public function testUserCanAccessMethod_projectPageDto_NotAMember_false() { $userId = self::$environ->createUser('user', 'user', '*****@*****.**', SystemRoles::USER); $project = self::$environ->createProject('projectForTest', 'projTestCode'); $project->appName = 'sfchecks'; $project->write(); $projectId = $project->id->asString(); $project = ProjectModel::getById($projectId); $rh = new RightsHelper($userId, $project, self::$environ->website); $result = $rh->userCanAccessMethod('project_pageDto', array()); $this->assertFalse($result); }
public function checkPermissions($methodName, $params) { if (!self::isAnonymousMethod($methodName)) { if (!$this->userId) { throw new UserNotAuthenticatedException("Your session has timed out. Please login again."); } try { $projectModel = ProjectModel::getById($this->projectId); } catch (\Exception $e) { $projectModel = null; } $rightsHelper = new RightsHelper($this->userId, $projectModel, $this->website); if (!$rightsHelper->userCanAccessMethod($methodName, $params)) { throw new UserUnauthorizedException("Insufficient privileges accessing API method '{$methodName}'"); } } }