public function testCloneSetsRightPermissions()
{
// create users and groups.
$everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
$everyoneGroup->setRight('ReportsModule', ReportsModule::getAccessRight());
$everyoneGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$this->assertTrue($everyoneGroup->save());
$everyoneGroup->forgetAll();
$jim = UserTestHelper::createBasicUser('jim');
$john = UserTestHelper::createBasicUser('john');
$johnGroup = new Group();
$johnGroup->name = 'John Group';
$johnGroup->users->add($john);
$this->assertTrue($johnGroup->save());
$john->forgetAll();
$johnGroup->forgetAll();
$john = User::getByUsername('john');
$johnGroup = Group::getByName('John Group');
$basePostData = static::makeRowsAndColumnsReportPostDataForAccounts();
$basePostData['save'] = 'save';
$description = StringUtil::generateRandomString(40);
// create a report with everyone group permission, ensure everyone can access it.
// clone it, ensure everyone group can still access it.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
SavedReport::deleteAll();
$modelSpecificPostData = array('RowsAndColumnsReportWizardForm' => array('name' => 'Everyone Report 01', 'description' => $description, 'ownerId' => $super->id, 'ownerName' => strval($super), 'explicitReadWriteModelPermissions' => array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_EVERYONE_GROUP, 'nonEveryoneGroup' => null)));
$postData = CMap::mergeArray($basePostData, $modelSpecificPostData);
$this->setGetArray(array('type' => 'RowsAndColumns'));
$this->setPostArray($postData);
$this->runControllerWithExitExceptionAndGetContent('/reports/default/save');
ForgetAllCacheUtil::forgetAllCaches();
$savedReports = SavedReport::getAll();
$this->assertCount(1, $savedReports);
$this->assertEquals(Permission::ALL, $savedReports[0]->getEffectivePermissions($super));
$this->assertEquals(Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, $savedReports[0]->getEffectivePermissions($everyoneGroup));
$this->assertEquals(Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, $savedReports[0]->getEffectivePermissions($jim));
// ensure jim can access it.
$this->logoutCurrentUserLoginNewUserAndGetByUsername('jim');
$this->resetPostArray();
$this->resetGetArray();
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/list');
$this->assertContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->assertEquals(substr_count($content, $postData['RowsAndColumnsReportWizardForm']['name']), 1);
$this->setGetArray(array('id' => $savedReports[0]->id));
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/details');
$this->assertContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->assertEquals(substr_count($content, $postData['RowsAndColumnsReportWizardForm']['name']), 3);
// clone the report.
$this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$this->setGetArray(array('type' => 'RowsAndColumns', 'id' => $savedReports[0]->id, 'isBeingCopied' => '1'));
$postData['RowsAndColumnsReportWizardForm']['name'] = 'Cloned ' . $postData['RowsAndColumnsReportWizardForm']['name'];
$this->setPostArray($postData);
$this->runControllerWithExitExceptionAndGetContent('/reports/default/save');
ForgetAllCacheUtil::forgetAllCaches();
$savedReports = SavedReport::getAll();
$this->assertCount(2, $savedReports);
$sourcePermissions = ExplicitReadWriteModelPermissionsUtil::makeBySecurableItem($savedReports[0]);
$clonePermissions = ExplicitReadWriteModelPermissionsUtil::makeBySecurableItem($savedReports[1]);
$this->assertEquals($sourcePermissions, $clonePermissions);
$this->assertEquals(Permission::ALL, $savedReports[1]->getEffectivePermissions($super));
$this->assertEquals(Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, $savedReports[1]->getEffectivePermissions($everyoneGroup));
$this->assertEquals(Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, $savedReports[1]->getEffectivePermissions($jim));
// ensure jim can access it.
$this->logoutCurrentUserLoginNewUserAndGetByUsername('jim');
$this->resetPostArray();
$this->resetGetArray();
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/list');
$this->assertContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->assertEquals(substr_count($content, $postData['RowsAndColumnsReportWizardForm']['name']), 1);
$this->setGetArray(array('id' => $savedReports[1]->id));
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/details');
$this->assertContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->assertEquals(substr_count($content, $postData['RowsAndColumnsReportWizardForm']['name']), 3);
// create a report with specific group permissions, ensure only members of that group can access it.
// clone it, ensure only that specific group members can access it.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
SavedReport::deleteAll();
$modelSpecificPostData = array('RowsAndColumnsReportWizardForm' => array('name' => 'Group Specific Report 01', 'description' => $description, 'ownerId' => $super->id, 'ownerName' => strval($super), 'explicitReadWriteModelPermissions' => array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_NONEVERYONE_GROUP, 'nonEveryoneGroup' => $johnGroup->id)));
$postData = CMap::mergeArray($basePostData, $modelSpecificPostData);
$this->setGetArray(array('type' => 'RowsAndColumns'));
$this->setPostArray($postData);
$this->runControllerWithExitExceptionAndGetContent('/reports/default/save');
ForgetAllCacheUtil::forgetAllCaches();
$savedReports = SavedReport::getAll();
$this->assertCount(1, $savedReports);
$this->assertEquals(Permission::ALL, $savedReports[0]->getEffectivePermissions($super));
$this->assertEquals(Permission::NONE, $savedReports[0]->getEffectivePermissions($everyoneGroup));
$this->assertEquals(Permission::NONE, $savedReports[0]->getEffectivePermissions($jim));
$this->assertEquals(Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, $savedReports[0]->getEffectivePermissions($johnGroup));
$this->assertEquals(Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, $savedReports[0]->getEffectivePermissions($john));
// ensure john can access it.
$this->logoutCurrentUserLoginNewUserAndGetByUsername('john');
$this->resetPostArray();
$this->resetGetArray();
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/list');
$this->assertContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->assertEquals(substr_count($content, $postData['RowsAndColumnsReportWizardForm']['name']), 1);
$this->setGetArray(array('id' => $savedReports[0]->id));
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/details');
$this->assertContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->assertEquals(substr_count($content, $postData['RowsAndColumnsReportWizardForm']['name']), 3);
// ensure jim can not access it.
$this->logoutCurrentUserLoginNewUserAndGetByUsername('jim');
$this->resetGetArray();
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/list');
$this->assertNotContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->setGetArray(array('id' => $savedReports[0]->id));
$this->runControllerWithAccessDeniedSecurityExceptionAndGetContent('/reports/default/details');
// clone the report.
$this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$this->setGetArray(array('type' => 'RowsAndColumns', 'id' => $savedReports[0]->id, 'isBeingCopied' => '1'));
$postData['RowsAndColumnsReportWizardForm']['name'] = 'Cloned ' . $postData['RowsAndColumnsReportWizardForm']['name'];
$this->setPostArray($postData);
$this->runControllerWithExitExceptionAndGetContent('/reports/default/save');
ForgetAllCacheUtil::forgetAllCaches();
$savedReports = SavedReport::getAll();
$this->assertCount(2, $savedReports);
$sourcePermissions = ExplicitReadWriteModelPermissionsUtil::makeBySecurableItem($savedReports[0]);
$clonePermissions = ExplicitReadWriteModelPermissionsUtil::makeBySecurableItem($savedReports[1]);
$this->assertEquals($sourcePermissions, $clonePermissions);
$this->assertEquals(Permission::ALL, $savedReports[1]->getEffectivePermissions($super));
$this->assertEquals(Permission::NONE, $savedReports[1]->getEffectivePermissions($everyoneGroup));
$this->assertEquals(Permission::NONE, $savedReports[1]->getEffectivePermissions($jim));
$this->assertEquals(Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, $savedReports[1]->getEffectivePermissions($johnGroup));
$this->assertEquals(Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, $savedReports[1]->getEffectivePermissions($john));
// ensure john can access it.
$this->logoutCurrentUserLoginNewUserAndGetByUsername('john');
$this->resetPostArray();
$this->resetGetArray();
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/list');
$this->assertContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->assertEquals(substr_count($content, $postData['RowsAndColumnsReportWizardForm']['name']), 1);
$this->setGetArray(array('id' => $savedReports[1]->id));
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/details');
$this->assertContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->assertEquals(substr_count($content, $postData['RowsAndColumnsReportWizardForm']['name']), 3);
// ensure jim can not access it.
$this->logoutCurrentUserLoginNewUserAndGetByUsername('jim');
$this->resetGetArray();
$content = $this->runControllerWithNoExceptionsAndGetContent('/reports/default/list');
$this->assertNotContains($postData['RowsAndColumnsReportWizardForm']['name'], $content);
$this->setGetArray(array('id' => $savedReports[0]->id));
$this->runControllerWithAccessDeniedSecurityExceptionAndGetContent('/reports/default/details');
}
