public function setUp() { parent::setUp(); $this->enableSecurity(); $userRole = new Opus_UserRole(); $userRole->setName($this->roleName); $userRole->appendAccessModule('admin'); $userRole->appendAccessModule('resource_series'); $userRole->store(); $user = new Opus_Account(); $user->setLogin($this->userName); $user->setPassword('seriesadminpwd'); $user->addRole($userRole); $user->store(); $this->loginUser($this->userName, 'seriesadminpwd'); }
public function setUp() { parent::setUp(); $testRole = new Opus_UserRole(); $testRole->setName('_test'); $testRole->appendAccessModule('documents'); $this->roleId = $testRole->store(); $userAccount = new Opus_Account(); $userAccount->setLogin('role_tester')->setPassword('role_tester'); $userAccount->setRole($testRole); $this->userId = $userAccount->store(); // fake authentication Zend_Auth::getInstance()->getStorage()->write('role_tester'); }
/** * Stores selected permissions in database. * * @param type $request * * TODO secure against missing parameters */ private function storeModules($request) { $id = $request->getParam('roleid'); $role = new Opus_UserRole($id); $roleModules = $role->listAccessModules(); foreach ($roleModules as $module) { if ($request->getParam('set_' . $module, 'NULL') === 'NULL') { $role->removeAccessModule($module); } } $params = $request->getParams(); foreach ($params as $name => $value) { if ($this->string_begins_with($name, 'set_')) { $module = explode("_", $name, 2); $module = $module[1]; $role->appendAccessModule($module); } } $role->store(); }
public function testUserAccessToInstituteWithInstituteRightsRegression3245() { $testRole = new Opus_UserRole(); $testRole->setName('TestRole'); $testRole->appendAccessModule('admin'); $testRole->appendAccessModule('resource_institutions'); $this->roleId = $testRole->store(); $userAccount = new Opus_Account(); $userAccount->setLogin('role_tester')->setPassword('role_tester'); $userAccount->setRole($testRole); $this->userId = $userAccount->store(); $this->enableSecurity(); $this->loginUser('role_tester', 'role_tester'); $this->useEnglish(); $this->dispatch('/admin/dnbinstitute/edit/id/1'); $this->assertNotRedirect(); $this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it'); $this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it'); }