public function testABitOfEverythingAsAnExample() { $superAdminDude = new User(); $superAdminDude->title->value = 'Miss'; $superAdminDude->username = '******'; $superAdminDude->firstName = 'Laura'; $superAdminDude->lastName = 'Laurason'; $superAdminDude->setPassword('laura'); $this->assertTrue($superAdminDude->save()); $adminDude = new User(); $adminDude->title->value = 'Mr.'; $adminDude->username = '******'; $adminDude->firstName = 'Jason'; $adminDude->lastName = 'Jasonson'; $adminDude->setPassword('jason'); $this->assertTrue($adminDude->save()); $accountOwner = new User(); $accountOwner->title->value = 'Mr.'; // :P $accountOwner->username = '******'; $accountOwner->firstName = 'lisa'; $accountOwner->lastName = 'Lisason'; $accountOwner->setPassword('lisay'); $this->assertTrue($accountOwner->save()); $salesDude1 = new User(); $salesDude1->title->value = 'Mr.'; $salesDude1->username = '******'; $salesDude1->firstName = 'Ray'; $salesDude1->lastName = 'Rayson'; $salesDude1->setPassword('ray45'); $this->assertTrue($salesDude1->save()); $salesDude2 = new User(); $salesDude2->title->value = 'Mr.'; $salesDude2->username = '******'; $salesDude2->firstName = 'Stafford'; $salesDude2->lastName = 'Staffordson'; $salesDude2->setPassword('stafford'); $this->assertTrue($salesDude2->save()); $managementDudette = new User(); $managementDudette->title->value = 'Ms.'; $managementDudette->username = '******'; $managementDudette->firstName = 'Donna'; $managementDudette->lastName = 'Donnason'; $managementDudette->setPassword('donna'); $this->assertTrue($managementDudette->save()); $supportDude = new User(); $supportDude->title->value = 'Mr.'; $supportDude->username = '******'; $supportDude->firstName = 'Ross'; $supportDude->lastName = 'Rosson'; $supportDude->setPassword('rossy'); $this->assertTrue($supportDude->save()); $superAdminDudes = new Group(); $superAdminDudes->name = 'Super Admin Dudes'; $superAdminDudes->users->add($superAdminDude); $this->assertTrue($superAdminDudes->save()); $adminDudes = new Group(); $adminDudes->name = 'Admin Dudes'; $adminDudes->users->add($adminDude); $adminDudes->groups->add($superAdminDudes); $this->assertTrue($adminDudes->save()); $superAdminDudes->setPolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES, 0); $this->assertTrue($superAdminDudes->save()); $adminDudes->setRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS); $adminDudes->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB); $adminDudes->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE); $adminDudes->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $adminDudes->setPolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS, 90); $this->assertTrue($adminDudes->save()); $salesDudes = new Group(); $salesDudes->name = 'Sales Dudes'; $salesDudes->users->add($salesDude1); $salesDudes->users->add($salesDude2); $this->assertTrue($salesDudes->save()); $managementDudes = new Group(); $managementDudes->name = 'Management Dudes'; $managementDudes->users->add($managementDudette); $this->assertTrue($managementDudes->save()); $everyone = Group::getByName(Group::EVERYONE_GROUP_NAME); $everyone->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB); $everyone->setPolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES, 1); $everyone->setPolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS, 30); $this->assertTrue($everyone->save()); Yii::app()->user->userModel = $accountOwner; $account = new Account(); $account->name = 'Doozy Co.'; $this->assertTrue($account->save()); // The account has no explicit permissions set at this point. // The account owner has full permissions implicitly. $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner)); // Nobody else has permissions. $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude)); // Everyone is given read permissions to the account. $everyone = Group::getByName(Group::EVERYONE_GROUP_NAME); $account->addPermissions($everyone, Permission::READ); $account->save(); // In one step everyone has read permissions, except the owner who still has full. $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($supportDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); // Sales Dudes is given write permissions to the account. $account->addPermissions($salesDudes, Permission::WRITE); $account->save(); // The Sales Dudes group and everyone in it has write. $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($supportDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); // Management Dudes is given change owner permissions to the account. $account->addPermissions($managementDudes, Permission::CHANGE_OWNER); $account->save(); // The Managment Dudes group and everyone in it has change owner. $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($supportDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); // We want to remove Support Dude's read on the account. // The first way... having thought about our security and groups well... // Everyone's read permission is removed, and instead Sales Dudes // and Managment Dudes are given read permissions. Order is irrelevant. $account->removePermissions($everyone, Permission::READ); $account->addPermissions($salesDudes, Permission::READ); $account->addPermissions($managementDudes, Permission::READ); $account->save(); // The effect is that Support Dude and Admin Dudes lose read permissions because // now nobody has that permission via Everyone. $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($everyone)); // Permissions are set back. $account->addPermissions($everyone, Permission::READ); $account->removePermissions($salesDudes, Permission::READ); $account->removePermissions($managementDudes, Permission::READ); $account->save(); // Support Dude and Admin Dudes get their read back. $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($supportDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); // The second way... more ad-hoc... // We explicitly deny. Deny's have precedence over allows. $account->addPermissions($supportDude, Permission::READ, Permission::DENY); $account->save(); // The effect is that Support Dude loses read permissions but // Everyone else still has read. $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); // Managment Dudes has all permissions is denied. // This takes precedence over the read permission the group was given. $account->addPermissions($managementDudes, Permission::ALL, Permission::DENY); $account->save(); // The effect is that Management Dudes lose all permissions // regardless of what they have been granted. $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); // We'll give Management Dudes back their permissions. $account->removePermissions($managementDudes, Permission::ALL, Permission::DENY); // And give management dudette change permissions. $account->addPermissions($managementDudette, Permission::CHANGE_PERMISSIONS); $account->save(); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::ALL, $account->getEffectivePermissions($accountOwner)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::READ | Permission::CHANGE_PERMISSIONS | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::READ_WRITE, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::READ | Permission::CHANGE_OWNER, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($everyone)); // Then we'll just nuke eveyone's permissions. If you use this it is for // the kind of scenario where an admin wants to re-setup permissions from scratch // so you'd put a Do You Really Want To Do This???? kind of message. Permission::deleteAll(); // Removing all permissions is done directly on the database, // so we need to forget our account and get it back again. $accountId = $account->id; $account->forget(); unset($account); $account = Account::getById($accountId); // Nobody else has permissions again. $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDude)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($adminDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDude1)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDude2)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudette)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($salesDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($managementDudes)); $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($supportDude)); // TODO // - Permissions on modules. // - Permissions on types. // - Permissions on fields. // All users have the right to login via the web, because the Everyone group was granted that right. $this->assertEquals(Right::ALLOW, $adminDude->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB)); $this->assertEquals(Right::ALLOW, $adminDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB)); $this->assertEquals(Right::ALLOW, $salesDude1->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB)); $this->assertEquals(Right::ALLOW, $salesDude2->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB)); $this->assertEquals(Right::ALLOW, $managementDudette->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB)); $this->assertEquals(Right::ALLOW, $salesDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB)); $this->assertEquals(Right::ALLOW, $managementDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB)); $this->assertEquals(Right::ALLOW, $supportDude->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB)); $this->assertEquals(Right::ALLOW, $everyone->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB)); $this->assertEquals(Right::ALLOW, $adminDude->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS)); $this->assertEquals(Right::ALLOW, $adminDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS)); $this->assertEquals(Right::DENY, $salesDude1->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS)); $this->assertEquals(Right::DENY, $salesDude2->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS)); $this->assertEquals(Right::DENY, $managementDudette->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS)); $this->assertEquals(Right::DENY, $salesDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS)); $this->assertEquals(Right::DENY, $managementDudes->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS)); $this->assertEquals(Right::DENY, $supportDude->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS)); $this->assertEquals(Right::DENY, $everyone->getEffectiveRight('UsersModule', UsersModule::RIGHT_CHANGE_USER_PASSWORDS)); // All users have a password expiry days of 30 because it was set on Everyone, but that was overridden // for Admin Dudes with a more generous password expiry policy set for them. $this->assertEquals(90, $adminDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(90, $adminDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(90, $adminDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(90, $adminDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(30, $salesDude1->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(30, $salesDude2->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(30, $managementDudette->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(30, $salesDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(30, $managementDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(30, $supportDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); $this->assertEquals(30, $everyone->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRY_DAYS)); // But all users' passwords, except Super Admin Dudes, expire because of the policy set on Everyone, // which is set more specifically for Super Admin Dudes. $this->assertEquals(0, $superAdminDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(0, $superAdminDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(1, $adminDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(1, $adminDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(1, $salesDude1->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(1, $salesDude2->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(1, $managementDudette->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(1, $salesDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(1, $managementDudes->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(1, $supportDude->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); $this->assertEquals(1, $everyone->getEffectivePolicy('UsersModule', UsersModule::POLICY_PASSWORD_EXPIRES)); // The policy set on Super Admin Dudes that their passwords don't expire is more explicit than the Everyone // setting and so takes precedence. While ALLOW for permissions and rights is just required from any one // source (explicit or inherited from a group) and DENY on any source overrides it, the effective policy // is the most explicit. A policy set specifically on a user overrides a policy set on a group they are // directly in, which overrides one that that group is in, and so on, which overrides anything set on the // Everyone group. If nothing is set the policy value is null. // TODO // - Roles. }
public function testMakeBySecurableItem() { Yii::app()->user->userModel = User::getByUsername('super'); $group2 = Group::getByName('Group2'); $group3 = Group::getByName('Group3'); $account = new Account(); $account->name = 'aTestAccount'; $account->owner = Yii::app()->user->userModel; $this->assertTrue($account->save()); $account->addPermissions($group2, Permission::READ_WRITE); $account->addPermissions($group3, Permission::READ); $this->assertTrue($account->save()); $accountId = $account->id; $account->forget(); unset($account); $explicitReadWriteModelPermissions = ExplicitReadWriteModelPermissionsUtil::makeBySecurableItem(Account::getById($accountId)); $this->assertTrue($explicitReadWriteModelPermissions instanceof ExplicitReadWriteModelPermissions); $readWritePermitables = $explicitReadWriteModelPermissions->getReadWritePermitables(); $readOnlyPermitables = $explicitReadWriteModelPermissions->getReadOnlyPermitables(); $this->assertEquals(1, count($readWritePermitables)); $this->assertEquals(1, count($readOnlyPermitables)); $this->assertEquals($group3, $readOnlyPermitables[$group3->id]); $this->assertEquals($group2, $readWritePermitables[$group2->id]); }
/** * @depends testUserAddedToGroup_Slide21 */ public function testUserAddedToGroup_Slide22() { $u2 = User::getByUsername('u2.'); $u99 = User::getByUsername('u99.'); Yii::app()->user->userModel = $u99; $g1 = Group::getByName('G1.'); $g2 = Group::getByName('G2.'); $g3 = Group::getByName('G3.'); $g3->groups->add($g2); $this->assertTrue($g3->save()); $g2->groups->add($g1); $this->assertTrue($g2->save()); Yii::app()->user->userModel = $u99; $a3 = new Account(); $a3->name = 'A3.'; $a3->addPermissions($g1, Permission::READ); $this->assertTrue($a3->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a3); $a2 = new Account(); $a2->name = 'A2.'; $a2->addPermissions($g2, Permission::READ); $this->assertTrue($a2->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a2); $a1 = new Account(); $a1->name = 'A1.'; $a1->addPermissions($g3, Permission::READ); $this->assertTrue($a1->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a1); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a3, $g1); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a2, $g2); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a1, $g3); //Utilize method that is used by user interface to handle removing users from a group. $form = new GroupUserMembershipForm(); $fakePostData = array('userMembershipData' => array(0 => $u2->id), 'userNonMembershipData' => array()); $form = GroupUserMembershipFormUtil::setFormFromCastedPost($form, $fakePostData); $saved = GroupUserMembershipFormUtil::setMembershipFromForm($form, $g1); //This is completed above in GroupUserMembershipFormUtil::setMembershipFromForm //$g1->users->add($u2); //$this->assertTrue($g1->save()); //ReadPermissionsOptimizationUtil::userAddedToGroup($g1, $u2); $this->assertEquals(array(array('A1', 'G1', 1), array('A1', 'G2', 1), array('A1', 'G3', 1), array('A1', 'R5', 1), array('A1', 'R6', 1), array('A2', 'G1', 1), array('A2', 'G2', 1), array('A2', 'R5', 1), array('A2', 'R6', 1), array('A3', 'G1', 1), array('A3', 'R5', 1), array('A3', 'R6', 1)), self::getAccountMungeRows()); $this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt()); //Utilize method that is used by user interface to handle removing users from a group. $form = new GroupUserMembershipForm(); $fakePostData = array('userMembershipData' => array(), 'userNonMembershipData' => array()); $form = GroupUserMembershipFormUtil::setFormFromCastedPost($form, $fakePostData); $saved = GroupUserMembershipFormUtil::setMembershipFromForm($form, $g1); //This is completed above in GroupUserMembershipFormUtil::setMembershipFromForm //$g1->users->remove($u2); //$this->assertTrue($g1->save()); //ReadPermissionsOptimizationUtil::userRemovedFromGroup($g1, $u2); $this->assertEquals(array(array('A1', 'G1', 1), array('A1', 'G2', 1), array('A1', 'G3', 1), array('A2', 'G1', 1), array('A2', 'G2', 1), array('A3', 'G1', 1)), self::getAccountMungeRows()); $this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt()); $a1->delete(); $a2->delete(); $a3->delete(); $g1->group = null; $this->assertTrue($g1->save()); $g2->group = null; $this->assertTrue($g2->save()); $g3->group = null; $this->assertTrue($g3->save()); }
/** * @depends testCreateStarredTables */ public function testUnmarkModelAsStarredForAllUsers() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $steven = UserTestHelper::createBasicUser('Steven'); $account = new Account(); $account->owner = $super; $account->name = 'Test Account'; $account->officePhone = '1234567890'; $account->addPermissions($steven, Permission::READ); $this->assertTrue($account->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account, $steven); StarredUtil::markModelAsStarred($account); Yii::app()->user->userModel = $steven; StarredUtil::markModelAsStarred($account); $starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id); $this->assertEquals(2, $starredRecords); StarredUtil::unmarkModelAsStarredForAllUsers($account); $starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id); $this->assertEquals(0, $starredRecords); }
public function testDeleteSecurableItemDeletesItsPermissions() { $user = User::getByUsername('billy'); $account = new Account(); $account->name = 'Waxamatronic'; $account->addPermissions($user, Permission::READ); $this->assertTrue($account->save()); $this->assertEquals(1, count($account->permissions)); $this->assertEquals(Permission::READ, $account->getEffectivePermissions($user)); $account->delete(); unset($account); $userId = $user->id; unset($user); RedBeanModel::forgetAll(); $this->assertEquals(0, count(Permission::getAll())); }