public function testSuperUserNoteDefaultControllerActions()
{
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
//Load AttributesList for Note module.
$this->setGetArray(array('moduleClassName' => 'NotesModule'));
$this->runControllerWithNoExceptionsAndGetContent('designer/default/attributesList');
//Load ModuleLayoutsList for Note module.
$this->setGetArray(array('moduleClassName' => 'NotesModule'));
$this->runControllerWithNoExceptionsAndGetContent('designer/default/moduleLayoutsList');
//Load ModuleEdit view for each applicable module.
$this->setGetArray(array('moduleClassName' => 'NotesModule'));
$this->runControllerWithNoExceptionsAndGetContent('designer/default/moduleEdit');
//Now validate save with failed validation.
$this->setGetArray(array('moduleClassName' => 'NotesModule'));
$this->setPostArray(array('ajax' => 'edit-form', 'NotesModuleForm' => $this->createModuleEditBadValidationPostData()));
$content = $this->runControllerWithExitExceptionAndGetContent('designer/default/moduleEdit');
$this->assertTrue(strlen($content) > 50);
//approximate, but should definetely be larger than 50.
//Now validate save with successful validation.
$this->setGetArray(array('moduleClassName' => 'NotesModule'));
$this->setPostArray(array('ajax' => 'edit-form', 'NotesModuleForm' => $this->createModuleEditGoodValidationPostData('note new name')));
$content = $this->runControllerWithExitExceptionAndGetContent('designer/default/moduleEdit');
$this->assertEquals('[]', $content);
//Now save successfully.
$this->setGetArray(array('moduleClassName' => 'NotesModule'));
$this->setPostArray(array('save' => 'Save', 'NotesModuleForm' => $this->createModuleEditGoodValidationPostData('note new name')));
$this->runControllerWithRedirectExceptionAndGetContent('designer/default/moduleEdit');
//Now confirm everything did in fact save correctly.
$this->assertEquals('Note New Name', NotesModule::getModuleLabelByTypeAndLanguage('Singular'));
$this->assertEquals('Note New Names', NotesModule::getModuleLabelByTypeAndLanguage('Plural'));
$this->assertEquals('note new name', NotesModule::getModuleLabelByTypeAndLanguage('SingularLowerCase'));
$this->assertEquals('note new names', NotesModule::getModuleLabelByTypeAndLanguage('PluralLowerCase'));
//Load LayoutEdit for each applicable module and applicable layout
$this->resetPostArray();
$this->setGetArray(array('moduleClassName' => 'NotesModule', 'viewClassName' => 'NoteEditAndDetailsView'));
$this->runControllerWithNoExceptionsAndGetContent('designer/default/LayoutEdit');
$this->setGetArray(array('moduleClassName' => 'NotesModule', 'viewClassName' => 'NoteInlineEditView'));
$this->runControllerWithNoExceptionsAndGetContent('designer/default/LayoutEdit');
}
protected function resolveConfirmAlertInHtmlOptions($htmlOptions)
{
$htmlOptions['confirm'] = Zurmo::t('Core', 'Are you sure you want to delete this {modelLabel}?', array('{modelLabel}' => NotesModule::getModuleLabelByTypeAndLanguage('SingularLowerCase')));
return $htmlOptions;
}
/**
* For each dupeModel add total ammount of Notes, Tasks, Emails and Meetings
* @param $chart
*/
protected function resolveDataForChart(&$chart)
{
$notes = array('category' => NotesModule::getModuleLabelByTypeAndLanguage('Plural'));
$tasks = array('category' => TasksModule::getModuleLabelByTypeAndLanguage('Plural'));
$emails = array('category' => EmailMessagesModule::getModuleLabelByTypeAndLanguage('Plural'));
$meetings = array('category' => MeetingsModule::getModuleLabelByTypeAndLanguage('Plural'));
foreach ($this->dupeModels as $dupeModel) {
$itemId = $dupeModel->getClassId('Item');
$notes['model-' . $dupeModel->id] = LatestActivitiesUtil::getCountByModelClassName('Note', array($itemId), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL);
$tasks['model-' . $dupeModel->id] = LatestActivitiesUtil::getCountByModelClassName('Task', array($itemId), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL);
$emails['model-' . $dupeModel->id] = LatestActivitiesUtil::getCountByModelClassName('EmailMessage', array($itemId), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL);
$meetings['model-' . $dupeModel->id] = LatestActivitiesUtil::getCountByModelClassName('Meeting', array($itemId), LatestActivitiesConfigurationForm::OWNED_BY_FILTER_ALL);
}
$chart->data = array($notes, $tasks, $emails, $meetings);
}
public function testDetailsJsonActionForWorkflow()
{
$this->user->setRight('NotesModule', NotesModule::getAccessRight());
$this->assertTrue($this->user->save());
parent::testDetailsJsonActionForWorkflow();
}
/**
* @depends testListNotes
*/
public function testUnprivilegedUserViewUpdateDeleteNotes()
{
Yii::app()->user->userModel = User::getByUsername('super');
$notAllowedUser = UserTestHelper::createBasicUser('Steven');
$notAllowedUser->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$saved = $notAllowedUser->save();
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
$this->assertTrue($everyoneGroup->save());
$notes = Note::getByName('Updated note description');
$this->assertEquals(1, count($notes));
$data['description'] = "Updated note description";
// Test with unprivileged user to view, edit and delete account.
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/read/' . $notes[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/update/' . $notes[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/delete/' . $notes[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have rights to perform this action.', $response['message']);
//now check if user have rights, but no permissions.
$notAllowedUser->setRight('NotesModule', NotesModule::getAccessRight());
$notAllowedUser->setRight('NotesModule', NotesModule::getCreateRight());
$notAllowedUser->setRight('NotesModule', NotesModule::getDeleteRight());
$saved = $notAllowedUser->save();
$this->assertTrue($saved);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/read/' . $notes[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/update/' . $notes[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/delete/' . $notes[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
// Allow everyone group to read/write note
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
unset($data);
$data['explicitReadWriteModelPermissions'] = array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_EVERYONE_GROUP);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/update/' . $notes[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$authenticationData = $this->login('steven', 'steven');
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/read/' . $notes[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
unset($data);
$data['description'] = "Updated note description 2";
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/update/' . $notes[0]->id, 'PUT', $headers, array('data' => $data));
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$this->assertEquals("Updated note description 2", $response['data']['description']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/delete/' . $notes[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
$this->assertEquals('You do not have permissions for this action.', $response['message']);
// Test with privileged user
$authenticationData = $this->login();
$headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
//Test Delete
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/delete/' . $notes[0]->id, 'DELETE', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
$response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/notes/note/api/read/' . $notes[0]->id, 'GET', $headers);
$response = json_decode($response, true);
$this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
}
public function testGetModelClassNames()
{
$modelClassNames = NotesModule::getModelClassNames();
$this->assertEquals(1, count($modelClassNames));
$this->assertEquals('Note', $modelClassNames[0]);
}
