public function actionDeleteViaAjax($id)
{
$socialItem = SocialItem::getById(intval($id));
if (!$socialItem->canUserDelete(Yii::app()->user->userModel) && $socialItem->owner->id != Yii::app()->user->userModel->id && $socialItem->toUser->id != Yii::app()->user->userModel->id) {
$messageView = new AccessFailureAjaxView();
$view = new AjaxPageView($messageView);
echo $view->render();
Yii::app()->end(0, false);
}
$deleted = $socialItem->delete();
if (!$deleted) {
throw new FailedToDeleteModelException();
}
}
/**
* @depends testAddingComments
*/
public function testDeleteSocialItem()
{
$socialItems = SocialItem::getAll();
$this->assertEquals(1, count($socialItems));
$comments = Comment::getAll();
$this->assertEquals(1, count($comments));
$fileModels = FileModel::getAll();
$this->assertEquals(1, count($fileModels));
foreach ($socialItems as $socialItem) {
$socialItemId = $socialItem->id;
$socialItem->forget();
$socialItem = SocialItem::getById($socialItemId);
$deleted = $socialItem->delete();
$this->assertTrue($deleted);
}
$socialItems = SocialItem::getAll();
$this->assertEquals(0, count($socialItems));
//check that all comments are removed, since they are owned.
$comments = Comment::getAll();
$this->assertEquals(0, count($comments));
$fileModels = FileModel::getAll();
$this->assertEquals(0, count($fileModels));
}
/**
* @depends testAddingCommentsAndUpdatingActivityStampsOnSocialItem
*/
public function testUsersCanReadAndWriteSocialItemsOkThatAreNotOwner()
{
if (!SECURITY_OPTIMIZED) {
return;
}
//todo; we stll need to test that other users can get to the missions.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$mary = User::getByUsername('mary');
$socialItems = SocialItem::getAll();
$this->assertEquals(2, count($socialItems));
$this->assertEquals(2, $socialItems[0]->comments->count());
//Mary should not be able to edit the mission
$mary = $this->logoutCurrentUserLoginNewUserAndGetByUsername('mary');
$this->setGetArray(array('id' => $socialItems[0]->id));
$this->runControllerWithExitExceptionAndGetContent('missions/default/edit');
//new test - mary can delete a comment she wrote
$maryCommentId = $socialItems[0]->comments->offsetGet(1)->id;
$this->assertEquals($socialItems[0]->comments->offsetGet(1)->createdByUser->id, $mary->id);
$superCommentId = $socialItems[0]->comments->offsetGet(0)->id;
$this->assertEquals($socialItems[0]->comments->offsetGet(0)->createdByUser->id, $super->id);
$this->setGetArray(array('relatedModelId' => $socialItems[0]->id, 'relatedModelClassName' => 'SocialItem', 'relatedModelRelationName' => 'comments', 'id' => $maryCommentId));
$this->runControllerWithNoExceptionsAndGetContent('comments/default/deleteViaAjax', true);
$socialItemId = $socialItems[0]->id;
$socialItems[0]->forget();
$socialItem = SocialItem::getById($socialItemId);
$this->assertEquals(1, $socialItem->comments->count());
//new test - mary cannot delete a comment she did not write.
$this->setGetArray(array('relatedModelId' => $socialItems[0]->id, 'relatedModelClassName' => 'SocialItem', 'relatedModelRelationName' => 'comments', 'id' => $superCommentId));
$this->runControllerShouldResultInAjaxAccessFailureAndGetContent('comments/default/deleteViaAjax');
$socialItemId = $socialItems[0]->id;
$socialItems[0]->forget();
$socialItem = SocialItem::getById($socialItemId);
$this->assertEquals(1, $socialItem->comments->count());
$this->assertEquals(1, $socialItem->comments->count());
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$this->assertTrue($socialItem->owner->isSame($super));
//new test , super can delete the socialItem
$this->setGetArray(array('id' => $socialItem->id));
$this->runControllerWithNoExceptionsAndGetContent('socialItems/default/deleteViaAjax', true);
$socialItems = SocialItem::getAll();
$this->assertEquals(1, count($socialItems));
}
