public function actionDeleteViaAjax($id) { $socialItem = SocialItem::getById(intval($id)); if (!$socialItem->canUserDelete(Yii::app()->user->userModel) && $socialItem->owner->id != Yii::app()->user->userModel->id && $socialItem->toUser->id != Yii::app()->user->userModel->id) { $messageView = new AccessFailureAjaxView(); $view = new AjaxPageView($messageView); echo $view->render(); Yii::app()->end(0, false); } $deleted = $socialItem->delete(); if (!$deleted) { throw new FailedToDeleteModelException(); } }
/** * @depends testAddingComments */ public function testDeleteSocialItem() { $socialItems = SocialItem::getAll(); $this->assertEquals(1, count($socialItems)); $comments = Comment::getAll(); $this->assertEquals(1, count($comments)); $fileModels = FileModel::getAll(); $this->assertEquals(1, count($fileModels)); foreach ($socialItems as $socialItem) { $socialItemId = $socialItem->id; $socialItem->forget(); $socialItem = SocialItem::getById($socialItemId); $deleted = $socialItem->delete(); $this->assertTrue($deleted); } $socialItems = SocialItem::getAll(); $this->assertEquals(0, count($socialItems)); //check that all comments are removed, since they are owned. $comments = Comment::getAll(); $this->assertEquals(0, count($comments)); $fileModels = FileModel::getAll(); $this->assertEquals(0, count($fileModels)); }
/** * @depends testAddingCommentsAndUpdatingActivityStampsOnSocialItem */ public function testUsersCanReadAndWriteSocialItemsOkThatAreNotOwner() { if (!SECURITY_OPTIMIZED) { return; } //todo; we stll need to test that other users can get to the missions. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $mary = User::getByUsername('mary'); $socialItems = SocialItem::getAll(); $this->assertEquals(2, count($socialItems)); $this->assertEquals(2, $socialItems[0]->comments->count()); //Mary should not be able to edit the mission $mary = $this->logoutCurrentUserLoginNewUserAndGetByUsername('mary'); $this->setGetArray(array('id' => $socialItems[0]->id)); $this->runControllerWithExitExceptionAndGetContent('missions/default/edit'); //new test - mary can delete a comment she wrote $maryCommentId = $socialItems[0]->comments->offsetGet(1)->id; $this->assertEquals($socialItems[0]->comments->offsetGet(1)->createdByUser->id, $mary->id); $superCommentId = $socialItems[0]->comments->offsetGet(0)->id; $this->assertEquals($socialItems[0]->comments->offsetGet(0)->createdByUser->id, $super->id); $this->setGetArray(array('relatedModelId' => $socialItems[0]->id, 'relatedModelClassName' => 'SocialItem', 'relatedModelRelationName' => 'comments', 'id' => $maryCommentId)); $this->runControllerWithNoExceptionsAndGetContent('comments/default/deleteViaAjax', true); $socialItemId = $socialItems[0]->id; $socialItems[0]->forget(); $socialItem = SocialItem::getById($socialItemId); $this->assertEquals(1, $socialItem->comments->count()); //new test - mary cannot delete a comment she did not write. $this->setGetArray(array('relatedModelId' => $socialItems[0]->id, 'relatedModelClassName' => 'SocialItem', 'relatedModelRelationName' => 'comments', 'id' => $superCommentId)); $this->runControllerShouldResultInAjaxAccessFailureAndGetContent('comments/default/deleteViaAjax'); $socialItemId = $socialItems[0]->id; $socialItems[0]->forget(); $socialItem = SocialItem::getById($socialItemId); $this->assertEquals(1, $socialItem->comments->count()); $this->assertEquals(1, $socialItem->comments->count()); $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $this->assertTrue($socialItem->owner->isSame($super)); //new test , super can delete the socialItem $this->setGetArray(array('id' => $socialItem->id)); $this->runControllerWithNoExceptionsAndGetContent('socialItems/default/deleteViaAjax', true); $socialItems = SocialItem::getAll(); $this->assertEquals(1, count($socialItems)); }