function testUserCanViewTrackerAccessSubmitterOrAssignee() { $ugroup_ass = 101; $ugroup_sub = 102; // $assignee and $u_ass are in the same ugroup (UgroupAss - ugroup_id=101) // $submitter and $u_sub are in the same ugroup (UgroupSub - ugroup_id=102) // $other and $u are neither in UgroupAss nor in UgroupSub // $u = new MockUser(); $u->setReturnValue('getId', 120); $u->setReturnValue('isMemberOfUgroup', false); $u->setReturnValue('isSuperUser', false); // $assignee = new MockUser(); $assignee->setReturnValue('getId', 121); $assignee->setReturnValue('isMemberOfUgroup', true, array(101, 222)); $assignee->setReturnValue('isMemberOfUgroup', false, array(102, 222)); $assignee->setReturnValue('isSuperUser', false); // $u_ass = new MockUser(); $u_ass->setReturnValue('getId', 122); $u_ass->setReturnValue('isMemberOfUgroup', true, array(101, 222)); $u_ass->setReturnValue('isMemberOfUgroup', false, array(102, 222)); $u_ass->setReturnValue('isSuperUser', false); // $submitter = new MockUser(); $submitter->setReturnValue('getId', 123); $submitter->setReturnValue('isMemberOfUgroup', false, array(101, 222)); $submitter->setReturnValue('isMemberOfUgroup', true, array(102, 222)); $submitter->setReturnValue('isSuperUser', false); // $u_sub = new MockUser(); $u_sub->setReturnValue('getId', 124); $u_sub->setReturnValue('isMemberOfUgroup', false, array(101, 222)); $u_sub->setReturnValue('isMemberOfUgroup', true, array(102, 222)); $u_sub->setReturnValue('isSuperUser', false); // $other = new MockUser(); $other->setReturnValue('getId', 125); $other->setReturnValue('isMemberOfUgroup', false); $other->setReturnValue('isSuperUser', false); $user_manager = new MockUserManager(); $user_manager->setReturnReference('getUserById', $u, array(120)); $user_manager->setReturnReference('getUserById', $assignee, array(121)); $user_manager->setReturnReference('getUserById', $u_ass, array(122)); $user_manager->setReturnReference('getUserById', $submitter, array(123)); $user_manager->setReturnReference('getUserById', $u_sub, array(124)); $user_manager->setReturnReference('getUserById', $other, array(125)); // $artifact_subass has been submitted by $submitter and assigned to $assignee // $assignee, $u_ass, $submitter, $u_sub should have the right to see it. // $other and $u should not have the right to see it $tracker = new MockTracker(); $tracker->setReturnValue('getId', 666); $tracker->setReturnValue('getGroupId', 222); $perms_tracker_access_full = array(); $perms_tracker_access_assignee = array(array('ugroup_id' => $ugroup_ass)); $perms_tracker_access_submitter = array(array('ugroup_id' => $ugroup_sub)); $tracker->setReturnReference('permission_db_authorized_ugroups', $perms_tracker_access_full, array('PLUGIN_TRACKER_ACCESS_FULL')); $tracker->setReturnReference('permission_db_authorized_ugroups', $perms_tracker_access_assignee, array('PLUGIN_TRACKER_ACCESS_ASSIGNEE')); $tracker->setReturnReference('permission_db_authorized_ugroups', $perms_tracker_access_submitter, array('PLUGIN_TRACKER_ACCESS_SUBMITTER')); $contributor_field = new MockTracker_FormElement_Field(); $tracker->setReturnReference('getContributorField', $contributor_field); $artifact_subass = new Tracker_ArtifactTestPermissions(); $artifact_subass->setReturnReference('getUserManager', $user_manager); $artifact_subass->setReturnReference('getTracker', $tracker); $artifact_subass->setReturnValue('useArtifactPermissions', false); $artifact_subass->setReturnValue('getSubmittedBy', 123); $user_changeset_value = new MockTracker_Artifact_ChangesetValue(); $contributors = array(121); $user_changeset_value->setReturnReference('getValue', $contributors); $artifact_subass->setReturnReference('getValue', $user_changeset_value, array($contributor_field)); $this->assertTrue($artifact_subass->userCanView($submitter)); $this->assertTrue($artifact_subass->userCanView($u_sub)); $this->assertTrue($artifact_subass->userCanView($assignee)); $this->assertTrue($artifact_subass->userCanView($u_ass)); $this->assertFalse($artifact_subass->userCanView($other)); $this->assertFalse($artifact_subass->userCanView($u)); }
function testUserCanViewTrackerAccessFull() { $ugroup_ass = 101; $ugroup_sub = 102; $ugroup_ful = 103; // $assignee is in (UgroupAss - ugroup_id=101) // $submitter is in (UgroupSub - ugroup_id=102) // $u is in (UgroupFul - ugroup_id=103); // $other do not belong to any ugroup // $u = mock('PFUser'); $u->setReturnValue('getId', 120); $u->setReturnValue('isMemberOfUgroup', true, array(103, 222)); $u->setReturnValue('isMemberOfUgroup', false, array(101, 222)); $u->setReturnValue('isMemberOfUgroup', false, array(102, 222)); $u->setReturnValue('isSuperUser', false); // $assignee = mock('PFUser'); $assignee->setReturnValue('getId', 121); $assignee->setReturnValue('isMemberOfUgroup', true, array(101, 222)); $assignee->setReturnValue('isMemberOfUgroup', false, array(102, 222)); $assignee->setReturnValue('isMemberOfUgroup', false, array(103, 222)); $assignee->setReturnValue('isSuperUser', false); // $submitter = mock('PFUser'); $submitter->setReturnValue('getId', 122); $submitter->setReturnValue('isMemberOfUgroup', false, array(101, 222)); $submitter->setReturnValue('isMemberOfUgroup', true, array(102, 222)); $submitter->setReturnValue('isMemberOfUgroup', false, array(103, 222)); $submitter->setReturnValue('isSuperUser', false); // $other = mock('PFUser'); $other->setReturnValue('getId', 123); $other->setReturnValue('isMemberOfUgroup', false); $other->setReturnValue('isSuperUser', false); $user_manager = mock('UserManager'); $user_manager->setReturnReference('getUserById', $u, array(120)); $user_manager->setReturnReference('getUserById', $assignee, array(121)); $user_manager->setReturnReference('getUserById', $submitter, array(122)); $user_manager->setReturnReference('getUserById', $other, array(123)); $project_manager = mock('ProjectManager'); // $artifact_subass has been submitted by $submitter and assigned to $assignee // $u should have the right to see it. // $other, $submitter and assigned should not have the right to see it $permissions = array("PLUGIN_TRACKER_ACCESS_FULL" => array(0 => $ugroup_ful)); $this->tracker->setReturnReference('getAuthorizedUgroupsByPermissionType', $permissions); $contributor_field = aMockField()->build(); $this->tracker->setReturnReference('getContributorField', $contributor_field); $artifact_subass = mock('Tracker_Artifact'); $artifact_subass->setReturnReference('getTracker', $this->tracker); $artifact_subass->setReturnValue('useArtifactPermissions', false); $artifact_subass->setReturnValue('getSubmittedBy', 123); $user_changeset_value = new MockTracker_Artifact_ChangesetValue(); $contributors = array(121); $user_changeset_value->setReturnReference('getValue', $contributors); $artifact_subass->setReturnReference('getValue', $user_changeset_value, array($contributor_field)); $permission_checker = new Tracker_Permission_PermissionChecker($user_manager, $project_manager); $this->assertFalse($permission_checker->userCanView($submitter, $artifact_subass)); $this->assertFalse($permission_checker->userCanView($assignee, $artifact_subass)); $this->assertFalse($permission_checker->userCanView($other, $artifact_subass)); $this->assertTrue($permission_checker->userCanView($u, $artifact_subass)); }