function testActionsMatchDatabase()
{
$all_db_actions = Action::getAllFromDb(['flag_delete' => FALSE], $this->DB);
$this->assertEqual(count(Action::$VALID_ACTIONS), count($all_db_actions));
$action_db_names = Db_Linked::arrayOfAttrValues($all_db_actions, 'name');
foreach (Action::$VALID_ACTIONS as $va) {
$this->assertTrue(in_array($va, $action_db_names), "'{$va}' missing from database");
}
foreach ($action_db_names as $db_a) {
$this->assertTrue(in_array($db_a, Action::$VALID_ACTIONS), "'{$db_a}' missing from VALID_ACTIONS");
}
}
function testCanActOnTarget_Pub_Verify()
{
$n2 = Notebook::getOneFromDb(['notebook_id' => 1003], $this->DB);
// owned by 102
$actions_list = Action::getAllFromDb([], $this->DB);
$actions = [];
foreach ($actions_list as $act_elt) {
$actions[$act_elt->name] = $act_elt;
}
$rat = new Role_Action_Target(['last_user_id' => 110, 'role_id' => 3, 'action_id' => 1, 'target_type' => 'notebook', 'target_id' => 1003, 'DB' => $this->DB]);
$rat->updateDb();
$this->assertTrue($rat->matchesDb);
// basic, field user
$u = User::getOneFromDb(['user_id' => 101], $this->DB);
$this->assertFalse($n2->flag_workflow_published);
$this->assertFalse($n2->flag_workflow_validated);
$this->assertFalse($u->canActOnTarget($actions['view'], $n2));
$this->assertFalse($u->canActOnTarget($actions['edit'], $n2));
$this->assertTrue($u->canActOnTarget($actions['create'], $n2));
$this->assertFalse($u->canActOnTarget($actions['delete'], $n2));
$this->assertFalse($u->canActOnTarget($actions['publish'], $n2));
$this->assertFalse($u->canActOnTarget($actions['verify'], $n2));
$n2->flag_workflow_published = true;
$n2->updateDb();
$this->assertTrue($n2->matchesDb);
$u->clearCaches();
$this->assertFalse($u->canActOnTarget($actions['view'], $n2));
$this->assertFalse($u->canActOnTarget($actions['edit'], $n2));
$this->assertTrue($u->canActOnTarget($actions['create'], $n2));
$this->assertFalse($u->canActOnTarget($actions['delete'], $n2));
$this->assertFalse($u->canActOnTarget($actions['publish'], $n2));
$this->assertFalse($u->canActOnTarget($actions['verify'], $n2));
$n2->flag_workflow_validated = true;
$n2->updateDb();
$this->assertTrue($n2->matchesDb);
$u->clearCaches();
$this->assertTrue($u->canActOnTarget($actions['view'], $n2));
$this->assertFalse($u->canActOnTarget($actions['edit'], $n2));
$this->assertTrue($u->canActOnTarget($actions['create'], $n2));
$this->assertFalse($u->canActOnTarget($actions['delete'], $n2));
$this->assertFalse($u->canActOnTarget($actions['publish'], $n2));
$this->assertFalse($u->canActOnTarget($actions['verify'], $n2));
}
function createAllTestData($dbConn)
{
createTestData_Authoritative_Plants($dbConn);
createTestData_Authoritative_Plant_Extras($dbConn);
createTestData_Metadata_Structures($dbConn);
createTestData_Metadata_Term_Sets($dbConn);
createTestData_Metadata_Term_Values($dbConn);
createTestData_Metadata_References($dbConn);
createTestData_Notebooks($dbConn);
createTestData_Notebook_Pages($dbConn);
createTestData_Notebook_Page_Fields($dbConn);
createTestData_Role_Action_Targets($dbConn);
createTestData_Specimens($dbConn);
createTestData_Specimen_Images($dbConn);
createTestData_Users($dbConn);
createTestData_User_Roles($dbConn);
$all_actions = Action::getAllFromDb([], $dbConn);
global $ACTIONS;
foreach ($all_actions as $a) {
$ACTIONS[$a->name] = $a;
}
}
require_once '../lang.cfg.php';
require_once '../classes/ALL_CLASS_INCLUDES.php';
require_once '../auth.cfg.php';
require_once '../util.php';
# TODO: validate the request (user logged in, fingerprint checks out)
if (!array_key_exists('isAuthenticated', $_SESSION) || !$_SESSION['isAuthenticated']) {
echo 'not authenticated';
exit;
}
$FINGERPRINT = util_generateRequestFingerprint();
// used to prevent/complicate session hijacking ands XSS attacks
if ($_SESSION['fingerprint'] != $FINGERPRINT) {
echo 'bad fingerprint';
exit;
}
# Create database connection object
$DB = util_createDbConnection();
$all_actions = Action::getAllFromDb(['flag_delete' => false], $DB);
$ACTIONS = array();
foreach ($all_actions as $a) {
$ACTIONS[$a->name] = $a;
}
$USER = User::getOneFromDb(['username' => $_SESSION['userdata']['username']], $DB);
if (!$USER->matchesDb) {
echo 'user did not load correctly';
exit;
}
#------------------------------------------------#
# Set default return value
#------------------------------------------------#
$results = ['status' => 'failure', 'note' => 'unknown reason', 'html_output' => ''];
