/**
* @return string content
* @param EmailMessage object $emailMessage
* @param User object $user
*/
public static function renderEmailMessageToMatchContent(EmailMessage $emailMessage, $user)
{
$userCanAccessContacts = RightsUtil::canUserAccessModule('ContactsModule', $user);
$userCanAccessLeads = RightsUtil::canUserAccessModule('LeadsModule', $user);
$userCanCreateContact = RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getCreateRight(), $user);
$userCanCreateLead = RightsUtil::doesUserHaveAllowByRightName('LeadsModule', LeadsModule::getCreateRight(), $user);
if ($userCanAccessLeads && $userCanAccessContacts) {
$selectForm = new AnyContactSelectForm();
} elseif (!$userCanAccessLeads && $userCanAccessContacts) {
$selectForm = new ContactSelectForm();
} else {
$selectForm = new LeadSelectForm();
}
if ($userCanCreateContact && $userCanCreateLead) {
$gridSize = 3;
} elseif ($userCanCreateContact || $userCanCreateLead) {
$gridSize = 2;
} else {
$gridSize = 1;
}
$contact = new Contact();
self::resolveEmailAddressAndNameToContact($emailMessage, $contact);
$view = new ArchivedEmailMatchingView('default', 'emailMessages', $emailMessage, $contact, $selectForm, $userCanAccessLeads, $userCanAccessContacts, $userCanCreateContact, $userCanCreateLead, $gridSize);
return $view->render();
}
/**
* @depends testListLead
*/
public function testUnprivilegedUserViewUpdateDeleteLead()
{
Yii::app()->user->userModel = User::getByUsername('super');
$notAllowedUser = UserTestHelper::createBasicUser('Steven');
$notAllowedUser->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$saved = $notAllowedUser->save();
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
$this->assertTrue($everyoneGroup->save());
$leads = Contact::getByName('Michael Smith');
$this->assertEquals(1, count($leads));
$data['department'] = "Support";
// Test with unprivileged user to view, edit and delete account.
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
//now check if user have rights, but no permissions.
$notAllowedUser->setRight('LeadsModule', LeadsModule::getAccessRight());
$notAllowedUser->setRight('LeadsModule', LeadsModule::getCreateRight());
$notAllowedUser->setRight('LeadsModule', LeadsModule::getDeleteRight());
$saved = $notAllowedUser->save();
$this->assertTrue($saved);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
// Update unprivileged user permissions
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
unset($data);
$data['explicitReadWriteModelPermissions'] = array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_EVERYONE_GROUP);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
unset($data);
$data['department'] = "Support";
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals('Support', $response['data']['department']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
// Test with privileged user
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
//Test Delete
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
}
