/**
* change general user permissions
* @depends testModifyUserToAdmin
* @var User $user
*/
public function testPermissionChanges()
{
$userGroup = User::getByName("unitTestUserGroup");
$username = $userGroup->getUsername();
$userGroup->setAdmin(false);
$userGroup->save();
unset($userGroup);
$userGroup = User::getByName($username);
//test if admin is allowed all
$permissionList = new User_Permission_Definition_List();
$permissionList->load();
$permissions = $permissionList->getDefinitions();
$setPermissions = array();
//gradually set all system permissions
foreach ($permissions as $permission) {
$userGroup->setPermission($permission->getKey());
$setPermissions[] = $permission->getKey();
$userGroup->save();
unset($userGroup);
$userGroup = User::getByName($username);
foreach ($setPermissions as $p) {
$this->assertTrue($userGroup->isAllowed($p));
}
}
//remove system permissions
$userGroup->setAllAclToFalse();
foreach ($setPermissions as $p) {
$this->assertFalse($userGroup->isAllowed($p));
}
//cannot list documents, assts, objects because no permissions by now
$documentRoot = Document::getById(1);
$documentRoot->getPermissionsForUser($userGroup);
$this->assertFalse($documentRoot->isAllowed("list"));
$objectRoot = Object_Abstract::getById(1);
$objectRoot->getPermissionsForUser($userGroup);
$this->assertFalse($objectRoot->isAllowed("list"));
$assetRoot = Asset::getById(1);
$assetRoot->getPermissionsForUser($userGroup);
$this->assertFalse($assetRoot->isAllowed("list"));
$objectFolder = new Object_Folder();
$objectFolder->setParentId(1);
$objectFolder->setUserOwner(1);
$objectFolder->setUserModification(1);
$objectFolder->setCreationDate(time());
$objectFolder->setKey(uniqid() . rand(10, 99));
$objectFolder->save();
$documentFolder = Document_Folder::create(1, array("userOwner" => 1, "key" => uniqid() . rand(10, 99)));
$assetFolder = Asset_Folder::create(1, array("filename" => uniqid() . "_data", "type" => "folder", "userOwner" => 1));
$user = User::getByName("unitTestUser");
$user->setAdmin(false);
$user->save();
$userGroup->setPermission("objects");
$userGroup->setPermission("documents");
$userGroup->setPermission("assets");
$userGroup->save();
//test permissions with user group and user
$this->permissionTest($objectRoot, $objectFolder, $userGroup, $user, $user, "object");
$this->permissionTest($assetRoot, $assetFolder, $userGroup, $user, $user, "asset");
$this->permissionTest($documentRoot, $documentFolder, $userGroup, $user, $user, "document");
//test permissions when there is no user group permissions
$user = User::create(array("parentId" => 0, "username" => "unitTestUser2", "password" => md5("unitTestUser2"), "hasCredentials" => true, "active" => true));
unset($user);
$user = User::getByName("unitTestUser2");
$user->setPermission("objects");
$user->setPermission("documents");
$user->setPermission("assets");
$user->save();
$this->assertTrue($user instanceof User and $user->getUsername() == "unitTestUser2");
$this->permissionTest($objectRoot, $objectFolder, null, $user, $user, "object");
$this->permissionTest($assetRoot, $assetFolder, null, $user, $user, "asset");
$this->permissionTest($documentRoot, $documentFolder, null, $user, $user, "document");
//test permissions when there is only user group permissions
$user = User::create(array("parentId" => $userGroup->getId(), "username" => "unitTestUser3", "password" => md5("unitTestUser3"), "hasCredentials" => true, "active" => true));
unset($user);
$user = User::getByName("unitTestUser3");
$this->assertTrue($user instanceof User and $user->getUsername() == "unitTestUser3");
$this->permissionTest($objectRoot, $objectFolder, $userGroup, null, $user, "object");
$this->permissionTest($assetRoot, $assetFolder, $userGroup, null, $user, "asset");
$this->permissionTest($documentRoot, $documentFolder, $userGroup, null, $user, "document");
}
