public function setUp()
{
parent::setUp();
$this->enableSecurity();
$userRole = new Opus_UserRole();
$userRole->setName($this->roleName);
$userRole->appendAccessModule('admin');
$userRole->appendAccessModule('resource_series');
$userRole->store();
$user = new Opus_Account();
$user->setLogin($this->userName);
$user->setPassword('seriesadminpwd');
$user->addRole($userRole);
$user->store();
$this->loginUser($this->userName, 'seriesadminpwd');
}
public function setUp()
{
parent::setUp();
$testRole = new Opus_UserRole();
$testRole->setName('_test');
$testRole->appendAccessModule('documents');
$this->roleId = $testRole->store();
$userAccount = new Opus_Account();
$userAccount->setLogin('role_tester')->setPassword('role_tester');
$userAccount->setRole($testRole);
$this->userId = $userAccount->store();
// fake authentication
Zend_Auth::getInstance()->getStorage()->write('role_tester');
}
/**
* Stores selected permissions in database.
*
* @param type $request
*
* TODO secure against missing parameters
*/
private function storeModules($request)
{
$id = $request->getParam('roleid');
$role = new Opus_UserRole($id);
$roleModules = $role->listAccessModules();
foreach ($roleModules as $module) {
if ($request->getParam('set_' . $module, 'NULL') === 'NULL') {
$role->removeAccessModule($module);
}
}
$params = $request->getParams();
foreach ($params as $name => $value) {
if ($this->string_begins_with($name, 'set_')) {
$module = explode("_", $name, 2);
$module = $module[1];
$role->appendAccessModule($module);
}
}
$role->store();
}
public function testUserAccessToInstituteWithInstituteRightsRegression3245()
{
$testRole = new Opus_UserRole();
$testRole->setName('TestRole');
$testRole->appendAccessModule('admin');
$testRole->appendAccessModule('resource_institutions');
$this->roleId = $testRole->store();
$userAccount = new Opus_Account();
$userAccount->setLogin('role_tester')->setPassword('role_tester');
$userAccount->setRole($testRole);
$this->userId = $userAccount->store();
$this->enableSecurity();
$this->loginUser('role_tester', 'role_tester');
$this->useEnglish();
$this->dispatch('/admin/dnbinstitute/edit/id/1');
$this->assertNotRedirect();
$this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
$this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
}
