function testActionsMatchDatabase() { $all_db_actions = Action::getAllFromDb(['flag_delete' => FALSE], $this->DB); $this->assertEqual(count(Action::$VALID_ACTIONS), count($all_db_actions)); $action_db_names = Db_Linked::arrayOfAttrValues($all_db_actions, 'name'); foreach (Action::$VALID_ACTIONS as $va) { $this->assertTrue(in_array($va, $action_db_names), "'{$va}' missing from database"); } foreach ($action_db_names as $db_a) { $this->assertTrue(in_array($db_a, Action::$VALID_ACTIONS), "'{$db_a}' missing from VALID_ACTIONS"); } }
function testCanActOnTarget_Pub_Verify() { $n2 = Notebook::getOneFromDb(['notebook_id' => 1003], $this->DB); // owned by 102 $actions_list = Action::getAllFromDb([], $this->DB); $actions = []; foreach ($actions_list as $act_elt) { $actions[$act_elt->name] = $act_elt; } $rat = new Role_Action_Target(['last_user_id' => 110, 'role_id' => 3, 'action_id' => 1, 'target_type' => 'notebook', 'target_id' => 1003, 'DB' => $this->DB]); $rat->updateDb(); $this->assertTrue($rat->matchesDb); // basic, field user $u = User::getOneFromDb(['user_id' => 101], $this->DB); $this->assertFalse($n2->flag_workflow_published); $this->assertFalse($n2->flag_workflow_validated); $this->assertFalse($u->canActOnTarget($actions['view'], $n2)); $this->assertFalse($u->canActOnTarget($actions['edit'], $n2)); $this->assertTrue($u->canActOnTarget($actions['create'], $n2)); $this->assertFalse($u->canActOnTarget($actions['delete'], $n2)); $this->assertFalse($u->canActOnTarget($actions['publish'], $n2)); $this->assertFalse($u->canActOnTarget($actions['verify'], $n2)); $n2->flag_workflow_published = true; $n2->updateDb(); $this->assertTrue($n2->matchesDb); $u->clearCaches(); $this->assertFalse($u->canActOnTarget($actions['view'], $n2)); $this->assertFalse($u->canActOnTarget($actions['edit'], $n2)); $this->assertTrue($u->canActOnTarget($actions['create'], $n2)); $this->assertFalse($u->canActOnTarget($actions['delete'], $n2)); $this->assertFalse($u->canActOnTarget($actions['publish'], $n2)); $this->assertFalse($u->canActOnTarget($actions['verify'], $n2)); $n2->flag_workflow_validated = true; $n2->updateDb(); $this->assertTrue($n2->matchesDb); $u->clearCaches(); $this->assertTrue($u->canActOnTarget($actions['view'], $n2)); $this->assertFalse($u->canActOnTarget($actions['edit'], $n2)); $this->assertTrue($u->canActOnTarget($actions['create'], $n2)); $this->assertFalse($u->canActOnTarget($actions['delete'], $n2)); $this->assertFalse($u->canActOnTarget($actions['publish'], $n2)); $this->assertFalse($u->canActOnTarget($actions['verify'], $n2)); }
function createAllTestData($dbConn) { createTestData_Authoritative_Plants($dbConn); createTestData_Authoritative_Plant_Extras($dbConn); createTestData_Metadata_Structures($dbConn); createTestData_Metadata_Term_Sets($dbConn); createTestData_Metadata_Term_Values($dbConn); createTestData_Metadata_References($dbConn); createTestData_Notebooks($dbConn); createTestData_Notebook_Pages($dbConn); createTestData_Notebook_Page_Fields($dbConn); createTestData_Role_Action_Targets($dbConn); createTestData_Specimens($dbConn); createTestData_Specimen_Images($dbConn); createTestData_Users($dbConn); createTestData_User_Roles($dbConn); $all_actions = Action::getAllFromDb([], $dbConn); global $ACTIONS; foreach ($all_actions as $a) { $ACTIONS[$a->name] = $a; } }
require_once '../lang.cfg.php'; require_once '../classes/ALL_CLASS_INCLUDES.php'; require_once '../auth.cfg.php'; require_once '../util.php'; # TODO: validate the request (user logged in, fingerprint checks out) if (!array_key_exists('isAuthenticated', $_SESSION) || !$_SESSION['isAuthenticated']) { echo 'not authenticated'; exit; } $FINGERPRINT = util_generateRequestFingerprint(); // used to prevent/complicate session hijacking ands XSS attacks if ($_SESSION['fingerprint'] != $FINGERPRINT) { echo 'bad fingerprint'; exit; } # Create database connection object $DB = util_createDbConnection(); $all_actions = Action::getAllFromDb(['flag_delete' => false], $DB); $ACTIONS = array(); foreach ($all_actions as $a) { $ACTIONS[$a->name] = $a; } $USER = User::getOneFromDb(['username' => $_SESSION['userdata']['username']], $DB); if (!$USER->matchesDb) { echo 'user did not load correctly'; exit; } #------------------------------------------------# # Set default return value #------------------------------------------------# $results = ['status' => 'failure', 'note' => 'unknown reason', 'html_output' => ''];