/**
* @depends testSetWriteDenyPermission
*/
public function testPermissionsUtilGetAllModulePermissionsData()
{
$this->assertEquals(User::getByUsername('super'), Yii::app()->user->userModel);
$securableItem3 = new NamedSecurableItem();
$securableItem3->name = 'TestItem3';
$saved = $securableItem3->save();
$this->assertTrue($saved);
$group = new Group();
$group->name = 'modulePermissionsGroup';
$saved = $group->save();
$this->assertTrue($saved);
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContactsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'LeadsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'MeetingsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'NotesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'OpportunitiesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContractsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'TasksModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'UsersModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
$this->assertEquals($compareData['AccountsModule'], $data['AccountsModule']);
$this->assertEquals($compareData['ContactsModule'], $data['ContactsModule']);
$this->assertEquals($compareData['LeadsModule'], $data['LeadsModule']);
$this->assertEquals($compareData['OpportunitiesModule'], $data['OpportunitiesModule']);
$this->assertEquals($compareData['ContractsModule'], $data['ContractsModule']);
$this->assertEquals($compareData['TasksModule'], $data['TasksModule']);
$this->assertEquals($compareData['NotesModule'], $data['NotesModule']);
$this->assertEquals($compareData['MeetingsModule'], $data['MeetingsModule']);
$this->assertEquals($compareData['UsersModule'], $data['UsersModule']);
$group->forget();
$securableItem3->forget();
}
protected function setSomePermissions()
{
if (!SECURITY_OPTIMIZED) {
return;
}
$accounts = Account::getAll();
$account = $accounts[0];
$user = User::getByUsername('bobby');
$this->assertNotEquals($account->owner->id, $user->id);
$everyone = Group::getByName('Everyone');
$account->addPermissions($user, Permission::READ);
$account->addPermissions($user, Permission::WRITE, Permission::DENY);
$account->addPermissions($everyone, Permission::CHANGE_OWNER);
$this->assertTrue($account->save());
try {
$securableItem1 = NamedSecurableItem::getByName('Account');
} catch (NotFoundException $e) {
$securableItem1 = new NamedSecurableItem();
$securableItem->name = 'Account';
}
$securableItem1->addPermissions($everyone, Permission::DELETE);
$this->assertTrue($securableItem1->save());
try {
$securableItem2 = NamedSecurableItem::getByName('Account');
} catch (NotFoundException $e) {
$securableItem2 = new NamedSecurableItem();
$securableItem->name = 'AccountsModule';
}
$securableItem2->addPermissions($everyone, Permission::CHANGE_PERMISSIONS);
$this->assertTrue($securableItem2->save());
}
public function testPermissionsOnNamedSecurableItems()
{
$accounts = Account::getByName('Supermart');
$this->assertEquals(1, count($accounts));
$account = $accounts[0];
$owner = $account->owner;
$user = User::getByUsername('bobby');
$this->assertNotEquals($owner->id, $user->id);
$everyone = Group::getByName(Group::EVERYONE_GROUP_NAME);
$group = Group::getByName('Sales Staff');
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($group));
// Putting permissions on.
$securableItem1 = new NamedSecurableItem();
$securableItem1->name = 'Account';
$securableItem1->addPermissions($everyone, Permission::READ);
$securableItem1->addPermissions($user, Permission::DELETE);
$securableItem1->addPermissions($group, Permission::WRITE);
$this->assertTrue($securableItem1->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::READ_WRITE_DELETE, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($group));
$securableItem2 = new NamedSecurableItem();
$securableItem2->name = 'AccountsModule';
$securableItem2->addPermissions($everyone, Permission::CHANGE_OWNER);
$securableItem2->addPermissions($group, Permission::DELETE);
$this->assertTrue($securableItem2->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group));
$account->addPermissions($user, Permission::CHANGE_OWNER);
$account->addPermissions($group, Permission::READ, Permission::DENY);
$this->assertTrue($account->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::WRITE | Permission::DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::WRITE | Permission::DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group));
// Taking permissions off.
$account->removeAllPermissions();
$this->assertTrue($account->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::READ_WRITE_DELETE | Permission::CHANGE_OWNER, $account->getEffectivePermissions($group));
$securableItem2->removeAllPermissions();
$this->assertTrue($securableItem2->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::READ_WRITE_DELETE, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($group));
$securableItem1->removeAllPermissions();
$this->assertTrue($securableItem1->save());
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions($owner));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($user));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone));
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($group));
$securableItem2->delete();
unset($securableItem2);
$securableItem1->delete();
unset($securableItem1);
}
