public function testSetWriteDenyPermission() { $readWriteBit = Permission::READ | Permission::WRITE | Permission::CHANGE_OWNER | Permission::CHANGE_PERMISSIONS; $this->assertEquals(27, $readWriteBit); $items = NamedSecurableItem::getAll(); $this->assertEquals(0, count($items)); $securableItem1 = new NamedSecurableItem(); $securableItem1->name = 'TestItem'; $saved = $securableItem1->save(); $this->assertTrue($saved); $group = new Group(); $group->name = 'myTestGroup'; $saved = $group->save(); $this->assertTrue($saved); $this->assertEquals(array(Permission::NONE, Permission::NONE), $securableItem1->getExplicitActualPermissions($group)); $securableItem1->addPermissions($group, Permission::WRITE, Permission::DENY); $securableItem1->save(); $this->assertEquals(array(Permission::NONE, Permission::WRITE), $securableItem1->getExplicitActualPermissions($group)); $securableItem1->addPermissions($group, Permission::READ); $securableItem1->save(); $this->assertEquals(array(Permission::READ, Permission::WRITE), $securableItem1->getExplicitActualPermissions($group)); $securableItem2 = new NamedSecurableItem(); $securableItem2->name = 'TestItem2'; $saved = $securableItem2->save(); $this->assertTrue($saved); $items = NamedSecurableItem::getAll(); $this->assertEquals(2, count($items)); $securableItem1->forget(); $securableItem2->forget(); $newItem = NamedSecurableItem::getByName('HomeModule'); $permission = 'WRITE'; $newItem->addPermissions($group, constant('Permission::' . $permission), Permission::ALLOW); $this->assertTrue($newItem->save()); $newItem->forget(); $group->forget(); $group = Group::getByName('myTestGroup'); $newItem = NamedSecurableItem::getByName('HomeModule'); $explicitPermissions = $newItem->getExplicitActualPermissions($group); $this->assertEquals(array(Permission::WRITE, Permission::NONE), $explicitPermissions); $effectivePermissions = $newItem->getEffectivePermissions($group); $this->assertEquals(Permission::WRITE, $effectivePermissions); $resolvedPermission = PermissionsUtil::resolveExplicitOrInheritedPermission($explicitPermissions, Permission::WRITE); $this->assertEquals(PERMISSION::ALLOW, $resolvedPermission); $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group); $compareData = array('HomeModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW))); $this->assertEquals($compareData['HomeModule'], $data['HomeModule']); $group->forget(); }
protected function setSomePermissions() { if (!SECURITY_OPTIMIZED) { return; } $accounts = Account::getAll(); $account = $accounts[0]; $user = User::getByUsername('bobby'); $this->assertNotEquals($account->owner->id, $user->id); $everyone = Group::getByName('Everyone'); $account->addPermissions($user, Permission::READ); $account->addPermissions($user, Permission::WRITE, Permission::DENY); $account->addPermissions($everyone, Permission::CHANGE_OWNER); $this->assertTrue($account->save()); try { $securableItem1 = NamedSecurableItem::getByName('Account'); } catch (NotFoundException $e) { $securableItem1 = new NamedSecurableItem(); $securableItem->name = 'Account'; } $securableItem1->addPermissions($everyone, Permission::DELETE); $this->assertTrue($securableItem1->save()); try { $securableItem2 = NamedSecurableItem::getByName('Account'); } catch (NotFoundException $e) { $securableItem2 = new NamedSecurableItem(); $securableItem->name = 'AccountsModule'; } $securableItem2->addPermissions($everyone, Permission::CHANGE_PERMISSIONS); $this->assertTrue($securableItem2->save()); }
public function testPermissionsOnNamedSecurableItems() { $accounts = Account::getByName('Supermart'); $this->assertEquals(1, count($accounts)); $account = $accounts[0]; $owner = $account->owner; $user = User::getByUsername('bobby'); $this->assertNotEquals($owner->id, $user->id); $everyone = Group::getByName(Group::EVERYONE_GROUP_NAME); $group = Group::getByName('Sales Staff'); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($group)); // Putting permissions on. $securableItem1 = new NamedSecurableItem(); $securableItem1->name = 'Account'; $securableItem1->addPermissions($everyone, Permission::READ); $securableItem1->addPermissions($user, Permission::DELETE); $securableItem1->addPermissions($group, Permission::WRITE); $this->assertTrue($securableItem1->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::READ_WRITE_DELETE, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($group)); $securableItem2 = new NamedSecurableItem(); $securableItem2->name = 'AccountsModule'; $securableItem2->addPermissions($everyone, Permission::CHANGE_OWNER); $securableItem2->addPermissions($group, Permission::DELETE); $this->assertTrue($securableItem2->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group)); $account->addPermissions($user, Permission::CHANGE_OWNER); $account->addPermissions($group, Permission::READ, Permission::DENY); $this->assertTrue($account->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::WRITE | Permission::DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::WRITE | Permission::DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group)); // Taking permissions off. $account->removeAllPermissions(); $this->assertTrue($account->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group)); $securableItem2->removeAllPermissions(); $this->assertTrue($securableItem2->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::READ_WRITE_DELETE, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($group)); $securableItem1->removeAllPermissions(); $this->assertTrue($securableItem1->save()); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($user)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($group)); $securableItem2->delete(); unset($securableItem2); $securableItem1->delete(); unset($securableItem1); }