/** * inspect update of one record (before update) * * @param Tinebase_Record_Interface $_record the update record * @param Tinebase_Record_Interface $_oldRecord the current persistent record * @return void * @throws Tinebase_Exception_Record_NotAllowed * * @todo if shared -> personal remove all admins except new owner */ protected function _inspectBeforeUpdate($_record, $_oldRecord) { if ($_oldRecord->application_id !== $_record->application_id) { throw new Tinebase_Exception_Record_NotAllowed('It is not allowed to change the application of a container.'); } $_record->account_grants = $this->_convertGrantsToRecordSet($_record->account_grants); Tinebase_Container::getInstance()->checkContainerOwner($_record); $this->_containerController->setGrants($_record, $_record->account_grants, TRUE, FALSE); }
/** * testGetSearchContainerWithoutReadButWithAdminGrant */ public function testGetSearchContainerWithoutReadButWithAdminGrant() { $newGrants = new Tinebase_Record_RecordSet('Tinebase_Model_Grants'); $newGrants->addRecord(new Tinebase_Model_Grants(array('account_id' => Tinebase_Core::getUser()->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_READ => false, Tinebase_Model_Grants::GRANT_ADD => true, Tinebase_Model_Grants::GRANT_EDIT => true, Tinebase_Model_Grants::GRANT_DELETE => true, Tinebase_Model_Grants::GRANT_ADMIN => true))); $grants = $this->_instance->setGrants($this->objects['initialContainer'], $newGrants); $container = $this->_instance->getContainerById($this->objects['initialContainer']); $this->assertTrue(is_object($container)); $containers = $this->_instance->getPersonalContainer(Tinebase_Core::getUser(), 'Addressbook', Tinebase_Core::getUser(), Tinebase_Model_Grants::GRANT_READ); $container = $containers->find('name', $this->objects['initialContainer']->name); $this->assertTrue(is_object($container)); }
/** * cache invalidation needs a second */ public function testSetGrantsCacheInvalidation() { $container = $this->objects['initialContainer']; $sclever = Tinebase_Helper::array_value('sclever', Zend_Registry::get('personas')); $this->assertEquals(FALSE, $this->_instance->hasGrant($sclever->getId(), $container->getId(), Tinebase_Model_Grants::GRANT_READ), 'sclever should _not_ have a read grant'); // have readGrant for sclever $this->_instance->setGrants($container->getId(), new Tinebase_Record_RecordSet('Tinebase_Model_Grants', array(array('account_id' => Tinebase_Core::getUser()->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_ADMIN => true), array('account_id' => $sclever->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_READ => true))), TRUE); sleep(1); $this->assertEquals(TRUE, $this->_instance->hasGrant($sclever->getId(), $container->getId(), Tinebase_Model_Grants::GRANT_READ), 'sclever _should have_ a read grant'); // remove readGrant for sclever again $this->_instance->setGrants($container->getId(), new Tinebase_Record_RecordSet('Tinebase_Model_Grants', array(array('account_id' => Tinebase_Core::getUser()->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_ADMIN => true), array('account_id' => $sclever->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_READ => false))), TRUE); sleep(1); $this->assertEquals(FALSE, $this->_instance->hasGrant($sclever->getId(), $container->getId(), Tinebase_Model_Grants::GRANT_READ), 'sclever should _not_ have a read grant'); }