PHP AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup примеры использования

Пример #1

Файл: MissionsUtilTest.php Проект: RamaKavanan/InitialVersion

 public static function setUpBeforeClass()
 {
     parent::setUpBeforeClass();
     SecurityTestHelper::createSuperAdmin();
     AllPermissionsOptimizationUtil::rebuild();
     $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
     $everyoneGroup->save();
     $super = User::getByUsername('super');
     //Steven have access to missions module
     $steven = UserTestHelper::createBasicUser('steven');
     $steven->setRight('MissionsModule', MissionsModule::RIGHT_ACCESS_MISSIONS);
     $steven->save();
     //Jack dont have acess to missions module
     $jack = UserTestHelper::createBasicUser('jack');
     $mission = new Mission();
     $mission->owner = $super;
     $mission->takenByUser = $steven;
     $mission->description = 'My test description';
     $mission->reward = 'My test reward';
     $mission->status = Mission::STATUS_AVAILABLE;
     $mission->addPermissions($everyoneGroup, Permission::READ_WRITE);
     assert($mission->save());
     // Not Coding Standard
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($mission, $everyoneGroup);
 }

Пример #2

Файл: GameRewardsDemoDataMaker.php Проект: maruthisivaprasad/zurmo

 public function makeAll(&$demoDataHelper)
 {
     assert('$demoDataHelper instanceof DemoDataHelper');
     assert('$demoDataHelper->isSetRange("User")');
     $gameRewards = array();
     $gameRewardRandomData = ZurmoRandomDataUtil::getRandomDataByModuleAndModelClassNames('GameRewardsModule', 'GameReward');
     for ($i = 0; $i < 10; $i++) {
         $gameReward = new GameReward();
         $gameReward->name = $gameRewardRandomData['names'][$i];
         $gameReward->owner = $demoDataHelper->getRandomByModelName('User');
         $gameReward->cost = mt_rand(1, 10);
         $gameReward->quantity = mt_rand(1, 20);
         for ($j = 0; $j < 5; $j++) {
             $gameRewardTransaction = new GameRewardTransaction();
             $gameRewardTransaction->person = $demoDataHelper->getRandomByModelName('User');
             $gameRewardTransaction->quantity = mt_rand(1, 3);
             $gameReward->transactions->add($gameRewardTransaction);
         }
         $gameReward->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
         $saved = $gameReward->save();
         if (!$saved) {
             throw new FailedToSaveModelException();
         }
         $gameReward = GameReward::getById($gameReward->id);
         AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($gameReward, Group::getByName(Group::EVERYONE_GROUP_NAME));
         $gameReward->save();
         $gameRewards[] = $gameReward->id;
     }
     $demoDataHelper->setRangeByModelName('GameReward', $gameRewards[0], $gameRewards[count($gameRewards) - 1]);
 }

Пример #3

Файл: MissionsDemoDataMaker.php Проект: RamaKavanan/InitialVersion

 /**
  * @param DemoDataHelper $demoDataHelper
  */
 public function makeAll(&$demoDataHelper)
 {
     assert('$demoDataHelper instanceof DemoDataHelper');
     assert('$demoDataHelper->isSetRange("User")');
     $missions = array();
     foreach (self::getMissionData() as $randomMissionData) {
         $postData = array();
         $mission = new Mission();
         $mission->setScenario('importModel');
         $mission->status = Mission::STATUS_AVAILABLE;
         $mission->owner = $demoDataHelper->getRandomByModelName('User');
         $mission->createdByUser = $mission->owner;
         $mission->description = $randomMissionData['description'];
         $mission->reward = $randomMissionData['reward'];
         //Add some comments
         foreach ($randomMissionData['comments'] as $commentDescription) {
             $comment = new Comment();
             $comment->setScenario('importModel');
             $comment->createdByUser = $demoDataHelper->getRandomByModelName('User');
             $comment->description = $commentDescription;
             $mission->comments->add($comment);
         }
         $mission->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
         $saved = $mission->save();
         assert('$saved');
         $mission = Mission::getById($mission->id);
         AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($mission, Group::getByName(Group::EVERYONE_GROUP_NAME));
         $mission->save();
         $missions[] = $mission->id;
     }
     $demoDataHelper->setRangeByModelName('Mission', $missions[0], $missions[count($missions) - 1]);
 }

Пример #4

Файл: MissionTest.php Проект: maruthisivaprasad/zurmo

 public function testCreateAndGetMissionById()
 {
     $super = User::getByUsername('super');
     $fileModel = ZurmoTestHelper::createFileModel();
     $steven = UserTestHelper::createBasicUser('steven');
     $steven->setRight('MissionsModule', MissionsModule::RIGHT_ACCESS_MISSIONS);
     $steven->save();
     $dueStamp = DateTimeUtil::convertTimestampToDbFormatDateTime(time() + 10000);
     $mission = new Mission();
     $mission->owner = $super;
     $mission->takenByUser = $steven;
     $mission->dueDateTime = $dueStamp;
     $mission->description = 'My test description';
     $mission->reward = 'My test reward';
     $mission->status = Mission::STATUS_AVAILABLE;
     $mission->files->add($fileModel);
     $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
     $mission->addPermissions($everyoneGroup, Permission::READ_WRITE);
     $this->assertTrue($mission->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($mission, $everyoneGroup);
     $id = $mission->id;
     $mission->forget();
     unset($mission);
     $mission = Mission::getById($id);
     $this->assertEquals('My test description', $mission->description);
     $this->assertEquals('My test reward', $mission->reward);
     $this->assertEquals(Mission::STATUS_AVAILABLE, $mission->status);
     $this->assertEquals($super, $mission->owner);
     $this->assertEquals($steven, $mission->takenByUser);
     $this->assertEquals(1, $mission->files->count());
     $this->assertEquals($fileModel, $mission->files->offsetGet(0));
     $this->assertEquals($dueStamp, $mission->dueDateTime);
     $this->assertTrue(MissionsUtil::hasUserReadMissionLatest($mission, $super));
     $this->assertFalse(MissionsUtil::hasUserReadMissionLatest($mission, $steven));
 }

Пример #5

Файл: MarketingListsDemoDataMaker.php Проект: RamaKavanan/InitialVersion

 /**
  * @param DemoDataHelper $demoDataHelper
  */
 public function makeAll(&$demoDataHelper)
 {
     assert('$demoDataHelper instanceof DemoDataHelper');
     assert('$demoDataHelper->isSetRange("User")');
     $marketingLists = array();
     for ($this->index = 0; $this->index < 5; $this->index++) {
         $marketingList = new MarketingList();
         $marketingList->owner = $demoDataHelper->getRandomByModelName('User');
         $this->populateModel($marketingList);
         $marketingList->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
         $saved = $marketingList->save();
         assert('$saved');
         $marketingList = MarketingList::getById($marketingList->id);
         AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($marketingList, Group::getByName(Group::EVERYONE_GROUP_NAME));
         $marketingList->save();
         $marketingLists[] = $marketingList->id;
     }
     $demoDataHelper->setRangeByModelName('MarketingList', $marketingLists[0], $marketingLists[count($marketingLists) - 1]);
 }

Пример #6

Файл: CampaignsDemoDataMaker.php Проект: maruthisivaprasad/zurmo

 public function makeAll(&$demoDataHelper)
 {
     assert('$demoDataHelper instanceof DemoDataHelper');
     assert('$demoDataHelper->isSetRange("MarketingList")');
     $campaigns = array();
     for ($this->index = 0; $this->index < 10; $this->index++) {
         $campaign = new Campaign();
         $this->populateModel($campaign);
         $campaign->marketingList = $demoDataHelper->getRandomByModelName('MarketingList');
         $campaign->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
         $saved = $campaign->save();
         if (!$saved) {
             throw new FailedToSaveModelException();
         }
         $campaign = Campaign::getById($campaign->id);
         AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($campaign, Group::getByName(Group::EVERYONE_GROUP_NAME));
         $campaign->save();
         $campaigns[] = $campaign->id;
     }
     $demoDataHelper->setRangeByModelName('Campaign', $campaigns[0], $campaigns[count($campaigns) - 1]);
 }

Пример #7

Файл: EmailTemplatesDemoDataMaker.php Проект: RamaKavanan/InitialVersion

 /**
  * @param DemoDataHelper $demoDataHelper
  */
 public function makeAll(&$demoDataHelper)
 {
     assert('$demoDataHelper instanceof DemoDataHelper');
     assert('$demoDataHelper->isSetRange("User")');
     $emailTemplates = array();
     $types = array_keys(EmailTemplate::getTypeDropDownArray());
     for ($this->index = 0; $this->index < 7; $this->index++) {
         $emailTemplate = new EmailTemplate();
         $emailTemplate->type = $types[$this->index % 2];
         $emailTemplate->owner = $demoDataHelper->getRandomByModelName('User');
         $this->populateModel($emailTemplate);
         $emailTemplate->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
         $saved = $emailTemplate->save();
         assert('$saved');
         $emailTemplate = EmailTemplate::getById($emailTemplate->id);
         AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($emailTemplate, Group::getByName(Group::EVERYONE_GROUP_NAME));
         $emailTemplate->save();
         $emailTemplates[] = $emailTemplate->id;
     }
     $demoDataHelper->setRangeByModelName('EmailTemplate', $emailTemplates[0], $emailTemplates[count($emailTemplates) - 1]);
 }

Пример #8

Файл: ContactWebFormDemoDataMaker.php Проект: maruthisivaprasad/zurmo

 /**
  * @param DemoDataHelper $demoDataHelper
  */
 public function makeAll(&$demoDataHelper)
 {
     assert('$demoDataHelper instanceof DemoDataHelper');
     assert('$demoDataHelper->isSetRange("User")');
     $contactStates = ContactState::getAll();
     $statesBeginningWithStartingState = ContactsDemoDataMaker::getStatesBeforeOrStartingWithStartingState($contactStates);
     $contactWebForms = array();
     for ($this->index = 0; $this->index < 5; $this->index++) {
         $contactWebForm = new ContactWebForm();
         $contactWebForm->owner = $demoDataHelper->getRandomByModelName('User');
         $contactWebForm->defaultOwner = $contactWebForm->owner;
         $contactWebForm->defaultState = RandomDataUtil::getRandomValueFromArray($statesBeginningWithStartingState);
         $this->populateModel($contactWebForm);
         $contactWebForm->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
         $saved = $contactWebForm->save();
         assert('$saved');
         $contactWebForm = ContactWebForm::getById($contactWebForm->id);
         AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm, Group::getByName(Group::EVERYONE_GROUP_NAME));
         $contactWebForm->save();
         $contactWebForms[] = $contactWebForm->id;
     }
     $demoDataHelper->setRangeByModelName('ContactWebForm', $contactWebForms[0], $contactWebForms[count($contactWebForms) - 1]);
 }

Пример #9

Файл: MeetingsRegularUserWalkthroughTest.php Проект: maruthisivaprasad/zurmo

 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create superAccount owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
     //Test nobody, access to details of superAccount should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $superAccount->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $superAccount->addPermissions($nobody, Permission::READ);
     $this->assertTrue($superAccount->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $superAccount->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create meeting for an superAccount using the super user
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount);
     //Test nobody, access to edit, details and delete of meeting should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to details view only
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody);
     //Now access to meetings view by Nobody should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Now access to meetings edit and delete by Nobody should fail
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to both details and edit view
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
     //Now access to meetings view and edit by Nobody should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Now access to meetings delete by Nobody should fail
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke the permission from the nobody user to access the meeting
     Yii::app()->user->userModel = $super;
     $meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody);
     //Now nobodys, access to edit, details and delete of meetings should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to both details and edit view
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
     //Now nobodys, access to delete of meetings should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create account owned by super
     $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $account2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $account2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($account2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $account2->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $account2->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create a meeting owned by super
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting2 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedBySuperForRole', $super, $account2);
     //Test userInChildRole, access to meetings details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to meetings details, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give userInChildRole access to READ permision for meetings
     Yii::app()->user->userModel = $super;
     $meeting2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting2, $userInChildRole);
     //Test userInChildRole, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInChildRole, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInParentRole, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give userInChildRole access to read and write for the meetings
     Yii::app()->user->userModel = $super;
     $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
     //Test userInChildRole, access to meetings edit should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInChildRole, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to meetings edit should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInParentRole, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke userInChildRole access to read and write meetings
     Yii::app()->user->userModel = $super;
     $meeting2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting2, $userInChildRole);
     //Test userInChildRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give userInChildRole access to read and write for the meetings
     Yii::app()->user->userModel = $super;
     $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
     //Test userInParentRole, access to delete should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to accounts and creation of accounts.
     $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
     $this->assertTrue($userInChildGroup->save());
     //create account owned by super
     $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
     //Test userInParentGroup, access to details should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //Test userInChildGroup, access to details should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $account3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($account3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //Test userInChildGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create a meeting owned by super
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting3 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('mettingCreatedBySuperForGroup', $super, $account3);
     //Add access for the confused user to accounts and creation of accounts.
     $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_ACCESS_MEETINGS);
     $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_CREATE_MEETINGS);
     $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_DELETE_MEETINGS);
     $this->assertTrue($userInChildGroup->save());
     //Test userInParentGroup, access to meetings details and edit should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInChildGroup, access to meetings details and edit should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $meeting3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($meeting3, $parentGroup);
     //Test userInParentGroup, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInParentGroup, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInChildGroup, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInChildGroup, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($meeting3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
     //Test userInParentGroup, access to edit meetings should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInParentGroup, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInChildGroup, access to edit meetings should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInChildGroup, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke parentGroup access to meetings read and write
     Yii::app()->user->userModel = $super;
     $meeting3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($meeting3, $parentGroup);
     //Test userInChildGroup, access to meetings detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentGroup, access to meetings detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
     //Test userInChildGroup, access to meetings delete should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }

Пример #10

Файл: ProjectsRegularUserWalkthroughTest.php Проект: maruthisivaprasad/zurmo

 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create project owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super);
     //Test nobody, access to edit and details should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ);
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test nobody, access to edit should fail.
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
     $projectId = $project->id;
     $project->forget();
     $project = Project::getById($projectId);
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     //TODO :Its wierd that giving opportunity errors
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project->id;
     $project->forget();
     $project = Project::getById($projectId);
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody);
     //Test nobody, access to detail should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create project owned by super
     $project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $projectId = $project2->id;
     $project2->forget();
     $project2 = Project::getById($projectId);
     //give userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     //Test userInParentRole, access to edit should not fail.
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project2->id;
     $project2->forget();
     $project2 = Project::getById($projectId);
     //revoke userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to detail should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //Test userInParentRole, access to detail should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to Products and creation of Products.
     $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_ACCESS_PROJECTS);
     $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_CREATE_PROJECTS);
     $this->assertTrue($userInChildGroup->save());
     //create project owned by super
     $project3 = ProjectTestHelper::createProjectByNameForOwner('testingParentGroupPermission', $super);
     //Test userInParentGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //Test userInChildGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $project3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($project3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($project3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test userInChildGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $projectId = $project3->id;
     $project3->forget();
     $project3 = Project::getById($projectId);
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($project3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($project3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($project3, $parentGroup);
     //Test userInParentGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     //Test userInChildGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project3->id;
     $project3->forget();
     $project3 = Project::getById($projectId);
     //revoke parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($project3, $parentGroup);
     //Test userInChildGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //Test userInParentGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     //clear up the role relationships between users so not to effect next assertions
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }

Пример #11

Файл: ContactWebFormsRegularUserWalkthroughTest.php Проект: maruthisivaprasad/zurmo

 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create contact web form owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super);
     //Test nobody, access to edit and details should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $contactWebForm->addPermissions($nobody, Permission::READ);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test nobody, access to edit should fail.
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm->id;
     $contactWebForm->forget();
     $contactWebForm = ContactWebForm::getById($contactWebFormId);
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm->id;
     $contactWebForm->forget();
     $contactWebForm = ContactWebForm::getById($contactWebFormId);
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
     //Test nobody, access to detail should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create web form owned by super
     $contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $contactWebForm2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $contactWebFormId = $contactWebForm2->id;
     $contactWebForm2->forget();
     $contactWebForm2 = ContactWebForm::getById($contactWebFormId);
     //give userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     //Test userInParentRole, access to edit should not fail.
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm2->id;
     $contactWebForm2->forget();
     $contactWebForm2 = ContactWebForm::getById($contactWebFormId);
     //revoke userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to detail should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //Test userInParentRole, access to detail should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to ContactWebForms and creation of ContactWebForms.
     $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS);
     $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS);
     $this->assertTrue($userInChildGroup->save());
     //create web form owned by super
     $contactWebForm3 = ContactWebFormTestHelper::createContactWebFormByName('testingParentGroupPermission', $super);
     //Test userInParentGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //Test userInChildGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $contactWebForm3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($contactWebForm3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($contactWebForm3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test userInChildGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $contactWebFormId = $contactWebForm3->id;
     $contactWebForm3->forget();
     $contactWebForm3 = ContactWebForm::getById($contactWebFormId);
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($contactWebForm3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm3, $parentGroup);
     //Test userInParentGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     //Test userInChildGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm3->id;
     $contactWebForm3->forget();
     $contactWebForm3 = ContactWebForm::getById($contactWebFormId);
     //revoke parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($contactWebForm3, $parentGroup);
     //Test userInChildGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //Test userInParentGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     //clear up the role relationships between users so not to effect next assertions
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }

Пример #12

Файл: LeadsRegularUserWalkthroughTest.php Проект: RamaKavanan/InitialVersion

 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create lead owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super);
     //Test nobody, access to edit, details and delete should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test nobody, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test nobody, access to delete should fail.
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody);
     //Test nobody, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
     //now nobody should be able to delete a lead
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create lead owned by super
     $lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super);
     //Test userInChildRole, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $lead2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInChildRole, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInParentRole, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
     //Test userInChildRole, access to edit and delete should not fail and also detaisl view must be accessible.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInChildRole, access to delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to edit should not fail.
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInParentRole, access to delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $lead2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead2, $userInChildRole);
     //Test userInChildRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give userInChildRole access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
     //Test userInParentRole, access to delete should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to leads and creation of leads.
     $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
     $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS);
     $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS);
     $this->assertTrue($userInChildGroup->save());
     //create lead owned by super
     $lead3 = LeadTestHelper::createLeadByNameForOwner('leadsParentGroupPermission', $super);
     //Test userInParentGroup, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInChildGroup, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $lead3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($lead3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInParentGroup, access to delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInChildGroup, access to edit and details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInChildGroup, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $lead3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($lead3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
     //Test userInParentGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInParentGroup, access to delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInChildGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInChildGroup, access to delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $lead3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($lead3, $parentGroup);
     //Test userInChildGroup, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentGroup, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give parentGroup access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
     //Test userInChildGroup, access to delete should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }

Пример #13

Файл: ExplicitReadWriteModelPermissionsUtil.php Проект: RamaKavanan/InitialVersion

 /**
  * Given a SecurableItem, add and remove permissions
  * based on what the provided ExplicitReadWriteModelPermissions indicates should be done.
  * Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user
  * can effectively add permissions even if the current user is no longer the owner.
  * @param SecurableItem $securableItem
  * @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions
  * @param bool $validate
  * @return bool|void
  * @throws NotSupportedException
  */
 public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate = false)
 {
     assert('$securableItem->id > 0');
     $optimizeReadPermissions = $securableItem::hasReadPermissionsOptimization();
     $securableItem->setTreatCurrentUserAsOwnerForPermissions(true);
     $saveSecurableItem = false;
     if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) {
             if ($securableItem->addPermissions($permitable, Permission::READ) && $optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) {
             if ($securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER) && $optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) {
             $securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW);
             if ($optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) {
             $securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW);
             if ($optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($saveSecurableItem) {
         $setBackToProcess = false;
         if ($securableItem->shouldProcessWorkflowOnSave()) {
             $securableItem->setDoNotProcessWorkflowOnSave();
             $setBackToProcess = true;
         }
         $saved = $securableItem->save($validate);
         if ($setBackToProcess) {
             $securableItem->setProcessWorkflowOnSave();
         }
         $securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
         return $saved;
     }
     $securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
     return true;
 }

Пример #14

Файл: EmailMessageActivitiesDemoDataMaker.php Проект: RamaKavanan/InitialVersion

 protected function makeEmailMessage(Contact $contact, $subject = null)
 {
     $interval = mt_rand(4, 35) * 86400;
     if (!isset($subject)) {
         $subject = 'A test archived sent email';
     }
     //#1 Create Archived - Sent
     $emailMessage = new EmailMessage();
     $emailMessage->setScenario('importModel');
     $emailMessage->owner = $contact->owner;
     $emailMessage->subject = $subject;
     $emailContent = new EmailMessageContent();
     $emailContent->textContent = 'My First Message';
     $emailContent->htmlContent = 'Some fake HTML content';
     $emailMessage->content = $emailContent;
     //Sending is current user (super)
     $sender = new EmailMessageSender();
     $sender->fromAddress = '*****@*****.**';
     $sender->fromName = 'Super User';
     $sender->personsOrAccounts->add(Yii::app()->user->userModel);
     $emailMessage->sender = $sender;
     //Recipient is BobMessage
     $recipient = new EmailMessageRecipient();
     $recipient->toAddress = '*****@*****.**';
     $recipient->toName = strval($contact);
     $recipient->personsOrAccounts->add($contact);
     $recipient->type = EmailMessageRecipient::TYPE_TO;
     $emailMessage->recipients->add($recipient);
     $emailMessage->folder = EmailFolder::getByBoxAndType($this->emailBox, EmailFolder::TYPE_SENT);
     $emailMessage->createdDateTime = DateTimeUtil::convertTimestampToDbFormatDateTime(time() - $interval);
     $emailMessage->sentDateTime = DateTimeUtil::convertTimestampToDbFormatDateTime(time() - $interval + mt_rand(0, 3) * 86400);
     $emailMessage->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
     $saved = $emailMessage->save();
     if (!$saved) {
         throw new FailedToSaveModelException();
     }
     $emailMessage = EmailMessage::getById($emailMessage->id);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($emailMessage, Group::getByName(Group::EVERYONE_GROUP_NAME));
     $emailMessage->save();
     return $emailMessage;
 }

Пример #15

Файл: ProjectsDemoDataMaker.php Проект: RamaKavanan/InitialVersion

 /**
  * Add demo tasks for the project
  * @param type $project
  */
 protected static function addDemoTasks($project, $taskInputCount = 1, &$demoDataHelper)
 {
     $randomTasks = self::getRandomTasks();
     for ($i = 0; $i < count($randomTasks); $i++) {
         $task = new Task();
         $task->name = $randomTasks[$i]['name'];
         $task->owner = $demoDataHelper->getRandomByModelName('User');
         $task->requestedByUser = $demoDataHelper->getRandomByModelName('User');
         $task->completedDateTime = '0000-00-00 00:00:00';
         $task->project = $project;
         $task->status = Task::STATUS_NEW;
         $task->save();
         //Notification subscriber
         $notificationSubscriber = new NotificationSubscriber();
         $notificationSubscriber->person = $demoDataHelper->getRandomByModelName('User');
         $notificationSubscriber->hasReadLatest = false;
         //Task check list items
         $task->notificationSubscribers->add($notificationSubscriber);
         $taskCheckListItems = $randomTasks[$i]['checkListItems'];
         foreach ($taskCheckListItems as $itemKey => $name) {
             $taskCheckListItem = new TaskCheckListItem();
             $taskCheckListItem->name = $name;
             if ($itemKey * $i * rand(5, 100) % 3 == 0) {
                 $taskCheckListItem->completed = true;
             }
             $task->checkListItems->add($taskCheckListItem);
             ProjectsUtil::logTaskCheckItemEvent($task, $taskCheckListItem);
         }
         //Comments
         $commentItems = $randomTasks[$i]['comments'];
         foreach ($commentItems as $description) {
             $comment = new Comment();
             $comment->description = $description;
             $comment->setScenario('importModel');
             $comment->createdByUser = $demoDataHelper->getRandomByModelName('User');
             $task->comments->add($comment);
             ProjectsUtil::logAddCommentEvent($task, strval($comment));
         }
         //Add Super user
         $comment = new Comment();
         $comment->description = 'Versatile idea regarding the task';
         $task->comments->add($comment);
         $task->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
         $task->save();
         $currentStatus = $task->status;
         ProjectsUtil::logAddTaskEvent($task);
         $task = Task::getById($task->id);
         $task->status = RandomDataUtil::getRandomValueFromArray(self::getTaskStatusOptions());
         $task->save();
         AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($task, Group::getByName(Group::EVERYONE_GROUP_NAME));
         $task->save();
         ProjectsUtil::logTaskStatusChangeEvent($task, Task::getStatusDisplayName($currentStatus), Task::getStatusDisplayName(intval($task->status)));
     }
 }