/**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create superAccount owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
     //Test nobody, access to details of superAccount should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $superAccount->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $superAccount->addPermissions($nobody, Permission::READ);
     $this->assertTrue($superAccount->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $superAccount->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create meeting for an superAccount using the super user
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount);
     //Test nobody, access to edit, details and delete of meeting should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to details view only
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody);
     //Now access to meetings view by Nobody should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Now access to meetings edit and delete by Nobody should fail
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to both details and edit view
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
     //Now access to meetings view and edit by Nobody should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Now access to meetings delete by Nobody should fail
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke the permission from the nobody user to access the meeting
     Yii::app()->user->userModel = $super;
     $meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody);
     //Now nobodys, access to edit, details and delete of meetings should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to both details and edit view
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
     //Now nobodys, access to delete of meetings should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create account owned by super
     $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $account2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $account2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($account2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $account2->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $account2->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create a meeting owned by super
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting2 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedBySuperForRole', $super, $account2);
     //Test userInChildRole, access to meetings details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to meetings details, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give userInChildRole access to READ permision for meetings
     Yii::app()->user->userModel = $super;
     $meeting2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting2, $userInChildRole);
     //Test userInChildRole, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInChildRole, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInParentRole, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give userInChildRole access to read and write for the meetings
     Yii::app()->user->userModel = $super;
     $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
     //Test userInChildRole, access to meetings edit should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInChildRole, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to meetings edit should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInParentRole, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke userInChildRole access to read and write meetings
     Yii::app()->user->userModel = $super;
     $meeting2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting2, $userInChildRole);
     //Test userInChildRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give userInChildRole access to read and write for the meetings
     Yii::app()->user->userModel = $super;
     $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
     //Test userInParentRole, access to delete should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to accounts and creation of accounts.
     $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
     $this->assertTrue($userInChildGroup->save());
     //create account owned by super
     $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
     //Test userInParentGroup, access to details should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //Test userInChildGroup, access to details should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $account3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($account3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //Test userInChildGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create a meeting owned by super
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting3 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('mettingCreatedBySuperForGroup', $super, $account3);
     //Add access for the confused user to accounts and creation of accounts.
     $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_ACCESS_MEETINGS);
     $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_CREATE_MEETINGS);
     $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_DELETE_MEETINGS);
     $this->assertTrue($userInChildGroup->save());
     //Test userInParentGroup, access to meetings details and edit should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInChildGroup, access to meetings details and edit should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $meeting3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($meeting3, $parentGroup);
     //Test userInParentGroup, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInParentGroup, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInChildGroup, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInChildGroup, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($meeting3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
     //Test userInParentGroup, access to edit meetings should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInParentGroup, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInChildGroup, access to edit meetings should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInChildGroup, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke parentGroup access to meetings read and write
     Yii::app()->user->userModel = $super;
     $meeting3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($meeting3, $parentGroup);
     //Test userInChildGroup, access to meetings detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentGroup, access to meetings detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
     //Test userInChildGroup, access to meetings delete should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }
 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create project owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super);
     //Test nobody, access to edit and details should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ);
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test nobody, access to edit should fail.
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
     $projectId = $project->id;
     $project->forget();
     $project = Project::getById($projectId);
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     //TODO :Its wierd that giving opportunity errors
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project->id;
     $project->forget();
     $project = Project::getById($projectId);
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody);
     //Test nobody, access to detail should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create project owned by super
     $project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $projectId = $project2->id;
     $project2->forget();
     $project2 = Project::getById($projectId);
     //give userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     //Test userInParentRole, access to edit should not fail.
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project2->id;
     $project2->forget();
     $project2 = Project::getById($projectId);
     //revoke userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to detail should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //Test userInParentRole, access to detail should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to Products and creation of Products.
     $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_ACCESS_PROJECTS);
     $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_CREATE_PROJECTS);
     $this->assertTrue($userInChildGroup->save());
     //create project owned by super
     $project3 = ProjectTestHelper::createProjectByNameForOwner('testingParentGroupPermission', $super);
     //Test userInParentGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //Test userInChildGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $project3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($project3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($project3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test userInChildGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $projectId = $project3->id;
     $project3->forget();
     $project3 = Project::getById($projectId);
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($project3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($project3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($project3, $parentGroup);
     //Test userInParentGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     //Test userInChildGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project3->id;
     $project3->forget();
     $project3 = Project::getById($projectId);
     //revoke parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($project3, $parentGroup);
     //Test userInChildGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //Test userInParentGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     //clear up the role relationships between users so not to effect next assertions
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }
 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create lead owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super);
     //Test nobody, access to edit, details and delete should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test nobody, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test nobody, access to delete should fail.
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody);
     //Test nobody, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
     //now nobody should be able to delete a lead
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create lead owned by super
     $lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super);
     //Test userInChildRole, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $lead2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInChildRole, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInParentRole, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
     //Test userInChildRole, access to edit and delete should not fail and also detaisl view must be accessible.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInChildRole, access to delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to edit should not fail.
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInParentRole, access to delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $lead2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead2, $userInChildRole);
     //Test userInChildRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give userInChildRole access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
     //Test userInParentRole, access to delete should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to leads and creation of leads.
     $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
     $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS);
     $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS);
     $this->assertTrue($userInChildGroup->save());
     //create lead owned by super
     $lead3 = LeadTestHelper::createLeadByNameForOwner('leadsParentGroupPermission', $super);
     //Test userInParentGroup, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInChildGroup, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $lead3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($lead3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInParentGroup, access to delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInChildGroup, access to edit and details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInChildGroup, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $lead3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($lead3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
     //Test userInParentGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInParentGroup, access to delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInChildGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInChildGroup, access to delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $lead3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($lead3, $parentGroup);
     //Test userInChildGroup, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentGroup, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give parentGroup access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
     //Test userInChildGroup, access to delete should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }
 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create contact web form owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super);
     //Test nobody, access to edit and details should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $contactWebForm->addPermissions($nobody, Permission::READ);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test nobody, access to edit should fail.
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm->id;
     $contactWebForm->forget();
     $contactWebForm = ContactWebForm::getById($contactWebFormId);
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm->id;
     $contactWebForm->forget();
     $contactWebForm = ContactWebForm::getById($contactWebFormId);
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
     //Test nobody, access to detail should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create web form owned by super
     $contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $contactWebForm2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $contactWebFormId = $contactWebForm2->id;
     $contactWebForm2->forget();
     $contactWebForm2 = ContactWebForm::getById($contactWebFormId);
     //give userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     //Test userInParentRole, access to edit should not fail.
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm2->id;
     $contactWebForm2->forget();
     $contactWebForm2 = ContactWebForm::getById($contactWebFormId);
     //revoke userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to detail should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //Test userInParentRole, access to detail should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to ContactWebForms and creation of ContactWebForms.
     $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS);
     $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS);
     $this->assertTrue($userInChildGroup->save());
     //create web form owned by super
     $contactWebForm3 = ContactWebFormTestHelper::createContactWebFormByName('testingParentGroupPermission', $super);
     //Test userInParentGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //Test userInChildGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $contactWebForm3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($contactWebForm3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($contactWebForm3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test userInChildGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $contactWebFormId = $contactWebForm3->id;
     $contactWebForm3->forget();
     $contactWebForm3 = ContactWebForm::getById($contactWebFormId);
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($contactWebForm3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm3, $parentGroup);
     //Test userInParentGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     //Test userInChildGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm3->id;
     $contactWebForm3->forget();
     $contactWebForm3 = ContactWebForm::getById($contactWebFormId);
     //revoke parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($contactWebForm3, $parentGroup);
     //Test userInChildGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //Test userInParentGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     //clear up the role relationships between users so not to effect next assertions
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }
 /**
  * Given a SecurableItem, add and remove permissions
  * based on what the provided ExplicitReadWriteModelPermissions indicates should be done.
  * Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user
  * can effectively add permissions even if the current user is no longer the owner.
  * @param SecurableItem $securableItem
  * @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions
  * @param bool $validate
  * @return bool|void
  * @throws NotSupportedException
  */
 public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate = false)
 {
     assert('$securableItem->id > 0');
     $optimizeReadPermissions = $securableItem::hasReadPermissionsOptimization();
     $securableItem->setTreatCurrentUserAsOwnerForPermissions(true);
     $saveSecurableItem = false;
     if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) {
             if ($securableItem->addPermissions($permitable, Permission::READ) && $optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) {
             if ($securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER) && $optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) {
             $securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW);
             if ($optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) {
             $securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW);
             if ($optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($saveSecurableItem) {
         $setBackToProcess = false;
         if ($securableItem->shouldProcessWorkflowOnSave()) {
             $securableItem->setDoNotProcessWorkflowOnSave();
             $setBackToProcess = true;
         }
         $saved = $securableItem->save($validate);
         if ($setBackToProcess) {
             $securableItem->setProcessWorkflowOnSave();
         }
         $securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
         return $saved;
     }
     $securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
     return true;
 }