public function testSaveAndLoadGroup()
{
$u = array();
for ($i = 0; $i < 5; $i++) {
$user = new User();
$user->setScenario('createUser');
$user->username = "******";
$user->title->value = 'Mr.';
$user->firstName = "Uuuuuu{$i}";
$user->lastName = "Uuuuuu{$i}son";
$user->setPassword("uuuuu{$i}");
$this->assertTrue($user->save());
$u[] = $user;
}
$a = new Group();
$a->name = 'AAA';
$this->assertTrue($a->save());
$this->assertEquals(0, $a->users->count());
$this->assertEquals(0, $a->groups->count());
$b = new Group();
$b->name = 'BBB';
$this->assertTrue($b->save());
$this->assertEquals(0, $b->users->count());
$this->assertEquals(0, $b->groups->count());
$a->users->add($u[0]);
$a->groups->add($b);
$this->assertTrue($a->save());
$this->assertEquals(1, $a->users->count());
$b->forget();
unset($b);
$a->forget();
unset($a);
}
public function testPasswordExpiresPolicyRules()
{
$everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
$everyoneGroup->save();
$user = UserTestHelper::createBasicUser('Bobby');
$id = $user->id;
unset($user);
$user = User::getById($id);
$adapter = new UserGroupMembershipToViewAdapter($user);
$viewData = $adapter->getViewData();
$compareData = array($everyoneGroup->id => array('displayName' => 'Everyone', 'canRemoveFrom' => false));
$this->assertEquals($compareData, $viewData);
$a = new Group();
$a->name = 'AAA';
$this->assertTrue($a->save());
$a->users->add($user);
$this->assertTrue($a->save());
$user->forget();
$groupId = $a->id;
$a->forget();
unset($a);
$user = User::getById($id);
$adapter = new UserGroupMembershipToViewAdapter($user);
$viewData = $adapter->getViewData();
$compareData = array($everyoneGroup->id => array('displayName' => 'Everyone', 'canRemoveFrom' => false), $groupId => array('displayName' => 'AAA', 'canRemoveFrom' => true));
$this->assertEquals($compareData, $viewData);
$user->forget();
unset($user);
}
public function testStrongerIntegerNotSavingAsInteger()
{
SecurityTestHelper::createSuperAdmin();
Yii::app()->user->userModel = User::getByUsername('super');
$user = UserTestHelper::createBasicUser('arrry');
$userId = $user->id;
$user2 = UserTestHelper::createBasicUser('brrry');
$user2Id = $user2->id;
$a = new Group();
$a->name = 'RRRRRA';
$this->assertTrue($a->save());
$a->users->add($user);
$a->users->add($user2);
$a->save();
$user->forget();
$user2->forget();
$a->forget();
unset($a);
unset($user);
unset($user2);
$a = Group::getByName('RRRRRA');
$data = PoliciesUtil::getAllModulePoliciesDataByPermitable($a);
$policiesForm = PoliciesFormUtil::makeFormFromPoliciesData($data);
$fakePost = array('UsersModule__POLICY_ENFORCE_STRONG_PASSWORDS' => '', 'UsersModule__POLICY_MINIMUM_PASSWORD_LENGTH__helper' => '1', 'UsersModule__POLICY_MINIMUM_PASSWORD_LENGTH' => '5', 'UsersModule__POLICY_MINIMUM_USERNAME_LENGTH__helper' => '1', 'UsersModule__POLICY_MINIMUM_USERNAME_LENGTH' => '5', 'UsersModule__POLICY_PASSWORD_EXPIRES' => '');
$validatedAndCastedPostData = PoliciesFormUtil::typeCastPostData($fakePost);
$policiesForm = PoliciesFormUtil::loadFormFromCastedPost($policiesForm, $validatedAndCastedPostData);
$this->assertTrue($policiesForm->validate());
$saved = PoliciesFormUtil::setPoliciesFromCastedPost($validatedAndCastedPostData, $a);
$this->assertTrue($saved);
$a->forget();
$user = User::getById($userId);
$user2 = User::getById($user2Id);
$data = PoliciesUtil::getAllModulePoliciesDataByPermitable($user);
$data = PoliciesUtil::getAllModulePoliciesDataByPermitable($user2);
$user->forget();
$user2->forget();
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create superAccount owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
//Test nobody, access to details of superAccount should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$superAccount->addPermissions($nobody, Permission::READ);
$this->assertTrue($superAccount->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create meeting for an superAccount using the super user
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount);
//Test nobody, access to edit, details and delete of meeting should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to details view only
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody);
//Now access to meetings view by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Now access to meetings edit and delete by Nobody should fail
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
//Now access to meetings view and edit by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Now access to meetings delete by Nobody should fail
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//revoke the permission from the nobody user to access the meeting
Yii::app()->user->userModel = $super;
$meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody);
//Now nobodys, access to edit, details and delete of meetings should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
//Now nobodys, access to delete of meetings should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create account owned by super
$account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$account2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($account2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a meeting owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$meeting2 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedBySuperForRole', $super, $account2);
//Test userInChildRole, access to meetings details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentRole, access to meetings details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give userInChildRole access to READ permision for meetings
Yii::app()->user->userModel = $super;
$meeting2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($meeting2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting2, $userInChildRole);
//Test userInChildRole, access to meetings details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Test userInChildRole, access to meetings edit and delete should fail.
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentRole, access to meetings details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Test userInParentRole, access to meetings edit and delete should fail.
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give userInChildRole access to read and write for the meetings
Yii::app()->user->userModel = $super;
$meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
//Test userInChildRole, access to meetings edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Test userInChildRole, access to meetings delete should fail.
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentRole, access to meetings edit should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Test userInParentRole, access to meetings delete should fail.
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//revoke userInChildRole access to read and write meetings
Yii::app()->user->userModel = $super;
$meeting2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting2, $userInChildRole);
//Test userInChildRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give userInChildRole access to read and write for the meetings
Yii::app()->user->userModel = $super;
$meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
$this->assertTrue($meeting2->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
//Test userInParentRole, access to delete should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$this->assertTrue($userInChildGroup->save());
//create account owned by super
$account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
//Test userInParentGroup, access to details should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$account3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($account3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a meeting owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$meeting3 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('mettingCreatedBySuperForGroup', $super, $account3);
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_ACCESS_MEETINGS);
$userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_CREATE_MEETINGS);
$userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_DELETE_MEETINGS);
$this->assertTrue($userInChildGroup->save());
//Test userInParentGroup, access to meetings details and edit should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInChildGroup, access to meetings details and edit should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$meeting3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($meeting3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($meeting3, $parentGroup);
//Test userInParentGroup, access to meetings details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Test userInParentGroup, access to meetings edit and delete should fail.
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInChildGroup, access to meetings details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Test userInChildGroup, access to meetings edit and delete should fail.
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$meeting3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($meeting3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
//Test userInParentGroup, access to edit meetings should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Test userInParentGroup, access to meetings delete should fail.
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInChildGroup, access to edit meetings should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Test userInChildGroup, access to meetings delete should fail.
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//revoke parentGroup access to meetings read and write
Yii::app()->user->userModel = $super;
$meeting3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($meeting3, $parentGroup);
//Test userInChildGroup, access to meetings detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentGroup, access to meetings detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$meeting3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
$this->assertTrue($meeting3->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
//Test userInChildGroup, access to meetings delete should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create project owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super);
//Test nobody, access to edit and details should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
//give nobody access to read
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ);
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
//Test nobody, access to edit should fail.
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
$projectId = $project->id;
$project->forget();
$project = Project::getById($projectId);
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
//TODO :Its wierd that giving opportunity errors
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody);
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
$projectId = $project->id;
$project->forget();
$project = Project::getById($projectId);
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody);
//Test nobody, access to detail should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create project owned by super
$project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$project2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($project2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
$projectId = $project2->id;
$project2->forget();
$project2 = Project::getById($projectId);
//give userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($project2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project2, $userInChildRole);
//Test userInChildRole, access to edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
//Test userInParentRole, access to edit should not fail.
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
$this->setGetArray(array('id' => $project2->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
$projectId = $project2->id;
$project2->forget();
$project2 = Project::getById($projectId);
//revoke userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($project2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project2, $userInChildRole);
//Test userInChildRole, access to detail should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//Test userInParentRole, access to detail should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to Products and creation of Products.
$userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_ACCESS_PROJECTS);
$userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_CREATE_PROJECTS);
$this->assertTrue($userInChildGroup->save());
//create project owned by super
$project3 = ProjectTestHelper::createProjectByNameForOwner('testingParentGroupPermission', $super);
//Test userInParentGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//Test userInChildGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$project3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($project3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($project3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
$projectId = $project3->id;
$project3->forget();
$project3 = Project::getById($projectId);
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($project3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($project3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($project3, $parentGroup);
//Test userInParentGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
//Test userInChildGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $project3->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
$projectId = $project3->id;
$project3->forget();
$project3 = Project::getById($projectId);
//revoke parentGroup access to read and write
Yii::app()->user->userModel = $super;
$project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($project3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($project3, $parentGroup);
//Test userInChildGroup, access to detail should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//Test userInParentGroup, access to detail should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
//clear up the role relationships between users so not to effect next assertions
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create contact web form owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super);
//Test nobody, access to edit and details should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$contactWebForm->addPermissions($nobody, Permission::READ);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test nobody, access to edit should fail.
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm->id;
$contactWebForm->forget();
$contactWebForm = ContactWebForm::getById($contactWebFormId);
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody);
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm->id;
$contactWebForm->forget();
$contactWebForm = ContactWebForm::getById($contactWebFormId);
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
//Test nobody, access to detail should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create web form owned by super
$contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$contactWebForm2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($contactWebForm2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
$contactWebFormId = $contactWebForm2->id;
$contactWebForm2->forget();
$contactWebForm2 = ContactWebForm::getById($contactWebFormId);
//give userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm2, $userInChildRole);
//Test userInChildRole, access to edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
//Test userInParentRole, access to edit should not fail.
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm2->id;
$contactWebForm2->forget();
$contactWebForm2 = ContactWebForm::getById($contactWebFormId);
//revoke userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($contactWebForm2, $userInChildRole);
//Test userInChildRole, access to detail should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//Test userInParentRole, access to detail should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to ContactWebForms and creation of ContactWebForms.
$userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS);
$userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS);
$this->assertTrue($userInChildGroup->save());
//create web form owned by super
$contactWebForm3 = ContactWebFormTestHelper::createContactWebFormByName('testingParentGroupPermission', $super);
//Test userInParentGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//Test userInChildGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$contactWebForm3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($contactWebForm3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($contactWebForm3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
$contactWebFormId = $contactWebForm3->id;
$contactWebForm3->forget();
$contactWebForm3 = ContactWebForm::getById($contactWebFormId);
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($contactWebForm3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm3, $parentGroup);
//Test userInParentGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
//Test userInChildGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm3->id;
$contactWebForm3->forget();
$contactWebForm3 = ContactWebForm::getById($contactWebFormId);
//revoke parentGroup access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($contactWebForm3, $parentGroup);
//Test userInChildGroup, access to detail should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//Test userInParentGroup, access to detail should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
//clear up the role relationships between users so not to effect next assertions
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create lead owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super);
//Test nobody, access to edit, details and delete should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test nobody, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
//Now the nobody user should be able to access the edit view and still the details view
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test nobody, access to delete should fail.
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody);
//Test nobody, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read, write and delete
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
//now nobody should be able to delete a lead
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create lead owned by super
$lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super);
//Test userInChildRole, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentRole, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$lead2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($lead2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test userInChildRole, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test userInParentRole, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$lead2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
//Test userInChildRole, access to edit and delete should not fail and also detaisl view must be accessible.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test userInChildRole, access to delete should fail.
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentRole, access to edit should not fail.
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test userInParentRole, access to delete should fail.
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//revoke userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$lead2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead2, $userInChildRole);
//Test userInChildRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give userInChildRole access to read, write and delete
Yii::app()->user->userModel = $super;
$lead2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
$this->assertTrue($lead2->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
//Test userInParentRole, access to delete should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $lead2->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to leads and creation of leads.
$userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
$userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS);
$userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS);
$this->assertTrue($userInChildGroup->save());
//create lead owned by super
$lead3 = LeadTestHelper::createLeadByNameForOwner('leadsParentGroupPermission', $super);
//Test userInParentGroup, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInChildGroup, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$lead3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($lead3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($lead3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test userInParentGroup, access to delete should fail.
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInChildGroup, access to edit and details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test userInChildGroup, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$lead3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($lead3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
//Test userInParentGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test userInParentGroup, access to delete should fail.
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInChildGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test userInChildGroup, access to delete should fail.
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//revoke parentGroup access to read and write
Yii::app()->user->userModel = $super;
$lead3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($lead3, $parentGroup);
//Test userInChildGroup, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentGroup, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give parentGroup access to read, write and delete
Yii::app()->user->userModel = $super;
$lead3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
$this->assertTrue($lead3->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
//Test userInChildGroup, access to delete should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* Should not throw an exception AccessDeniedSecurityException
*/
public function testARegularUserWhoCanAccessGroupsCanProperlyModifyModulePermission()
{
$nobody = UserTestHelper::createBasicUser('nobody');
$nobody->setRight('GroupsModule', GroupsModule::RIGHT_ACCESS_GROUPS);
$nobody->setRight('GroupsModule', GroupsModule::RIGHT_CREATE_GROUPS);
$nobody->setRight('GroupsModule', GroupsModule::RIGHT_DELETE_GROUPS);
$this->assertTrue($nobody->save());
Yii::app()->user->userModel = $nobody;
$group = new Group();
$group->name = 'newGroup2';
$saved = $group->save();
$this->assertTrue($saved);
$group->forget();
$newItem = NamedSecurableItem::getByName('SomeModule');
$this->assertEquals(array(Permission::NONE, Permission::NONE), $newItem->getExplicitActualPermissions($group));
$newItem->forget();
$fakePost = array('SomeModule__' . Permission::CHANGE_PERMISSIONS => strval(Permission::ALLOW), 'SomeModule__' . Permission::CHANGE_OWNER => strval(Permission::ALLOW));
$validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
$saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
$this->assertTrue($saved);
//Success, an exception was not thrown. AccessDeniedSecurityException
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create account owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$account = AccountTestHelper::createAccountByNameForOwner('testingAccountsForElevationToModelTest', $super);
//Test nobody, access to edit, details and delete should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $account->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//give nobody access to read
Yii::app()->user->userModel = $super;
$account->addPermissions($nobody, Permission::READ);
$this->assertTrue($account->save());
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $account->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test nobody, access to edit and delete should fail.
$this->setGetArray(array('id' => $account->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$account->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($account->save());
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $account->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit');
//Test nobody, access to delete should fail.
$this->setGetArray(array('id' => $account->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$account->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($account->save());
//Test nobody, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $account->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//give nobody access to read, write and delete
Yii::app()->user->userModel = $super;
$account->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($account->save());
//Test nobody, access to delete should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $account->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('accounts/default/delete', Yii::app()->createUrl('accounts/default/index'));
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
//create account owned by super
$account2 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentRolePermission', $super);
//Test userInChildRole, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//Test userInParentRole, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$account2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($account2->save());
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInChildRole, access to edit and delete should fail.
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInParentRole, access to edit and delete should fail.
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//give userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$account2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($account2->save());
//Test userInChildRole, access to edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit');
//Test userInChildRole, access to delete should fail.
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//Test userInParentRole, access to edit should not fail.
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit');
//Test userInParentRole, access to delete should fail.
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//revoke userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$account2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($account2->save());
//Test userInChildRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//Test userInParentRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//give userInChildRole access to read, write and delete
Yii::app()->user->userModel = $super;
$account2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
$this->assertTrue($account2->save());
//Test userInParentRole, access to delete should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('accounts/default/delete', Yii::app()->createUrl('accounts/default/index'));
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_CREATE_ACCOUNTS);
$userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_DELETE_ACCOUNTS);
$this->assertTrue($userInChildGroup->save());
//create account owned by super
$account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
//Test userInParentGroup, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//Test userInChildGroup, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$account3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($account3->save());
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInParentGroup, access to edit and delete should fail.
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInChildGroup, access to edit and delete should fail.
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$account3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($account3->save());
//Test userInParentGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit');
//Test userInParentGroup, access to delete should fail.
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//Test userInChildGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/edit');
//Test userInChildGroup, access to delete should fail.
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//revoke parentGroup access to read and write
Yii::app()->user->userModel = $super;
$account3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($account3->save());
//Test userInChildGroup, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//Test userInParentGroup, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/edit');
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/delete');
//give parentGroup access to read, write and delete
Yii::app()->user->userModel = $super;
$account3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
$this->assertTrue($account3->save());
//Test userInChildGroup, access to delete should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('accounts/default/delete', Yii::app()->createUrl('accounts/default/index'));
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* @depends testSaveAndLoadGroup
*/
public function testGroupsWithParentGroup()
{
$a = Group::getByName('AAA');
$aId = $a->id;
$group = new Group();
$group->name = 'Child';
$group->group = $a;
$saved = $group->save();
$this->assertTrue($saved);
$group->forget();
unset($group);
$group = Group::getByName('Child');
$this->assertEquals('Child', $group->name);
$this->assertEquals($aId, $group->group->id);
unset($group);
unset($a);
RedBeanModel::forgetAll();
$a = Group::getByName('AAA');
$group = Group::getByName('Child');
$a->groups->remove($group);
$this->assertTrue($a->save());
}
/**
* Test nested groups
*/
public function testGroupChangeOrDeleteScenario4()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$job = new ReadPermissionSubscriptionUpdateForAccountJob();
$jobBasedOnBuildTable = new ReadPermissionSubscriptionUpdateForAccountFromBuildTableJob();
$johnny = self::$johnny;
$this->deleteAllModelsAndRecordsFromReadPermissionTable('Account');
$account = AccountTestHelper::createAccountByNameForOwner('Third Account', $super);
Yii::app()->jobQueue->deleteAll();
sleep(1);
$parentGroup = new Group();
$parentGroup->name = 'Parent';
$this->assertTrue($parentGroup->save());
$group = new Group();
$group->name = 'Child';
$group->group = $parentGroup;
$saved = $group->save();
$this->assertTrue($saved);
$group->users->add($johnny);
$this->assertTrue($group->save());
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(1, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
// Add permissions for parentGroup to READ account
$account->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($account->save());
RedBeanModel::forgetAll();
ReadPermissionsOptimizationUtil::rebuild();
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($jobBasedOnBuildTable->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[1]['userid']);
$this->assertEquals($account->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
// Remove permissions from parentGroup to READ account
$account->removePermissions($parentGroup, Permission::READ);
$this->assertTrue($account->save());
RedBeanModel::forgetAll();
ReadPermissionsOptimizationUtil::rebuild();
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($jobBasedOnBuildTable->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[1]['userid']);
$this->assertEquals($account->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows[1]['subscriptiontype']);
// Test parent group adding/removing
$account->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($account->save());
RedBeanModel::forgetAll();
ReadPermissionsOptimizationUtil::rebuild();
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($jobBasedOnBuildTable->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[1]['userid']);
$this->assertEquals($account->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
// Delete parent group
$parentGroup->delete();
RedBeanModel::forgetAll();
ReadPermissionsOptimizationUtil::rebuild();
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[1]['userid']);
$this->assertEquals($account->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows[1]['subscriptiontype']);
// Now test adding parent group
$group->forget();
$group = Group::getByName('Child');
$accountId = $account->id;
$account->forget();
$account = Account::getById($accountId);
$parentGroup2 = new Group();
$parentGroup2->name = 'Parent';
$this->assertTrue($parentGroup2->save());
$group->group = $parentGroup2;
$saved = $group->save();
$this->assertTrue($saved);
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
$account->addPermissions($parentGroup2, Permission::READ);
$this->assertTrue($account->save());
RedBeanModel::forgetAll();
ReadPermissionsOptimizationUtil::rebuild();
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($jobBasedOnBuildTable->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[1]['userid']);
$this->assertEquals($account->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create superAccount owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
//Test nobody, access to edit and details of superAccount should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$superAccount->addPermissions($nobody, Permission::READ);
$this->assertTrue($superAccount->save());
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create task for an superAccount using the super user
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$task = TaskTestHelper::createTaskWithOwnerAndRelatedAccount('taskCreatedByNobody', $super, $superAccount);
//Test nobody, access to edit and details of task should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $task->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
$this->setGetArray(array('id' => $task->id));
$this->resetPostArray();
//give nobody access to details view only
Yii::app()->user->userModel = $super;
$task->addPermissions($nobody, Permission::READ);
$this->assertTrue($task->save());
//Now access to tasks view by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $task->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/details');
//Now access to tasks edit by Nobody should fail
$this->setGetArray(array('id' => $task->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$task->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($task->save());
//Now access to tasks view and edit by Nobody should not fail.
$this->setGetArray(array('id' => $task->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/details');
$this->setGetArray(array('id' => $task->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit');
//revoke the permission from the nobody user to access the task
Yii::app()->user->userModel = $super;
$task->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($task->save());
//Now nobodys, access to edit and details of tasks should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $task->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
$this->setGetArray(array('id' => $task->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
//create account owned by super
$account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$account2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($account2->save());
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a task owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$task2 = TaskTestHelper::createTaskWithOwnerAndRelatedAccount('taskCreatedBySuperForRole', $super, $account2);
//Test userInParentRole, access to tasks details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $task2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
$this->setGetArray(array('id' => $task2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details');
//give userInChildRole access to READ permision for tasks
Yii::app()->user->userModel = $super;
$task2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($task2->save());
//Test userInChildRole, access to tasks details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $task2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/details');
//Test userInParentRole, access to tasks details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $task2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/details');
//give userInChildRole access to read and write for the tasks
Yii::app()->user->userModel = $super;
$task2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($task2->save());
//Test userInChildRole, access to tasks edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $task2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit');
//Test userInParentRole, access to tasks edit should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $task2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit');
//revoke userInChildRole access to read and write tasks
Yii::app()->user->userModel = $super;
$task2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($task2->save());
//Test userInChildRole, access to detail and edit should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $task2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details');
$this->setGetArray(array('id' => $task2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
//Test userInParentRole, access to detail and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $task2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details');
$this->setGetArray(array('id' => $task2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_CREATE_ACCOUNTS);
$this->assertTrue($userInChildGroup->save());
//create account owned by super
$account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
//Test userInParentGroup, access to details should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$account3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($account3->save());
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a task owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$task3 = TaskTestHelper::createTaskWithOwnerAndRelatedAccount('taskCreatedBySuperForGroup', $super, $account3);
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('TasksModule', TasksModule::RIGHT_ACCESS_TASKS);
$userInChildGroup->setRight('TasksModule', TasksModule::RIGHT_CREATE_TASKS);
$this->assertTrue($userInChildGroup->save());
//Test userInParentGroup, access to tasks details and edit should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $task3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
$this->setGetArray(array('id' => $task3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details');
//Test userInChildGroup, access to tasks details and edit should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $task3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details');
$this->setGetArray(array('id' => $task3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$task3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($task3->save());
//Test userInParentGroup, access to tasks details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $task3->id));
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/details');
//Test userInChildGroup, access to tasks details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $task3->id));
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/details');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$task3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($task3->save());
//Test userInParentGroup, access to edit tasks should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $task3->id));
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit');
//Test userInChildGroup, access to edit tasks should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $task3->id));
$this->runControllerWithNoExceptionsAndGetContent('tasks/default/edit');
//revoke parentGroup access to tasks read and write
Yii::app()->user->userModel = $super;
$task3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($task3->save());
//Test userInChildGroup, access to tasks detail should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $task3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details');
$this->setGetArray(array('id' => $task3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
//Test userInParentGroup, access to tasks detail should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $task3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/details');
$this->setGetArray(array('id' => $task3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/edit');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create opportunity owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$opportunity = OpportunityTestHelper::createOpportunityByNameForOwner('opportunityForElevationToModelTest', $super);
//Test nobody, access to edit and details should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $opportunity->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
$this->setGetArray(array('id' => $opportunity->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$opportunity->addPermissions($nobody, Permission::READ);
$this->assertTrue($opportunity->save());
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $opportunity->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details');
//Test nobody, access to edit should fail.
$this->setGetArray(array('id' => $opportunity->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$opportunity->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($opportunity->save());
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $opportunity->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details');
$this->setGetArray(array('id' => $opportunity->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit');
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$opportunity->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($opportunity->save());
//Test nobody, access to detail should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $opportunity->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details');
$this->setGetArray(array('id' => $opportunity->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
//create opportunity owned by super
$opportunity2 = OpportunityTestHelper::createOpportunityByNameForOwner('testingParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details');
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$opportunity2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($opportunity2->save());
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details');
//give userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$opportunity2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($opportunity2->save());
//Test userInChildRole, access to edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit');
//Test userInParentRole, access to edit should not fail.
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit');
//revoke userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$opportunity2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($opportunity2->save());
//Test userInChildRole, access to detail should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details');
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
//Test userInParentRole, access to detail should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details');
$this->setGetArray(array('id' => $opportunity2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to Opportunities and creation of Opportunities.
$userInChildGroup->setRight('OpportunitiesModule', OpportunitiesModule::RIGHT_ACCESS_OPPORTUNITIES);
$userInChildGroup->setRight('OpportunitiesModule', OpportunitiesModule::RIGHT_CREATE_OPPORTUNITIES);
$this->assertTrue($userInChildGroup->save());
//create opportunity owned by super
$opportunity3 = OpportunityTestHelper::createOpportunityByNameForOwner('testingParentGroupPermission', $super);
//Test userInParentGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details');
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
//Test userInChildGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details');
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$opportunity3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($opportunity3->save());
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/details');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$opportunity3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($opportunity3->save());
//Test userInParentGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit');
//Test userInChildGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerWithNoExceptionsAndGetContent('opportunities/default/edit');
//revoke parentGroup access to read and write
Yii::app()->user->userModel = $super;
$opportunity3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($opportunity3->save());
//Test userInChildGroup, access to detail should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details');
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
//Test userInParentGroup, access to detail should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/details');
$this->setGetArray(array('id' => $opportunity3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('opportunities/default/edit');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
//clear up the role relationships between users so not to effect next assertions
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
