public function testNestedSubPermission() { $this->getACL()->setCaching(false); $this->getACL()->removeObjectRules('jarves/node'); $tokenStorage = $this->getTokenStorage(); $token = new UsernamePasswordToken(UserQuery::create()->findOneByUsername('test'), null, "main"); $tokenStorage->setToken($token); $user = $this->getPageStack()->getUser(); $this->assertEquals('test', $user->getUsername()); $domain = DomainQuery::create()->findOne(); $root = NodeQuery::create()->findRoot($domain->getId()); $subNode = new Node(); $subNode->setTitle('TestNode tree'); $subNode->insertAsFirstChildOf($root); $subNode->save(); $subNode2 = new Node(); $subNode2->setTitle('TestNode sub'); $subNode2->insertAsFirstChildOf($subNode); $subNode2->save(); //make access for all $rule = new Acl(); $rule->setAccess(true); $rule->setObject('jarves/node'); $rule->setTargetType(\Jarves\ACL::TARGET_TYPE_USER); $rule->setTargetId($user->getId()); $rule->setMode(\Jarves\ACL::MODE_ALL); $rule->setConstraintType(\Jarves\ACL::CONSTRAINT_ALL); $rule->setPrio(2); $rule->save(); //revoke access for all children of `TestNode tree` $rule2 = new Acl(); $rule2->setAccess(false); $rule2->setObject('jarves/node'); $rule2->setTargetType(\Jarves\ACL::TARGET_TYPE_USER); $rule2->setTargetId($user->getId()); $rule2->setMode(\Jarves\ACL::MODE_ALL); $rule2->setConstraintType(\Jarves\ACL::CONSTRAINT_CONDITION); $rule2->setConstraintCode(json_encode(['title', '=', 'TestNode tree'])); $rule2->setPrio(3); $rule2->setSub(true); $rule2->save(); $this->getCacher()->invalidateCache('core'); $node1RequestListing = ACLRequest::create('jarves/node', $subNode->getId())->onlyListingMode(); $node2RequestListing = ACLRequest::create('jarves/node', $subNode2->getId())->onlyListingMode(); $this->assertFalse($this->getACL()->check($node1RequestListing)); $this->assertFalse($this->getACL()->check($node2RequestListing)); $items = $this->getObjects()->getBranch('jarves/node', $subNode->getId(), null, 1, null, ['permissionCheck' => true]); $this->assertNull($items, 'rule2 revokes the access to all elements'); $item = $this->getObjects()->get('jarves/node', $subNode2->getId(), ['permissionCheck' => true]); $this->assertNull($item); // Deactivate sub $rule2->setSub(false); $rule2->save(); $this->assertFalse($this->getACL()->check($node1RequestListing)); $this->assertTrue($this->getACL()->check($node2RequestListing)); $items = $this->getObjects()->getBranch('jarves/node', $subNode->getId(), null, 1, null, ['permissionCheck' => true]); $this->assertEquals('TestNode sub', $items[0]['title'], 'We got TestNode sub'); $item = $this->getObjects()->get('jarves/node', $subNode2->getId(), ['permissionCheck' => true]); $this->assertEquals('TestNode sub', $item['title'], 'We got TestNode sub'); // Activate access $rule2->setAccess(true); $rule2->save(); $this->assertTrue($this->getACL()->check($node1RequestListing)); $this->assertTrue($this->getACL()->check($node2RequestListing)); $items = $this->getObjects()->getBranch('jarves/node', $subNode->getId(), null, 1, null, ['permissionCheck' => true]); $this->assertEquals('TestNode sub', $items[0]['title'], 'We got TestNode sub'); $subNode->delete(); $subNode2->delete(); $rule->delete(); $rule2->delete(); $this->getACL()->setCaching(true); }