public function testAllDefaultControllerActions() { $this->user->setRight('ContactsModule', ContactsModule::getAccessRight()); $this->assertTrue($this->user->save()); $emailTemplate = EmailTemplateTestHelper::create('Test Name Regular 01', 'Test Subject Regular 01', 'Contact', 'Test HtmlContent Regular 01', 'Test TextContent Regular 01'); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default'); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/index'); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/listForMarketing'); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/listForWorkflow'); $this->setGetArray(array('type' => EmailTemplate::TYPE_CONTACT)); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/create'); $this->setGetArray(array('id' => $emailTemplate->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/edit'); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/details'); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/delete'); $this->resetGetArray(); $this->user->setRight('EmailTemplatesModule', EmailTemplatesModule::getAccessRight()); $this->assertTrue($this->user->save()); $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default'); $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default/index'); $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default/listForMarketing'); $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default/listForWorkflow'); $this->setGetArray(array('id' => $emailTemplate->id)); $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default/details'); $this->resetGetArray(); $this->user->setRight('EmailTemplatesModule', EmailTemplatesModule::getCreateRight()); $this->assertTrue($this->user->save()); $this->setGetArray(array('type' => EmailTemplate::TYPE_CONTACT, 'builtType' => EmailTemplate::BUILT_TYPE_PLAIN_TEXT_ONLY)); $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default/create'); $this->setGetArray(array('type' => EmailTemplate::TYPE_WORKFLOW, 'builtType' => EmailTemplate::BUILT_TYPE_PLAIN_TEXT_ONLY)); $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default/create'); $this->setGetArray(array('id' => $emailTemplate->id)); $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default/edit'); $this->user->setRight('EmailTemplatesModule', EmailTemplatesModule::getDeleteRight()); $this->assertTrue($this->user->save()); $this->runControllerWithRedirectExceptionAndGetUrl('emailTemplates/default/delete'); $this->setGetArray(array('id' => static::$templateOwnedBySuper->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/edit'); RedBeanModel::forgetAll(); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/details'); RedBeanModel::forgetAll(); $this->runControllerShouldResultInAccessFailureAndGetContent('emailTemplates/default/delete'); }
/** * @depends testRegularUserAllDefaultControllerActions */ public function testRegularUserCreateActionForWorkflow() { // TODO: @Shoaibi/@Jason: Medium: Even if a user doesn't have module permission he can sent that modelClassName in POST // nobody needs access to meetings ans contact to have that in ddl. $this->user->setRight('ContactsModule', ContactsModule::getAccessRight()); $this->user->setRight('MeetingsModule', MeetingsModule::getAccessRight()); $this->assertTrue($this->user->save()); // Create a new emailTemplate and test validator. $this->setGetArray(array('type' => EmailTemplate::TYPE_WORKFLOW)); $this->setPostArray(array('EmailTemplate' => array('type' => EmailTemplate::TYPE_WORKFLOW, 'name' => 'New Test Workflow EmailTemplate', 'subject' => 'New Test Subject'))); $content = $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default/create'); $this->assertTrue(strpos($content, 'Create Email Template') !== false); $this->assertFalse(strpos($content, '<select name="EmailTemplate[type]" id="EmailTemplate_type">') !== false); $this->assertTrue(strpos($content, '<select name="EmailTemplate[modelClassName]" id="EmailTemplate_modelClassName_value"') !== false); $this->assertTrue(strpos($content, 'Please provide at least one of the contents field.') !== false); $this->assertTrue(strpos($content, 'Module cannot be blank.') !== false); // Create a new emailTemplate and test merge tags validator. $this->setPostArray(array('EmailTemplate' => array('type' => EmailTemplate::TYPE_WORKFLOW, 'modelClassName' => 'Meeting', 'name' => 'New Test Workflow EmailTemplate', 'subject' => 'New Test Subject', 'textContent' => 'This is text content [[INVALID^TAG]]', 'htmlContent' => 'This is Html content [[INVALIDTAG]]'))); $content = $this->runControllerWithNoExceptionsAndGetContent('emailTemplates/default/create'); $this->assertTrue(strpos($content, 'Create Email Template') !== false); $this->assertFalse(strpos($content, '<select name="EmailTemplate[type]" id="EmailTemplate_type">') !== false); $this->assertTrue(strpos($content, '<select name="EmailTemplate[modelClassName]" id="EmailTemplate_modelClassName_value">') !== false); $this->assertTrue(strpos($content, '<option value="Meeting" selected="selected">Meetings</option>') !== false); $this->assertTrue(strpos($content, 'INVALID^TAG') !== false); $this->assertTrue(strpos($content, 'INVALIDTAG') !== false); $this->assertEquals(2, substr_count($content, 'INVALID^TAG')); $this->assertEquals(2, substr_count($content, 'INVALIDTAG')); // Create a new emailTemplate and save it. $this->setPostArray(array('EmailTemplate' => array('type' => EmailTemplate::TYPE_WORKFLOW, 'name' => 'New Test Workflow EmailTemplate', 'modelClassName' => 'Contact', 'subject' => 'New Test Subject [[FIRST^NAME]]', 'textContent' => 'New Text Content [[FIRST^NAME]]'))); $redirectUrl = $this->runControllerWithRedirectExceptionAndGetUrl('emailTemplates/default/create'); $emailTemplateId = self::getModelIdByModelNameAndName('EmailTemplate', 'New Test Workflow EmailTemplate'); $emailTemplate = EmailTemplate::getById($emailTemplateId); $this->assertTrue($emailTemplate->id > 0); $this->assertEquals('New Test Subject [[FIRST^NAME]]', $emailTemplate->subject); $this->assertEquals('New Text Content [[FIRST^NAME]]', $emailTemplate->textContent); $this->assertTrue($emailTemplate->owner == $this->user); $compareRedirectUrl = Yii::app()->createUrl('emailTemplates/default/details', array('id' => $emailTemplate->id)); $this->assertEquals($compareRedirectUrl, $redirectUrl); $emailTemplates = EmailTemplate::getAll(); $this->assertEquals(1, count($emailTemplates)); }
public function testArePermissionsFlushedOnRemovingParentFromChildRole() { Contact::deleteAll(); try { $role = Role::getByName('Parent'); $role->delete(); } catch (NotFoundException $e) { } try { $user = User::getByUsername('jim'); $user->delete(); } catch (NotFoundException $e) { } try { $user = User::getByUsername('jane'); $user->delete(); } catch (NotFoundException $e) { } // we could have used helpers to do a lot of the following stuff (such as creating users, roles, // etc) but we wanted to mimic user's interaction as closely as possible. Hence using walkthroughs // for everything // create Parent and Child Roles, Create Jim to be member of Child role // create parent role $this->resetGetArray(); $this->setPostArray(array('Role' => array('name' => 'Parent'))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/role/create'); $parentRole = Role::getByName('Parent'); $this->assertNotNull($parentRole); $this->assertEquals('Parent', strval($parentRole)); $parentRoleId = $parentRole->id; // create child role $this->resetGetArray(); $this->setPostArray(array('Role' => array('name' => 'Child', 'role' => array('id' => $parentRoleId)))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/role/create'); $childRole = Role::getByName('Child'); $this->assertNotNull($childRole); $this->assertEquals('Child', strval($childRole)); $parentRole->forgetAll(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forgetAll(); $childRole = Role::getById($childRoleId); $this->assertEquals($childRole->id, $parentRole->roles[0]->id); // create jim's user $this->resetGetArray(); $this->setPostArray(array('UserPasswordForm' => array('firstName' => 'Some', 'lastName' => 'Body', 'username' => 'jim', 'newPassword' => 'myPassword123', 'newPassword_repeat' => 'myPassword123', 'officePhone' => '456765421', 'userStatus' => 'Active', 'role' => array('id' => $childRoleId)))); $this->runControllerWithRedirectExceptionAndGetContent('/users/default/create'); $jim = User::getByUsername('jim'); $this->assertNotNull($jim); $childRole->forgetAll(); $childRole = Role::getById($childRoleId); $this->assertEquals($childRole->id, $jim->role->id); // give jim rights to contact's module $jim->setRight('ContactsModule', ContactsModule::getAccessRight()); $jim->setRight('ContactsModule', ContactsModule::getCreateRight()); $this->assertTrue($jim->save()); $jim->forgetAll(); $jim = User::getByUsername('jim'); // create jane's user $this->resetGetArray(); $this->setPostArray(array('UserPasswordForm' => array('firstName' => 'Some', 'lastName' => 'Body', 'username' => 'jane', 'newPassword' => 'myPassword123', 'newPassword_repeat' => 'myPassword123', 'officePhone' => '456765421', 'userStatus' => 'Active', 'role' => array('id' => $parentRoleId)))); $this->runControllerWithRedirectExceptionAndGetContent('/users/default/create'); $jane = User::getByUsername('jane'); $this->assertNotNull($jane); $parentRole->forgetAll(); $parentRole = Role::getById($parentRoleId); $this->assertEquals($parentRole->id, $jane->role->id); // give jane rights to contact's module, we need to do this because once the link between parent and child // role is broken jane won't be able to access the listview of contacts $jane->setRight('ContactsModule', ContactsModule::getAccessRight()); $this->assertTrue($jane->save()); $jane->forgetAll(); $jane = User::getByUsername('jane'); // create a contact from jim's account // create ContactStates ContactsModule::loadStartingData(); // ensure contact states have been created $this->assertEquals(6, count(ContactState::GetAll())); $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim'); // go ahead and create contact with parent role given readwrite. $startingState = ContactsUtil::getStartingState(); $this->resetGetArray(); $this->setPostArray(array('Contact' => array('firstName' => 'Jim', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id)))); $url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create'); $jimDoeContactId = intval(substr($url, strpos($url, 'id=') + 3)); $jimDoeContact = Contact::getById($jimDoeContactId); $this->assertNotNull($jimDoeContact); $this->resetPostArray(); $this->setGetArray(array('id' => $jimDoeContactId)); $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->assertContains('Who can read and write Owner', $content); // create a contact using jane which she would see at all times $this->logoutCurrentUserLoginNewUserAndGetByUsername('jane'); $this->resetGetArray(); $this->setPostArray(array('Contact' => array('firstName' => 'Jane', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id)))); $url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create'); $janeDoeContactId = intval(substr($url, strpos($url, 'id=') + 3)); $janeDoeContact = Contact::getById($jimDoeContactId); $this->assertNotNull($janeDoeContact); $this->resetPostArray(); $this->setGetArray(array('id' => $janeDoeContactId)); $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->assertContains('Who can read and write Owner', $content); // ensure jim can see that contact everywhere // jim should have access to see contact on list view $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim'); $this->resetGetArray(); // get the page, ensure the name of contact does show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertContains('Jim Doe</a></td><td>', $content); $this->assertNotContains('Jane Doe</a></td><td>', $content); // jim should have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jim should have access to jimDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jim should not have access to janeDoeContact's detail view $this->setGetArray(array('id' => $janeDoeContactId)); try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->fail('Accessing details action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // jim should have access to janeDoeContact's edit view try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); $this->fail('Accessing edit action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // ensure jane can see that contact everywhere // jane should have access to see contact on list view $this->logoutCurrentUserLoginNewUserAndGetByUsername('jane'); $this->resetGetArray(); // get the page, ensure the name of contact does show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertContains('Jim Doe</a></td><td>', $content); $this->assertContains('Jane Doe</a></td><td>', $content); // jane should have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jane should have access to jimDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jane should have access to janeDoeContact's detail view $this->setGetArray(array('id' => $janeDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jane should have access to janeDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // unlink Parent role from child $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $this->setGetArray(array('id' => $childRoleId)); $this->setPostArray(array('Role' => array('name' => 'Child', 'role' => array('id' => '')))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/role/edit'); $childRole = Role::getByName('Child'); $this->assertNotNull($childRole); $this->assertEquals('Child', strval($childRole)); $parentRole->forgetAll(); $parentRole = Role::getById($parentRoleId); $this->assertNotNull($parentRole); $this->assertCount(0, $parentRole->roles); // ensure jim can still see that contact everywhere // jim should have access to see contact on list view $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim'); $this->resetGetArray(); // get the page, ensure the name of contact does show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertContains('Jim Doe</a></td><td>', $content); $this->assertNotContains('Jane Doe</a></td><td>', $content); // jim should have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jim should have access to jimDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jim should not have access to janeDoeContact's detail view $this->setGetArray(array('id' => $janeDoeContactId)); try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->fail('Accessing details action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // jim should have access to janeDoeContact's edit view try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); $this->fail('Accessing edit action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // ensure jane can not see that contact anywhere // jane should have access to see contact on list view $this->logoutCurrentUserLoginNewUserAndGetByUsername('jane'); $this->resetGetArray(); // get the page, ensure the name of contact does not show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertNotContains('Jim Doe</a></td><td>', $content); $this->assertContains('Jane Doe</a></td><td>', $content); // jane should have access to janeDoeContact's detail view $this->setGetArray(array('id' => $janeDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jane should have access to janeDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jane should not have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->fail('Accessing details action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // jane should not have access to jimDoeContact's edit view try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); $this->fail('Accessing edit action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } }
public function filters() { $modelClassName = $this->getModule()->getPrimaryModelName(); $viewClassName = $modelClassName . 'EditAndDetailsView'; return array_merge(parent::filters(), array(array(ZurmoBaseController::REQUIRED_ATTRIBUTES_FILTER_PATH . ' + create, createFromRelation, edit', 'moduleClassName' => get_class($this->getModule()), 'viewClassName' => $viewClassName), array(static::getRightsFilterPath(), 'moduleClassName' => 'AccountsModule', 'rightName' => AccountsModule::getAccessRight()), array(static::getRightsFilterPath(), 'moduleClassName' => 'ContactsModule', 'rightName' => ContactsModule::getAccessRight()))); }
public function resolveRecordSharingPerformanceTime($count) { $groupMembers = array(); // create group $this->resetGetArray(); $this->setPostArray(array('Group' => array('name' => "Group {$count}"))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/group/create'); $group = Group::getByName("Group {$count}"); $this->assertNotNull($group); $this->assertEquals("Group {$count}", strval($group)); $group->setRight('ContactsModule', ContactsModule::getAccessRight()); $group->setRight('ContactsModule', ContactsModule::getCreateRight()); $group->setRight('ContactsModule', ContactsModule::getDeleteRight()); $this->assertTrue($group->save()); $groupId = $group->id; $group->forgetAll(); $group = Group::getById($groupId); $this->resetGetArray(); for ($i = 0; $i < $count; $i++) { $username = static::$baseUsername . "_{$i}_of_{$count}"; // Populate group $this->setPostArray(array('UserPasswordForm' => array('firstName' => 'Some', 'lastName' => 'Body', 'username' => $username, 'newPassword' => 'myPassword123', 'newPassword_repeat' => 'myPassword123', 'officePhone' => '456765421', 'userStatus' => 'Active'))); $this->runControllerWithRedirectExceptionAndGetContent('/users/default/create'); $user = User::getByUsername($username); $this->assertNotNull($user); $groupMembers['usernames'][] = $user->username; $groupMembers['ids'][] = $user->id; } $this->assertCount($count, $groupMembers['ids']); // set user's group $this->setGetArray(array('id' => $groupId)); $this->setPostArray(array('GroupUserMembershipForm' => array('userMembershipData' => $groupMembers['ids']))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/group/editUserMembership'); $group->forgetAll(); $group = Group::getById($groupId); $this->assertCount($count, $group->users); foreach ($groupMembers['ids'] as $userId) { $user = User::getById($userId); $this->assertEquals($group->id, $user->groups[0]->id); $this->assertTrue(RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getAccessRight(), $user)); $this->assertTrue(RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getCreateRight(), $user)); $this->assertTrue(RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getDeleteRight(), $user)); } $this->clearAllCaches(); // go ahead and create contact with group given readwrite, use group's first member to confirm he has create access $this->logoutCurrentUserLoginNewUserAndGetByUsername($groupMembers['usernames'][0]); $this->resetGetArray(); $startingState = ContactsUtil::getStartingState(); $this->setPostArray(array('Contact' => array('firstName' => 'John', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id), 'explicitReadWriteModelPermissions' => array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_NONEVERYONE_GROUP, 'nonEveryoneGroup' => $groupId)))); $startTime = microtime(true); $url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create'); $timeTakenForSave = microtime(true) - $startTime; $johnDoeContactId = intval(substr($url, strpos($url, 'id=') + 3)); $johnDoeContact = Contact::getById($johnDoeContactId); $this->assertNotNull($johnDoeContact); $this->resetPostArray(); $this->setGetArray(array('id' => $johnDoeContactId)); $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->assertContains('Who can read and write ' . strval($group), $content); $this->clearAllCaches(); $this->resetPostArray(); // ensure group members have access foreach ($groupMembers['usernames'] as $member) { $user = $this->logoutCurrentUserLoginNewUserAndGetByUsername($member); $this->assertNotNull($user); $this->setGetArray(array('id' => $johnDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); } return $timeTakenForSave; }
/** * Test if all newly created items was pulled from read permission tables via API. * Please note that here we do not test if data are inserted in read permission tables correctly, that is * part of read permission subscription tests * @throws NotFoundException * @throws NotImplementedException * @throws NotSupportedException */ public function testGetCreatedContacts() { $timestamp = time(); sleep(1); $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $lisa = UserTestHelper::createBasicUser('Lisa'); $lisa->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $lisa->setRight('ContactsModule', ContactsModule::getAccessRight()); $this->assertTrue($lisa->save()); $this->deleteAllModelsAndRecordsFromReadPermissionTable('Contact'); $job = new ReadPermissionSubscriptionUpdateJob(); ReadPermissionsOptimizationUtil::rebuild(); $contact1 = ContactTestHelper::createContactByNameForOwner('Mike', $super); sleep(1); $contact2 = ContactTestHelper::createContactByNameForOwner('Jake', $super); sleep(1); $contact3 = ContactTestHelper::createContactByNameForOwner('Joe', $super); sleep(1); $contact1->primaryEmail->emailAddress = '*****@*****.**'; $contact1->companyName = "IBM"; $this->assertTrue($contact1->save()); $contact2->primaryEmail->emailAddress = '*****@*****.**'; $this->assertTrue($contact2->save()); $contact3->primaryEmail->emailAddress = '*****@*****.**'; $this->assertTrue($contact3->save()); $this->assertTrue($job->run()); $authenticationData = $this->login(); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $data = array('sinceDateTime' => DateTimeUtil::convertTimestampToDbFormatDateTime($timestamp), 'pagination' => array('pageSize' => 2, 'page' => 1)); $response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(3, $response['data']['totalCount']); $this->assertEquals(2, $response['data']['pageSize']); $this->assertEquals(1, $response['data']['currentPage']); $this->assertEquals($contact1->id, $response['data']['items'][0]['id']); $this->assertEquals($super->id, $response['data']['items'][0]['owner']['id']); $this->assertEquals($contact1->firstName, $response['data']['items'][0]['firstName']); $this->assertEquals($contact1->lastName, $response['data']['items'][0]['lastName']); $this->assertEquals($contact1->companyName, $response['data']['items'][0]['companyName']); $this->assertEquals($contact1->primaryEmail->emailAddress, $response['data']['items'][0]['primaryEmail']['emailAddress']); $this->assertEquals($super->id, $response['data']['items'][1]['owner']['id']); $this->assertEquals($contact2->firstName, $response['data']['items'][1]['firstName']); $this->assertEquals($contact2->lastName, $response['data']['items'][1]['lastName']); $this->assertEquals($contact2->primaryEmail->emailAddress, $response['data']['items'][1]['primaryEmail']['emailAddress']); $data = array('sinceDateTime' => DateTimeUtil::convertTimestampToDbFormatDateTime(0), 'pagination' => array('pageSize' => 2, 'page' => 2)); $response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(3, $response['data']['totalCount']); $this->assertEquals(2, $response['data']['pageSize']); $this->assertEquals(2, $response['data']['currentPage']); $this->assertEquals($contact3->id, $response['data']['items'][0]['id']); $this->assertEquals($super->id, $response['data']['items'][0]['owner']['id']); $this->assertEquals($contact3->firstName, $response['data']['items'][0]['firstName']); $this->assertEquals($contact3->lastName, $response['data']['items'][0]['lastName']); $this->assertEquals($contact3->primaryEmail->emailAddress, $response['data']['items'][0]['primaryEmail']['emailAddress']); // Change owner of $contact1, it should appear in Lisa's created contacts $contact1->owner = $lisa; $this->assertTrue($contact1->save()); sleep(1); $this->assertTrue($job->run()); $data = array('sinceDateTime' => DateTimeUtil::convertTimestampToDbFormatDateTime($timestamp), 'pagination' => array('pageSize' => 2, 'page' => 1)); $response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(2, $response['data']['totalCount']); $this->assertEquals(2, $response['data']['pageSize']); $this->assertEquals(1, $response['data']['currentPage']); $this->assertEquals($contact2->id, $response['data']['items'][0]['id']); $this->assertEquals($super->id, $response['data']['items'][0]['owner']['id']); $this->assertEquals($contact2->firstName, $response['data']['items'][0]['firstName']); $this->assertEquals($contact2->lastName, $response['data']['items'][0]['lastName']); $this->assertEquals($contact2->companyName, $response['data']['items'][0]['companyName']); $this->assertEquals($contact2->primaryEmail->emailAddress, $response['data']['items'][0]['primaryEmail']['emailAddress']); $this->assertEquals($super->id, $response['data']['items'][1]['owner']['id']); $this->assertEquals($contact3->firstName, $response['data']['items'][1]['firstName']); $this->assertEquals($contact3->lastName, $response['data']['items'][1]['lastName']); $this->assertEquals($contact3->primaryEmail->emailAddress, $response['data']['items'][1]['primaryEmail']['emailAddress']); $authenticationData = $this->login('lisa', 'lisa'); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $data = array('sinceDateTime' => DateTimeUtil::convertTimestampToDbFormatDateTime($timestamp), 'pagination' => array('pageSize' => 2, 'page' => 1)); $response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(1, $response['data']['totalCount']); $this->assertEquals(2, $response['data']['pageSize']); $this->assertEquals(1, $response['data']['currentPage']); $this->assertEquals($contact1->id, $response['data']['items'][0]['id']); $this->assertEquals($lisa->id, $response['data']['items'][0]['owner']['id']); $this->assertEquals($contact1->firstName, $response['data']['items'][0]['firstName']); $this->assertEquals($contact1->lastName, $response['data']['items'][0]['lastName']); $this->assertEquals($contact1->companyName, $response['data']['items'][0]['companyName']); $this->assertEquals($contact1->primaryEmail->emailAddress, $response['data']['items'][0]['primaryEmail']['emailAddress']); }
public function testRegularUserAllDefaultControllerActions() { $marketingList = MarketingListTestHelper::createMarketingListByName('MarketingListName 01', 'MarketingListDescription 01'); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default'); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/index'); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/list'); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/create'); $this->setGetArray(array('id' => $marketingList->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/edit'); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/details'); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/getInfoToCopyToCampaign'); $this->setGetArray(array('term' => 'inexistant')); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/autoComplete'); $this->setGetArray(array('modalTransferInformation' => array('sourceIdFieldId' => 'Campaign_marketingList_id', 'sourceNameFieldId' => 'Campaign_marketingList_name', 'modalId' => 'modalContainer-edit-form'))); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/modalList'); $this->resetGetArray(); $this->user->setRight('MarketingListsModule', MarketingListsModule::getAccessRight()); $this->assertTrue($this->user->save()); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default'); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/index'); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/list'); $this->setGetArray(array('term' => 'inexistant')); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/autoComplete'); $this->setGetArray(array('id' => $marketingList->id)); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/getInfoToCopyToCampaign'); $this->setGetArray(array('modalTransferInformation' => array('sourceIdFieldId' => 'Campaign_marketingList_id', 'sourceNameFieldId' => 'Campaign_marketingList_name', 'modalId' => 'modalContainer-edit-form'))); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/modalList'); $this->setGetArray(array('id' => $marketingList->id)); $content = $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/details'); $this->assertContains('<p>To manage Marketing Lists you must have access to either contacts' . ' or leads. Contact the CRM administrator about this issue.</p>', $content); $this->resetGetArray(); $this->user->setRight('MarketingListsModule', MarketingListsModule::getCreateRight()); $this->assertTrue($this->user->save()); $content = $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/create'); $this->assertContains('<p>To manage Marketing Lists you must have access to either contacts' . ' or leads. Contact the CRM administrator about this issue.</p>', $content); $this->user->setRight('ContactsModule', ContactsModule::getAccessRight()); $this->user->setRight('LeadsModule', LeadsModule::getAccessRight()); $this->assertTrue($this->user->save()); $this->setGetArray(array('id' => $marketingList->id)); $content = $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/details'); $this->assertNotContains('<p>To manage Marketing Lists you must have access to either contacts' . ' or leads. Contact the CRM administrator about this issue.</p>', $content); $this->resetGetArray(); $this->user->setRight('MarketingListsModule', MarketingListsModule::getCreateRight()); $this->assertTrue($this->user->save()); $content = $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/create'); $this->assertNotContains('<p>To manage Marketing Lists you must have access to either contacts' . ' or leads. Contact the CRM administrator about this issue.</p>', $content); $this->setGetArray(array('id' => $marketingList->id)); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/edit'); $this->user->setRight('MarketingListsModule', MarketingListsModule::getDeleteRight()); $this->assertTrue($this->user->save()); $this->runControllerWithRedirectExceptionAndGetUrl('marketingLists/default/delete'); $this->setGetArray(array('id' => static::$listOwnedBySuper->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/edit'); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/details'); $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/delete'); }
public function testArePermissionsFlushedOnRemovingParentFromChildGroup() { // cleanup Contact::deleteAll(); try { $group = Group::getByName('Child'); $group->delete(); } catch (NotFoundException $e) { } try { $user = User::getByUsername('jim'); $user->delete(); } catch (NotFoundException $e) { } // we could have used helpers to do a lot of the following stuff (such as creating users, groups, // etc) but we wanted to mimic user's interaction as closely as possible. Hence using walkthroughs // for everything // create Parent and Child Groups, Create Jim to be member of Child group // create parent group $this->resetGetArray(); $this->setPostArray(array('Group' => array('name' => 'Parent'))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/group/create'); $parentGroup = Group::getByName('Parent'); $this->assertNotNull($parentGroup); $this->assertEquals('Parent', strval($parentGroup)); $parentGroupId = $parentGroup->id; // create child group $this->resetGetArray(); $this->setPostArray(array('Group' => array('name' => 'Child', 'group' => array('id' => $parentGroupId)))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/group/create'); $childGroup = Group::getByName('Child'); $this->assertNotNull($childGroup); $this->assertEquals('Child', strval($childGroup)); $parentGroup->forgetAll(); $parentGroup = Group::getById($parentGroupId); // give child rights for contacts module $childGroup->setRight('ContactsModule', ContactsModule::getAccessRight()); $childGroup->setRight('ContactsModule', ContactsModule::getCreateRight()); $this->assertTrue($childGroup->save()); $childGroupId = $childGroup->id; $childGroup->forgetAll(); $childGroup = Group::getById($childGroupId); $this->assertContains($childGroup, $parentGroup->groups); // create jim's user $this->resetGetArray(); $this->setPostArray(array('UserPasswordForm' => array('firstName' => 'Some', 'lastName' => 'Body', 'username' => 'jim', 'newPassword' => 'myPassword123', 'newPassword_repeat' => 'myPassword123', 'officePhone' => '456765421', 'userStatus' => 'Active'))); $this->runControllerWithRedirectExceptionAndGetContent('/users/default/create'); $jim = User::getByUsername('jim'); $this->assertNotNull($jim); // set jim's group to child group $this->setGetArray(array('id' => $childGroup->id)); $this->setPostArray(array('GroupUserMembershipForm' => array('userMembershipData' => array($jim->id)))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/group/editUserMembership'); $jim->forgetAll(); $jim = User::getByUsername('jim'); $this->assertNotNull($jim); $childGroup->forgetAll(); $childGroup = Group::getById($childGroupId); $this->assertContains($childGroup, $jim->groups); // create a contact with permissions to Parent group // create ContactStates ContactsModule::loadStartingData(); // ensure contact states have been created $this->assertEquals(6, count(ContactState::GetAll())); // go ahead and create contact with parent group given readwrite. $startingState = ContactsUtil::getStartingState(); $this->resetGetArray(); $this->setPostArray(array('Contact' => array('firstName' => 'John', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id), 'explicitReadWriteModelPermissions' => array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_NONEVERYONE_GROUP, 'nonEveryoneGroup' => $parentGroupId)))); $url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create'); $johnDoeContactId = intval(substr($url, strpos($url, 'id=') + 3)); $johnDoeContact = Contact::getById($johnDoeContactId); $this->assertNotNull($johnDoeContact); $this->resetPostArray(); $this->setGetArray(array('id' => $johnDoeContactId)); $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->assertContains('Who can read and write Parent', $content); // create a contact using jim which he would see at all times $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim'); $this->resetGetArray(); $this->setPostArray(array('Contact' => array('firstName' => 'Jim', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id)))); $url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create'); $jimDoeContactId = intval(substr($url, strpos($url, 'id=') + 3)); $jimDoeContact = Contact::getById($jimDoeContactId); $this->assertNotNull($jimDoeContact); $this->resetPostArray(); $this->setGetArray(array('id' => $jimDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // ensure jim can see that contact everywhere // jim should have access to see contact on list view $this->resetGetArray(); // get the page, ensure the name of contact does show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertContains('John Doe</a></td><td>', $content); $this->assertContains('Jim Doe</a></td><td>', $content); // jim should have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jim should have access to jimDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jim should have access to johnDoeContact's detail view $this->setGetArray(array('id' => $johnDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jim should have access to johnDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // unlink Parent group from child $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $this->setGetArray(array('id' => $childGroupId)); $this->setPostArray(array('Group' => array('name' => 'Child', 'group' => array('id' => '')))); $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/group/edit'); $childGroup = Group::getByName('Child'); $this->assertNotNull($childGroup); $this->assertEquals('Child', strval($childGroup)); $parentGroup->forgetAll(); $parentGroup = Group::getById($parentGroupId); $this->assertNotContains($childGroup, $parentGroup->groups); // ensure jim can not see that contact anywhere // jim should not have access to see contact on list view $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim'); $this->resetGetArray(); // get the page, ensure the name of contact does not show up there. $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default'); $this->assertNotContains('John Doe</a></td><td>', $content); $this->assertContains('Jim Doe</a></td><td>', $content); // jim should have access to jimDoeContact's detail view $this->setGetArray(array('id' => $jimDoeContactId)); $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); // jim should have access to jimDoeContact's edit view $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); // jim should not have access to johnDoeContact's detail view $this->setGetArray(array('id' => $johnDoeContactId)); try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details'); $this->fail('Accessing details action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } // jim should not have access to johnDoeContact's edit view try { $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit'); $this->fail('Accessing edit action should have thrown ExitException'); } catch (ExitException $e) { // just cleanup buffer $this->endAndGetOutputBuffer(); } }
public function testRegularUserActionsWithMarketingListRightAndRequiredPermissions() { $this->setGetArray(array('id' => static::$regularUserMemberId)); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/defaultPortlet/toggleUnsubscribed', true); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/defaultPortlet/delete', true); $this->setGetArray(array('marketingListId' => static::$regularUserMarketingListId)); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/defaultPortlet/countMembers'); $type = 'contact'; $account = AccountTestHelper::createAccountByNameForOwner('account2', $this->user); $contact8 = ContactTestHelper::createContactWithAccountByNameForOwner('contact8', $this->user, $account); $this->setGetArray(array('marketingListId' => static::$regularUserMarketingListId, 'id' => $contact8->id, 'type' => $type)); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/defaultPortlet/subscribeContacts'); //$this->user->setRight('ReportsModule', ReportsModule::getAccessRight()); $this->user->setRight('ContactsModule', ContactsModule::getAccessRight()); // or leads. Else PartialRightsForReportSecurityException $this->assertTrue($this->user->save()); $type = 'report'; $report = SavedReportTestHelper::makeSimpleContactRowsAndColumnsReport(); $this->setGetArray(array('marketingListId' => static::$regularUserMarketingListId, 'id' => $report->id, 'type' => $type)); $this->runControllerWithNoExceptionsAndGetContent('marketingLists/defaultPortlet/subscribeContacts'); }
/** * @depends testCreateAndGetEmailTemplateById */ public function testValidationErrorForInaccessibleModule() { // test against a user who doesn't have access for provided model's modulename $nobody = UserTestHelper::createBasicUser('nobody'); Yii::app()->user->userModel = $nobody; $emailTemplate = new EmailTemplate(); $emailTemplate->type = EmailTemplate::TYPE_WORKFLOW; $emailTemplate->subject = 'Another Test subject'; $emailTemplate->name = 'Another Test Email Template'; $emailTemplate->textContent = 'Text Content'; $emailTemplate->builtType = EmailTemplate::BUILT_TYPE_PASTED_HTML; $emailTemplate->modelClassName = 'Contact'; $validated = $emailTemplate->validate(null, false, true); $this->assertFalse($validated); $errorMessages = $emailTemplate->getErrors(); $this->assertEquals(1, count($errorMessages)); $this->assertTrue(array_key_exists('modelClassName', $errorMessages)); $this->assertEquals(1, count($errorMessages['modelClassName'])); $this->assertEquals('Provided class name access is prohibited.', $errorMessages['modelClassName'][0]); // grant him access, now save should work $nobody->setRight('ContactsModule', ContactsModule::getAccessRight()); $this->assertTrue($nobody->save()); $validated = $emailTemplate->validate(null, false, true); $this->assertTrue($validated); $this->assertEmpty($emailTemplate->getErrors()); $this->assertTrue($emailTemplate->save()); $this->assertEquals(1, EmailTemplate::getCount()); // this is his only template }
/** * @depends testListContacts */ public function testUnprivilegedUserViewUpdateDeleteContacts() { Yii::app()->user->userModel = User::getByUsername('super'); $notAllowedUser = UserTestHelper::createBasicUser('Steven'); $notAllowedUser->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $saved = $notAllowedUser->save(); $authenticationData = $this->login('steven', 'steven'); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME); $this->assertTrue($everyoneGroup->save()); $contacts = Contact::getByName('Michael Smith with just owner'); $this->assertEquals(1, count($contacts)); $data['department'] = "Support"; // Test with unprivileged user to view, edit and delete account. $authenticationData = $this->login('steven', 'steven'); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $response = $this->createApiCallWithRelativeUrl('read/' . $contacts[0]->id, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have rights to perform this action.', $response['message']); $response = $this->createApiCallWithRelativeUrl('update/' . $contacts[0]->id, 'PUT', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have rights to perform this action.', $response['message']); $response = $this->createApiCallWithRelativeUrl('delete/' . $contacts[0]->id, 'DELETE', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have rights to perform this action.', $response['message']); //now check if user have rights, but no permissions. $notAllowedUser->setRight('ContactsModule', ContactsModule::getAccessRight()); $notAllowedUser->setRight('ContactsModule', ContactsModule::getCreateRight()); $notAllowedUser->setRight('ContactsModule', ContactsModule::getDeleteRight()); $saved = $notAllowedUser->save(); $this->assertTrue($saved); $response = $this->createApiCallWithRelativeUrl('read/' . $contacts[0]->id, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have permissions for this action.', $response['message']); $response = $this->createApiCallWithRelativeUrl('update/' . $contacts[0]->id, 'PUT', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have permissions for this action.', $response['message']); $response = $this->createApiCallWithRelativeUrl('delete/' . $contacts[0]->id, 'DELETE', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have permissions for this action.', $response['message']); // Allow everyone group to read/write contact $authenticationData = $this->login(); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); unset($data); $data['explicitReadWriteModelPermissions'] = array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_EVERYONE_GROUP); $response = $this->createApiCallWithRelativeUrl('update/' . $contacts[0]->id, 'PUT', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $authenticationData = $this->login('steven', 'steven'); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $response = $this->createApiCallWithRelativeUrl('read/' . $contacts[0]->id, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); unset($data); $data['department'] = "Support"; $response = $this->createApiCallWithRelativeUrl('update/' . $contacts[0]->id, 'PUT', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals('Support', $response['data']['department']); // Test with privileged user $authenticationData = $this->login(); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); //Test Delete $response = $this->createApiCallWithRelativeUrl('delete/' . $contacts[0]->id, 'DELETE', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $response = $this->createApiCallWithRelativeUrl('read/' . $contacts[0]->id, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); }