function test_creategroup()
{
$user = User::create( array( 'username' => 'testcaseuser', 'email' => '*****@*****.**', 'password' => 'test') );
$this->assert_true(
$user instanceof User,
'Could not create test user.'
);
$group = UserGroup::create( array( 'name' => 'new test group' ) );
$this->assert_true(
$group instanceof UserGroup,
'Could not create a new group named "new test group".'
);
ACL::create_token( 'test permission', 'A permission for test cases', 'Administration' );
ACL::create_token( 'test deny permission', 'A permission for test cases', 'Administration' );
$this->assert_true(
ACL::token_exists('test permission'),
'The test permission was not created.'
);
$this->assert_true(
ACL::token_exists(' test PeRmission '),
'Permission names are not normalized.'
);
$group->add( 'testcaseuser' );
$group->grant( 'test permission' );
$group->deny( 'test deny permisSion' );
$group->update();
$newgroup = UserGroup::get( 'new test group' );
$this->assert_true(
in_array( $user->id, $newgroup->members ),
'The created user is not a member of the new group.'
);
$this->assert_true(
in_array( ACL::token_id( 'test permission' ), array_keys( $newgroup->permissions ) ),
'The group does not have the new permission.'
);
$this->assert_true(
ACL::group_can( 'new test group', 'test permission' ),
'The group does not have the new permission.'
);
$this->assert_false(
ACL::group_can( 'new test group', 'test deny permission' ),
'The group has a denied permission.'
);
$this->assert_true(
$user->can( 'test permission' ),
'The user does not have a permission his group has been granted.'
);
}
public function test_group_permissions()
{
ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' );
$this->assert_true(
ACL::token_exists( 'acltest' ),
'Could not create acltest permission.'
);
$this->assert_true(
ACL::token_exists( 'acLtEst ' ),
'Permission names are not normalized.'
);
$token_id = ACL::token_id( 'acltest' );
ACL::grant_group( $this->acl_group->id, $token_id, 'full' );
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
'Could not grant acltest permission to acltest-group.'
);
ACL::revoke_group_token( $this->acl_group->id, $token_id );
$this->assert_false(
ACL::group_can( $this->acl_group->id, $token_id, 'full' ),
'Could not revoke acltest permission from acltest-group.'
);
// check alternate means of granting a permission
$this->acl_group->grant( 'acltest', 'full' );
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
'Could not grant acltest permission to acltest-group through UserGroup call.'
);
// full > read/edit
$this->assert_true(
$this->acl_group->can( 'acltest', 'read' ),
"Group with 'full' acltest permission cannot 'read'."
);
$this->assert_true(
$this->acl_group->can( 'acltest', 'edit' ),
"Group with 'full' acltest permission cannot 'edit'."
);
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
"Group with 'full' acltest permission cannot 'full'."
);
$this->assert_exception( 'InvalidArgumentException', "'write' is an invalid token flag." );
$this->acl_group->can( 'acltest', 'write' );
ACL::destroy_token( 'acltest' );
}
public function test_group_permissions()
{
$this->markTestSkipped('Test does not match class code; needs updating');
ACL::create_permission('acltest', 'A test ACL permission');
$this->assertTrue(ACL::token_exists('acltest'), 'Could not create acltest permission.');
$token_id = ACL::token_id('acltest');
ACL::grant_group($this->acl_group->id, $token_id, 'full');
$this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group.');
ACL::revoke_group_permission($this->acl_group->id, $token_id);
$this->assert_false(ACL::group_can($this->acl_group->id, $token_id, 'full'), 'Could not revoke acltest permission from acltest-group.');
// check alternate means of granting a permission
$this->acl_group->grant('acltest', 'full');
$this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group through UserGroup call.');
// full > read/write
$this->assertTrue($this->acl_group->can('acltest', 'read'), "Group with 'full' acltest permission cannot 'read'.");
$this->assertTrue($this->acl_group->can('acltest', 'write'), "Group with 'full' acltest permission cannot 'write'.");
}
private function upgrade_db_post_4770()
{
// Add CRUD access tokens for other users' unpublished posts
ACL::create_token('post_unpublished', _t("Permissions to other users' unpublished posts"), _t('Content'), true);
// If a group doesn't have super_user permission, deny access to post_unpublished
$groups = UserGroups::get_all();
foreach ($groups as $group) {
if (!ACL::group_can($group->id, 'super_user', 'read')) {
$group->deny('post_unpublished');
}
}
}
