public function test_can_do_group_privilege()
{
$topic = $this->create_object('midcom_db_topic');
$person = $this->create_user();
$group = $this->create_object('midcom_db_group');
$this->create_object('midcom_db_member', array('gid' => $group->id, 'uid' => $person->id));
midcom::get('auth')->request_sudo('midcom.core');
$topic->set_privilege('midgard:read', 'group:' . $group->guid, MIDCOM_PRIVILEGE_DENY);
$user = new midcom_core_user($person);
midcom::get('auth')->drop_sudo();
$auth = new midcom_services_auth();
$auth->initialize();
$this->assertTrue($auth->can_do('midgard:read', $topic));
$auth->user = $user;
$this->assertFalse($auth->can_do('midgard:read', $topic));
}
public function test_can_do()
{
$topic = $this->create_object('midcom_db_topic');
$person = $this->create_user();
$user = new midcom_core_user($person);
$auth = new midcom_services_auth();
$auth->initialize();
$this->assertFalse($auth->can_do('midgard:read', null));
$this->assertTrue($auth->can_do('midgard:read', $topic));
$this->assertFalse($auth->can_do('midgard:delete', $topic));
$auth->admin = true;
$this->assertFalse($auth->can_do('midgard:delete', $topic));
$auth->user = $user;
$this->assertTrue($auth->can_do('midgard:delete', $topic));
$auth->admin = false;
$this->assertFalse($auth->can_do('midgard:delete', $topic));
$person2 = $this->create_user();
$user2 = new midcom_core_user($person2);
$topic2 = $this->create_object('midcom_db_topic');
midcom::get('auth')->request_sudo('midcom.core');
$topic2->set_privilege('midgard:delete', $user2->id, MIDCOM_PRIVILEGE_ALLOW);
midcom::get('auth')->drop_sudo();
$auth->user = $user2;
$this->assertTrue($auth->can_do('midgard:delete', $topic2));
}
