public function testSaveAndLoadGroup() { $u = array(); for ($i = 0; $i < 5; $i++) { $user = new User(); $user->setScenario('createUser'); $user->username = "******"; $user->title->value = 'Mr.'; $user->firstName = "Uuuuuu{$i}"; $user->lastName = "Uuuuuu{$i}son"; $user->setPassword("uuuuu{$i}"); $this->assertTrue($user->save()); $u[] = $user; } $a = new Group(); $a->name = 'AAA'; $this->assertTrue($a->save()); $this->assertEquals(0, $a->users->count()); $this->assertEquals(0, $a->groups->count()); $b = new Group(); $b->name = 'BBB'; $this->assertTrue($b->save()); $this->assertEquals(0, $b->users->count()); $this->assertEquals(0, $b->groups->count()); $a->users->add($u[0]); $a->groups->add($b); $this->assertTrue($a->save()); $this->assertEquals(1, $a->users->count()); $b->forget(); unset($b); $a->forget(); unset($a); }
public function testPasswordExpiresPolicyRules() { $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME); $everyoneGroup->save(); $user = UserTestHelper::createBasicUser('Bobby'); $id = $user->id; unset($user); $user = User::getById($id); $adapter = new UserGroupMembershipToViewAdapter($user); $viewData = $adapter->getViewData(); $compareData = array($everyoneGroup->id => array('displayName' => 'Everyone', 'canRemoveFrom' => false)); $this->assertEquals($compareData, $viewData); $a = new Group(); $a->name = 'AAA'; $this->assertTrue($a->save()); $a->users->add($user); $this->assertTrue($a->save()); $user->forget(); $groupId = $a->id; $a->forget(); unset($a); $user = User::getById($id); $adapter = new UserGroupMembershipToViewAdapter($user); $viewData = $adapter->getViewData(); $compareData = array($everyoneGroup->id => array('displayName' => 'Everyone', 'canRemoveFrom' => false), $groupId => array('displayName' => 'AAA', 'canRemoveFrom' => true)); $this->assertEquals($compareData, $viewData); $user->forget(); unset($user); }
public function testStrongerIntegerNotSavingAsInteger() { SecurityTestHelper::createSuperAdmin(); Yii::app()->user->userModel = User::getByUsername('super'); $user = UserTestHelper::createBasicUser('arrry'); $userId = $user->id; $user2 = UserTestHelper::createBasicUser('brrry'); $user2Id = $user2->id; $a = new Group(); $a->name = 'RRRRRA'; $this->assertTrue($a->save()); $a->users->add($user); $a->users->add($user2); $a->save(); $user->forget(); $user2->forget(); $a->forget(); unset($a); unset($user); unset($user2); $a = Group::getByName('RRRRRA'); $data = PoliciesUtil::getAllModulePoliciesDataByPermitable($a); $policiesForm = PoliciesFormUtil::makeFormFromPoliciesData($data); $fakePost = array('UsersModule__POLICY_ENFORCE_STRONG_PASSWORDS' => '', 'UsersModule__POLICY_MINIMUM_PASSWORD_LENGTH__helper' => '1', 'UsersModule__POLICY_MINIMUM_PASSWORD_LENGTH' => '5', 'UsersModule__POLICY_MINIMUM_USERNAME_LENGTH__helper' => '1', 'UsersModule__POLICY_MINIMUM_USERNAME_LENGTH' => '5', 'UsersModule__POLICY_PASSWORD_EXPIRES' => ''); $validatedAndCastedPostData = PoliciesFormUtil::typeCastPostData($fakePost); $policiesForm = PoliciesFormUtil::loadFormFromCastedPost($policiesForm, $validatedAndCastedPostData); $this->assertTrue($policiesForm->validate()); $saved = PoliciesFormUtil::setPoliciesFromCastedPost($validatedAndCastedPostData, $a); $this->assertTrue($saved); $a->forget(); $user = User::getById($userId); $user2 = User::getById($user2Id); $data = PoliciesUtil::getAllModulePoliciesDataByPermitable($user); $data = PoliciesUtil::getAllModulePoliciesDataByPermitable($user2); $user->forget(); $user2->forget(); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create superAccount owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super); //Test nobody, access to details of superAccount should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $superAccount->addPermissions($nobody, Permission::READ); $this->assertTrue($superAccount->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create meeting for an superAccount using the super user $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount); //Test nobody, access to edit, details and delete of meeting should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give nobody access to details view only Yii::app()->user->userModel = $super; $meeting->addPermissions($nobody, Permission::READ); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody); //Now access to meetings view by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Now access to meetings edit and delete by Nobody should fail $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give nobody access to both details and edit view Yii::app()->user->userModel = $super; $meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody); //Now access to meetings view and edit by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Now access to meetings delete by Nobody should fail $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //revoke the permission from the nobody user to access the meeting Yii::app()->user->userModel = $super; $meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody); //Now nobodys, access to edit, details and delete of meetings should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give nobody access to both details and edit view Yii::app()->user->userModel = $super; $meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody); //Now nobodys, access to delete of meetings should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create account owned by super $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $account2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($account2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a meeting owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $meeting2 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedBySuperForRole', $super, $account2); //Test userInChildRole, access to meetings details, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to meetings details, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give userInChildRole access to READ permision for meetings Yii::app()->user->userModel = $super; $meeting2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting2, $userInChildRole); //Test userInChildRole, access to meetings details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInChildRole, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to meetings details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInParentRole, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give userInChildRole access to read and write for the meetings Yii::app()->user->userModel = $super; $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole); //Test userInChildRole, access to meetings edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInChildRole, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to meetings edit should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInParentRole, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //revoke userInChildRole access to read and write meetings Yii::app()->user->userModel = $super; $meeting2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting2, $userInChildRole); //Test userInChildRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give userInChildRole access to read and write for the meetings Yii::app()->user->userModel = $super; $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole); //Test userInParentRole, access to delete should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS); $this->assertTrue($userInChildGroup->save()); //create account owned by super $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super); //Test userInParentGroup, access to details should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $account3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($account3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a meeting owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $meeting3 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('mettingCreatedBySuperForGroup', $super, $account3); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_ACCESS_MEETINGS); $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_CREATE_MEETINGS); $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_DELETE_MEETINGS); $this->assertTrue($userInChildGroup->save()); //Test userInParentGroup, access to meetings details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInChildGroup, access to meetings details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $meeting3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($meeting3, $parentGroup); //Test userInParentGroup, access to meetings details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInParentGroup, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInChildGroup, access to meetings details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInChildGroup, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($meeting3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup); //Test userInParentGroup, access to edit meetings should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInParentGroup, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInChildGroup, access to edit meetings should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInChildGroup, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //revoke parentGroup access to meetings read and write Yii::app()->user->userModel = $super; $meeting3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($meeting3, $parentGroup); //Test userInChildGroup, access to meetings detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentGroup, access to meetings detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup); //Test userInChildGroup, access to meetings delete should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create project owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super); //Test nobody, access to edit and details should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete'); //give nobody access to read Yii::app()->user->userModel = $super; $project->addPermissions($nobody, Permission::READ); $this->assertTrue($project->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $project->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); //Test nobody, access to edit should fail. $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete'); $projectId = $project->id; $project->forget(); $project = Project::getById($projectId); //give nobody access to read and write Yii::app()->user->userModel = $super; $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); //TODO :Its wierd that giving opportunity errors $this->assertTrue($project->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody); //Now the nobody user should be able to access the edit view and still the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $project->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); $projectId = $project->id; $project->forget(); $project = Project::getById($projectId); //revoke nobody access to read Yii::app()->user->userModel = $super; $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($project->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody); //Test nobody, access to detail should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create project owned by super $project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $project2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($project2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); $projectId = $project2->id; $project2->forget(); $project2 = Project::getById($projectId); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($project2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project2, $userInChildRole); //Test userInChildRole, access to edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); $projectId = $project2->id; $project2->forget(); $project2 = Project::getById($projectId); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($project2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project2, $userInChildRole); //Test userInChildRole, access to detail should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //Test userInParentRole, access to detail should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to Products and creation of Products. $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_ACCESS_PROJECTS); $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_CREATE_PROJECTS); $this->assertTrue($userInChildGroup->save()); //create project owned by super $project3 = ProjectTestHelper::createProjectByNameForOwner('testingParentGroupPermission', $super); //Test userInParentGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //Test userInChildGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $project3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($project3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($project3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); $projectId = $project3->id; $project3->forget(); $project3 = Project::getById($projectId); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($project3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($project3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($project3, $parentGroup); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); $projectId = $project3->id; $project3->forget(); $project3 = Project::getById($projectId); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($project3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($project3, $parentGroup); //Test userInChildGroup, access to detail should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //Test userInParentGroup, access to detail should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); //clear up the role relationships between users so not to effect next assertions $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create contact web form owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super); //Test nobody, access to edit and details should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $contactWebForm->addPermissions($nobody, Permission::READ); $this->assertTrue($contactWebForm->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); //Test nobody, access to edit should fail. $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm->id; $contactWebForm->forget(); $contactWebForm = ContactWebForm::getById($contactWebFormId); //give nobody access to read and write Yii::app()->user->userModel = $super; $contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody); //Now the nobody user should be able to access the edit view and still the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm->id; $contactWebForm->forget(); $contactWebForm = ContactWebForm::getById($contactWebFormId); //revoke nobody access to read Yii::app()->user->userModel = $super; $contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody); //Test nobody, access to detail should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create web form owned by super $contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $contactWebForm2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($contactWebForm2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); $contactWebFormId = $contactWebForm2->id; $contactWebForm2->forget(); $contactWebForm2 = ContactWebForm::getById($contactWebFormId); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $contactWebForm2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm2, $userInChildRole); //Test userInChildRole, access to edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm2->id; $contactWebForm2->forget(); $contactWebForm2 = ContactWebForm::getById($contactWebFormId); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $contactWebForm2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($contactWebForm2, $userInChildRole); //Test userInChildRole, access to detail should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //Test userInParentRole, access to detail should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to ContactWebForms and creation of ContactWebForms. $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS); $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS); $this->assertTrue($userInChildGroup->save()); //create web form owned by super $contactWebForm3 = ContactWebFormTestHelper::createContactWebFormByName('testingParentGroupPermission', $super); //Test userInParentGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //Test userInChildGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $contactWebForm3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($contactWebForm3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($contactWebForm3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); $contactWebFormId = $contactWebForm3->id; $contactWebForm3->forget(); $contactWebForm3 = ContactWebForm::getById($contactWebFormId); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $contactWebForm3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($contactWebForm3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm3, $parentGroup); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm3->id; $contactWebForm3->forget(); $contactWebForm3 = ContactWebForm::getById($contactWebFormId); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $contactWebForm3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($contactWebForm3, $parentGroup); //Test userInChildGroup, access to detail should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //Test userInParentGroup, access to detail should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); //clear up the role relationships between users so not to effect next assertions $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create lead owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super); //Test nobody, access to edit, details and delete should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give nobody access to read Yii::app()->user->userModel = $super; $lead->addPermissions($nobody, Permission::READ); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test nobody, access to edit and delete should fail. $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give nobody access to read and write Yii::app()->user->userModel = $super; $lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody); //Now the nobody user should be able to access the edit view and still the details view Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test nobody, access to delete should fail. $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //revoke nobody access to read Yii::app()->user->userModel = $super; $lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody); //Test nobody, access to detail, edit and delete should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give nobody access to read, write and delete Yii::app()->user->userModel = $super; $lead->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody); //now nobody should be able to delete a lead Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index')); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create lead owned by super $lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super); //Test userInChildRole, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $lead2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInChildRole, access to edit and delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInParentRole, access to edit and delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole); //Test userInChildRole, access to edit and delete should not fail and also detaisl view must be accessible. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInChildRole, access to delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInParentRole, access to delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $lead2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead2, $userInChildRole); //Test userInChildRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give userInChildRole access to read, write and delete Yii::app()->user->userModel = $super; $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole); //Test userInParentRole, access to delete should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index')); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to leads and creation of leads. $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS); $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS); $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS); $this->assertTrue($userInChildGroup->save()); //create lead owned by super $lead3 = LeadTestHelper::createLeadByNameForOwner('leadsParentGroupPermission', $super); //Test userInParentGroup, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInChildGroup, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $lead3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($lead3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInParentGroup, access to delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInChildGroup, access to edit and details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInChildGroup, access to edit and delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $lead3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($lead3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInParentGroup, access to delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInChildGroup, access to delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $lead3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($lead3, $parentGroup); //Test userInChildGroup, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentGroup, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give parentGroup access to read, write and delete Yii::app()->user->userModel = $super; $lead3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup); //Test userInChildGroup, access to delete should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index')); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * Should not throw an exception AccessDeniedSecurityException */ public function testARegularUserWhoCanAccessGroupsCanProperlyModifyModulePermission() { $nobody = UserTestHelper::createBasicUser('nobody'); $nobody->setRight('GroupsModule', GroupsModule::RIGHT_ACCESS_GROUPS); $nobody->setRight('GroupsModule', GroupsModule::RIGHT_CREATE_GROUPS); $nobody->setRight('GroupsModule', GroupsModule::RIGHT_DELETE_GROUPS); $this->assertTrue($nobody->save()); Yii::app()->user->userModel = $nobody; $group = new Group(); $group->name = 'newGroup2'; $saved = $group->save(); $this->assertTrue($saved); $group->forget(); $newItem = NamedSecurableItem::getByName('SomeModule'); $this->assertEquals(array(Permission::NONE, Permission::NONE), $newItem->getExplicitActualPermissions($group)); $newItem->forget(); $fakePost = array('SomeModule__' . Permission::CHANGE_PERMISSIONS => strval(Permission::ALLOW), 'SomeModule__' . Permission::CHANGE_OWNER => strval(Permission::ALLOW)); $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost); $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group); $this->assertTrue($saved); //Success, an exception was not thrown. AccessDeniedSecurityException }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create account owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $account = AccountTestHelper::createAccountByNameForOwner('testingAccountsForElevationToModelTest', $super); //Test nobody, access to edit, details and delete should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $account->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //give nobody access to read Yii::app()->user->userModel = $super; $account->addPermissions($nobody, Permission::READ); $this->assertTrue($account->save()); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $account->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test nobody, access to edit and delete should fail. $this->setGetArray(array('id' => $account->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //give nobody access to read and write Yii::app()->user->userModel = $super; $account->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($account->save()); //Now the nobody user should be able to access the edit view and still the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $account->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit'); //Test nobody, access to delete should fail. $this->setGetArray(array('id' => $account->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //revoke nobody access to read Yii::app()->user->userModel = $super; $account->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($account->save()); //Test nobody, access to detail, edit and delete should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $account->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //give nobody access to read, write and delete Yii::app()->user->userModel = $super; $account->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($account->save()); //Test nobody, access to delete should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $account->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('accounts/default/delete', Yii::app()->createUrl('accounts/default/index')); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); //create account owned by super $account2 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentRolePermission', $super); //Test userInChildRole, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //Test userInParentRole, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $account2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($account2->save()); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInChildRole, access to edit and delete should fail. $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInParentRole, access to edit and delete should fail. $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $account2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($account2->save()); //Test userInChildRole, access to edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit'); //Test userInChildRole, access to delete should fail. $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit'); //Test userInParentRole, access to delete should fail. $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $account2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($account2->save()); //Test userInChildRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //Test userInParentRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //give userInChildRole access to read, write and delete Yii::app()->user->userModel = $super; $account2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE); $this->assertTrue($account2->save()); //Test userInParentRole, access to delete should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('accounts/default/delete', Yii::app()->createUrl('accounts/default/index')); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS); $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_CREATE_ACCOUNTS); $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_DELETE_ACCOUNTS); $this->assertTrue($userInChildGroup->save()); //create account owned by super $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super); //Test userInParentGroup, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //Test userInChildGroup, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $account3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($account3->save()); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInParentGroup, access to edit and delete should fail. $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInChildGroup, access to edit and delete should fail. $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $account3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($account3->save()); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit'); //Test userInParentGroup, access to delete should fail. $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit'); //Test userInChildGroup, access to delete should fail. $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $account3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($account3->save()); //Test userInChildGroup, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //Test userInParentGroup, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit'); $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete'); //give parentGroup access to read, write and delete Yii::app()->user->userModel = $super; $account3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE); $this->assertTrue($account3->save()); //Test userInChildGroup, access to delete should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('accounts/default/delete', Yii::app()->createUrl('accounts/default/index')); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testSaveAndLoadGroup */ public function testGroupsWithParentGroup() { $a = Group::getByName('AAA'); $aId = $a->id; $group = new Group(); $group->name = 'Child'; $group->group = $a; $saved = $group->save(); $this->assertTrue($saved); $group->forget(); unset($group); $group = Group::getByName('Child'); $this->assertEquals('Child', $group->name); $this->assertEquals($aId, $group->group->id); unset($group); unset($a); RedBeanModel::forgetAll(); $a = Group::getByName('AAA'); $group = Group::getByName('Child'); $a->groups->remove($group); $this->assertTrue($a->save()); }
/** * Test nested groups */ public function testGroupChangeOrDeleteScenario4() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $job = new ReadPermissionSubscriptionUpdateForAccountJob(); $jobBasedOnBuildTable = new ReadPermissionSubscriptionUpdateForAccountFromBuildTableJob(); $johnny = self::$johnny; $this->deleteAllModelsAndRecordsFromReadPermissionTable('Account'); $account = AccountTestHelper::createAccountByNameForOwner('Third Account', $super); Yii::app()->jobQueue->deleteAll(); sleep(1); $parentGroup = new Group(); $parentGroup->name = 'Parent'; $this->assertTrue($parentGroup->save()); $group = new Group(); $group->name = 'Child'; $group->group = $parentGroup; $saved = $group->save(); $this->assertTrue($saved); $group->users->add($johnny); $this->assertTrue($group->save()); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($job->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(1, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); // Add permissions for parentGroup to READ account $account->addPermissions($parentGroup, Permission::READ); $this->assertTrue($account->save()); RedBeanModel::forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($jobBasedOnBuildTable->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(2, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); $this->assertEquals($johnny->id, $rows[1]['userid']); $this->assertEquals($account->id, $rows[1]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']); // Remove permissions from parentGroup to READ account $account->removePermissions($parentGroup, Permission::READ); $this->assertTrue($account->save()); RedBeanModel::forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($jobBasedOnBuildTable->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(2, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); $this->assertEquals($johnny->id, $rows[1]['userid']); $this->assertEquals($account->id, $rows[1]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows[1]['subscriptiontype']); // Test parent group adding/removing $account->addPermissions($parentGroup, Permission::READ); $this->assertTrue($account->save()); RedBeanModel::forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($jobBasedOnBuildTable->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(2, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); $this->assertEquals($johnny->id, $rows[1]['userid']); $this->assertEquals($account->id, $rows[1]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']); // Delete parent group $parentGroup->delete(); RedBeanModel::forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($job->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(2, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); $this->assertEquals($johnny->id, $rows[1]['userid']); $this->assertEquals($account->id, $rows[1]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows[1]['subscriptiontype']); // Now test adding parent group $group->forget(); $group = Group::getByName('Child'); $accountId = $account->id; $account->forget(); $account = Account::getById($accountId); $parentGroup2 = new Group(); $parentGroup2->name = 'Parent'; $this->assertTrue($parentGroup2->save()); $group->group = $parentGroup2; $saved = $group->save(); $this->assertTrue($saved); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($job->run()); $account->addPermissions($parentGroup2, Permission::READ); $this->assertTrue($account->save()); RedBeanModel::forgetAll(); ReadPermissionsOptimizationUtil::rebuild(); $queuedJobs = Yii::app()->jobQueue->getAll(); $this->assertEquals(1, count($queuedJobs[5])); $this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']); Yii::app()->jobQueue->deleteAll(); $this->assertTrue($jobBasedOnBuildTable->run()); $sql = "SELECT * FROM account_read_subscription order by userid"; $rows = ZurmoRedBean::getAll($sql); $this->assertEquals(2, count($rows)); $this->assertEquals($super->id, $rows[0]['userid']); $this->assertEquals($account->id, $rows[0]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']); $this->assertEquals($johnny->id, $rows[1]['userid']); $this->assertEquals($account->id, $rows[1]['modelid']); $this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create superAccount owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super); //Test nobody, access to edit and details of superAccount should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $superAccount->addPermissions($nobody, Permission::READ); $this->assertTrue($superAccount->save()); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create task for an superAccount using the super user $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $task = TaskTestHelper::createTaskWithOwnerAndRelatedAccount('taskCreatedByNobody', $super, $superAccount); //Test nobody, access to edit and details of task should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $task->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); $this->setGetArray(array('id' => $task->id)); $this->resetPostArray(); //give nobody access to details view only Yii::app()->user->userModel = $super; $task->addPermissions($nobody, Permission::READ); $this->assertTrue($task->save()); //Now access to tasks view by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $task->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/details'); //Now access to tasks edit by Nobody should fail $this->setGetArray(array('id' => $task->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); //give nobody access to both details and edit view Yii::app()->user->userModel = $super; $task->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($task->save()); //Now access to tasks view and edit by Nobody should not fail. $this->setGetArray(array('id' => $task->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/details'); $this->setGetArray(array('id' => $task->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit'); //revoke the permission from the nobody user to access the task Yii::app()->user->userModel = $super; $task->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($task->save()); //Now nobodys, access to edit and details of tasks should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $task->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); $this->setGetArray(array('id' => $task->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); //create account owned by super $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $account2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($account2->save()); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a task owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $task2 = TaskTestHelper::createTaskWithOwnerAndRelatedAccount('taskCreatedBySuperForRole', $super, $account2); //Test userInParentRole, access to tasks details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $task2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); $this->setGetArray(array('id' => $task2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details'); //give userInChildRole access to READ permision for tasks Yii::app()->user->userModel = $super; $task2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($task2->save()); //Test userInChildRole, access to tasks details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $task2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/details'); //Test userInParentRole, access to tasks details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $task2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/details'); //give userInChildRole access to read and write for the tasks Yii::app()->user->userModel = $super; $task2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($task2->save()); //Test userInChildRole, access to tasks edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $task2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit'); //Test userInParentRole, access to tasks edit should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $task2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit'); //revoke userInChildRole access to read and write tasks Yii::app()->user->userModel = $super; $task2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($task2->save()); //Test userInChildRole, access to detail and edit should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $task2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details'); $this->setGetArray(array('id' => $task2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); //Test userInParentRole, access to detail and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $task2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details'); $this->setGetArray(array('id' => $task2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS); $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_CREATE_ACCOUNTS); $this->assertTrue($userInChildGroup->save()); //create account owned by super $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super); //Test userInParentGroup, access to details should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $account3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($account3->save()); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a task owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $task3 = TaskTestHelper::createTaskWithOwnerAndRelatedAccount('taskCreatedBySuperForGroup', $super, $account3); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('TasksModule', TasksModule::RIGHT_ACCESS_TASKS); $userInChildGroup->setRight('TasksModule', TasksModule::RIGHT_CREATE_TASKS); $this->assertTrue($userInChildGroup->save()); //Test userInParentGroup, access to tasks details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $task3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); $this->setGetArray(array('id' => $task3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details'); //Test userInChildGroup, access to tasks details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $task3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details'); $this->setGetArray(array('id' => $task3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $task3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($task3->save()); //Test userInParentGroup, access to tasks details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $task3->id)); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/details'); //Test userInChildGroup, access to tasks details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $task3->id)); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/details'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $task3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($task3->save()); //Test userInParentGroup, access to edit tasks should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $task3->id)); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit'); //Test userInChildGroup, access to edit tasks should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $task3->id)); $this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit'); //revoke parentGroup access to tasks read and write Yii::app()->user->userModel = $super; $task3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($task3->save()); //Test userInChildGroup, access to tasks detail should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $task3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details'); $this->setGetArray(array('id' => $task3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); //Test userInParentGroup, access to tasks detail should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $task3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details'); $this->setGetArray(array('id' => $task3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create opportunity owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $opportunity = OpportunityTestHelper::createOpportunityByNameForOwner('opportunityForElevationToModelTest', $super); //Test nobody, access to edit and details should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $opportunity->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); $this->setGetArray(array('id' => $opportunity->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $opportunity->addPermissions($nobody, Permission::READ); $this->assertTrue($opportunity->save()); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $opportunity->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details'); //Test nobody, access to edit should fail. $this->setGetArray(array('id' => $opportunity->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); //give nobody access to read and write Yii::app()->user->userModel = $super; $opportunity->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($opportunity->save()); //Now the nobody user should be able to access the edit view and still the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $opportunity->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details'); $this->setGetArray(array('id' => $opportunity->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit'); //revoke nobody access to read Yii::app()->user->userModel = $super; $opportunity->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($opportunity->save()); //Test nobody, access to detail should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $opportunity->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details'); $this->setGetArray(array('id' => $opportunity->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); //create opportunity owned by super $opportunity2 = OpportunityTestHelper::createOpportunityByNameForOwner('testingParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details'); $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $opportunity2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($opportunity2->save()); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details'); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $opportunity2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($opportunity2->save()); //Test userInChildRole, access to edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit'); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $opportunity2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($opportunity2->save()); //Test userInChildRole, access to detail should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details'); $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); //Test userInParentRole, access to detail should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details'); $this->setGetArray(array('id' => $opportunity2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to Opportunities and creation of Opportunities. $userInChildGroup->setRight('OpportunitiesModule', OpportunitiesModule::RIGHT_ACCESS_OPPORTUNITIES); $userInChildGroup->setRight('OpportunitiesModule', OpportunitiesModule::RIGHT_CREATE_OPPORTUNITIES); $this->assertTrue($userInChildGroup->save()); //create opportunity owned by super $opportunity3 = OpportunityTestHelper::createOpportunityByNameForOwner('testingParentGroupPermission', $super); //Test userInParentGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details'); $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); //Test userInChildGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details'); $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $opportunity3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($opportunity3->save()); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $opportunity3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($opportunity3->save()); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit'); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $opportunity3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($opportunity3->save()); //Test userInChildGroup, access to detail should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details'); $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); //Test userInParentGroup, access to detail should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details'); $this->setGetArray(array('id' => $opportunity3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); //clear up the role relationships between users so not to effect next assertions $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }