows[3]['userid']); $this->assertEquals($account->id, $rows[3]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows[3]['subscriptiontype']); }