public function testDocsPermissions()
{
$auth = TestingAuxLib::loadAuthManagerMock();
TestingAuxLib::loadX2NonWebUser();
// user has docs update access
$user = $this->users('testUser');
$auth->setAccess('AdminIndex', $user->id, array(), false);
TestingAuxLib::suLogin('testuser');
$auth->setAccess('DocsAdmin', $user->id, array(), false);
$auth->setAccess('DocsUpdateAccess', $user->id, array('X2Model' => new Docs()), true);
// can't be edited since edit permissions list is empty
$doc = $this->docs('0');
$this->assertFalse((bool) $doc->checkEditPermissions());
// "testuser" is in the edit permissions list
$doc = $this->docs('1');
$this->assertTrue((bool) $doc->checkEditPermissions());
$doc = $this->docs('3');
$this->assertTrue((bool) $doc->checkEditPermissions());
// testuser created the the doc
$doc = $this->docs('2');
$this->assertTrue((bool) $doc->checkEditPermissions());
// user has docs private update access
$auth->clearCache();
$auth->setAccess('AdminIndex', $user->id, array(), false);
$auth->setAccess('DocsAdmin', $user->id, array(), false);
$auth->setAccess('DocsUpdateAccess', $user->id, array('X2Model' => new Docs()), false);
$auth->setAccess('DocsPrivateUpdateAccess', $user->id, array('X2Model' => new Docs()), true);
// can't be edited since edit permissions list is empty
$doc = $this->docs('0');
$this->assertFalse((bool) $doc->checkEditPermissions());
// "testuser" is in the edit permissions list but since testuser only has private update
// access, doc cannot be edited
$doc = $this->docs('1');
$this->assertFalse((bool) $doc->checkEditPermissions());
$doc = $this->docs('3');
$this->assertFalse((bool) $doc->checkEditPermissions());
// testuser created the the doc, so they can edit it
$doc = $this->docs('2');
$this->assertTrue((bool) $doc->checkEditPermissions());
// user has docs admin access
$auth->clearCache();
$auth->setAccess('AdminIndex', $user->id, array(), false);
$auth->setAccess('DocsAdmin', $user->id, array(), true);
$auth->setAccess('DocsUpdateAccess', $user->id, array('X2Model' => new Docs()), false);
$auth->setAccess('DocsPrivateUpdateAccess', $user->id, array('X2Model' => new Docs()), false);
// user is docs admin
$doc = $this->docs('0');
$this->assertTrue((bool) $doc->checkEditPermissions());
// user is docs admin
$doc = $this->docs('1');
$this->assertTrue((bool) $doc->checkEditPermissions());
// user is docs admin
$doc = $this->docs('2');
$this->assertTrue((bool) $doc->checkEditPermissions());
TestingAuxLib::restoreX2WebUser();
TestingAuxLib::restoreX2AuthManager();
}
/**
* Test visibility and access criteria for each access level
*/
public function testReadAccessLevels()
{
$auth = TestingAuxLib::loadAuthManagerMock();
$user = $this->users('user2');
$contactGroupmate = $this->contacts('contactGroupmate');
$contactGroup = $this->contacts('contactGroup');
$contactAnyone = $this->contacts('contactAnyone');
$contactUserPrivate = $this->contacts('contactUserPrivate');
$contactOtherPrivate = $this->contacts('contactOtherPrivate');
$contactInvisible = $this->contacts('contactInvisible');
// private read only access
$auth->setAccess('ContactsReadOnlyAccess', $user->id, array(), false);
$auth->setAccess('ContactsPrivateReadOnlyAccess', $user->id, array(), true);
TestingAuxLib::suLogin('testUser2');
$accessLevel = Contacts::model()->getAccessLevel();
$this->assertEquals(X2PermissionsBehavior::QUERY_SELF, $accessLevel);
$contactGroup->asa('permissions')->clearCache();
$this->assertTrue($contactGroup->isVisibleTo(Yii::app()->getSuModel()));
$contactGroupmate->asa('permissions')->clearCache();
$this->assertFalse($contactGroupmate->isVisibleTo(Yii::app()->getSuModel()));
$contactAnyone->asa('permissions')->clearCache();
$this->assertFalse($contactAnyone->isVisibleTo(Yii::app()->getSuModel()));
$contactUserPrivate->asa('permissions')->clearCache();
$this->assertTrue($contactUserPrivate->isVisibleTo(Yii::app()->getSuModel()));
$contactOtherPrivate->asa('permissions')->clearCache();
$this->assertFalse($contactOtherPrivate->isVisibleTo(Yii::app()->getSuModel()));
$contactInvisible->asa('permissions')->clearCache();
$this->assertFalse($contactInvisible->isVisibleTo(Yii::app()->getSuModel()));
$criteria = Contacts::model()->getAccessCriteria();
$contacts = Contacts::model()->findAll($criteria);
$this->assertEquals(2, count($contacts));
$this->assertEquals(2, count(array_intersect(array($contactGroup->id, $contactUserPrivate->id), array_map(function ($contact) {
return $contact->id;
}, $contacts))));
// read only access
$auth->setAccess('ContactsReadOnlyAccess', $user->id, array(), true);
$auth->setAccess('ContactsPrivateReadOnlyAccess', $user->id, array(), false);
$accessLevel = Contacts::model()->getAccessLevel();
$this->assertEquals(X2PermissionsBehavior::QUERY_PUBLIC, $accessLevel);
$contactGroup->asa('permissions')->clearCache();
$this->assertTrue($contactGroup->isVisibleTo(Yii::app()->getSuModel()));
$contactGroupmate->asa('permissions')->clearCache();
$this->assertTrue($contactGroupmate->isVisibleTo(Yii::app()->getSuModel()));
$contactAnyone->asa('permissions')->clearCache();
$this->assertTrue($contactAnyone->isVisibleTo(Yii::app()->getSuModel()));
$contactUserPrivate->asa('permissions')->clearCache();
$this->assertTrue($contactUserPrivate->isVisibleTo(Yii::app()->getSuModel()));
$contactOtherPrivate->asa('permissions')->clearCache();
$this->assertFalse($contactOtherPrivate->isVisibleTo(Yii::app()->getSuModel()));
$contactInvisible->asa('permissions')->clearCache();
$this->assertFalse($contactInvisible->isVisibleTo(Yii::app()->getSuModel()));
$criteria = Contacts::model()->getAccessCriteria();
$contacts = Contacts::model()->findAll($criteria);
$this->assertEquals(4, count($contacts));
$this->assertEquals(4, count(array_intersect(array($contactGroup->id, $contactGroupmate->id, $contactAnyone->id, $contactUserPrivate->id), array_map(function ($contact) {
return $contact->id;
}, $contacts))));
// no access
$auth->setAccess('ContactsReadOnlyAccess', $user->id, array(), false);
$auth->setAccess('ContactsPrivateReadOnlyAccess', $user->id, array(), false);
$accessLevel = Contacts::model()->getAccessLevel();
$this->assertEquals(X2PermissionsBehavior::QUERY_NONE, $accessLevel);
$contactGroup->asa('permissions')->clearCache();
$this->assertFalse($contactGroup->isVisibleTo(Yii::app()->getSuModel()));
$contactGroupmate->asa('permissions')->clearCache();
$this->assertFalse($contactGroupmate->isVisibleTo(Yii::app()->getSuModel()));
$contactAnyone->asa('permissions')->clearCache();
$this->assertFalse($contactAnyone->isVisibleTo(Yii::app()->getSuModel()));
$contactUserPrivate->asa('permissions')->clearCache();
$this->assertFalse($contactUserPrivate->isVisibleTo(Yii::app()->getSuModel()));
$contactOtherPrivate->asa('permissions')->clearCache();
$this->assertFalse($contactOtherPrivate->isVisibleTo(Yii::app()->getSuModel()));
$contactInvisible->asa('permissions')->clearCache();
$this->assertFalse($contactInvisible->isVisibleTo(Yii::app()->getSuModel()));
$criteria = Contacts::model()->getAccessCriteria();
$contacts = Contacts::model()->findAll($criteria);
$this->assertEquals(0, count($contacts));
$this->assertEquals(0, count(array_intersect(array(), array_map(function ($contact) {
return $contact->id;
}, $contacts))));
// all access
$auth->setAccess('ContactsAdmin', $user->id, array(), true);
$auth->setAccess('AdminIndex', $user->id, array(), true);
$auth->setAccess('ContactsReadOnlyAccess', $user->id, array(), true);
$auth->setAccess('ContactsBasicAccess', $user->id, array(), true);
$auth->setAccess('ContactsFullAccess', $user->id, array(), true);
$auth->setAccess('ContactsUpdateAccess', $user->id, array(), true);
$accessLevel = Contacts::model()->getAccessLevel();
$this->assertEquals(X2PermissionsBehavior::QUERY_ALL, $accessLevel);
$contactGroup->asa('permissions')->clearCache();
$this->assertTrue($contactGroup->isVisibleTo(Yii::app()->getSuModel()));
$contactGroupmate->asa('permissions')->clearCache();
$this->assertTrue($contactGroupmate->isVisibleTo(Yii::app()->getSuModel()));
$contactAnyone->asa('permissions')->clearCache();
$this->assertTrue($contactAnyone->isVisibleTo(Yii::app()->getSuModel()));
$contactUserPrivate->asa('permissions')->clearCache();
$this->assertTrue($contactUserPrivate->isVisibleTo(Yii::app()->getSuModel()));
$contactOtherPrivate->asa('permissions')->clearCache();
$this->assertTrue($contactOtherPrivate->isVisibleTo(Yii::app()->getSuModel()));
$contactInvisible->asa('permissions')->clearCache();
$this->assertFalse($contactInvisible->isVisibleTo(Yii::app()->getSuModel()));
$criteria = Contacts::model()->getAccessCriteria();
$contacts = Contacts::model()->findAll($criteria);
$this->assertEquals(5, count($contacts));
$this->assertEquals(5, count(array_intersect(array($contactGroup->id, $contactGroupmate->id, $contactAnyone->id, $contactUserPrivate->id, $contactOtherPrivate->id), array_map(function ($contact) {
return $contact->id;
}, $contacts))));
$criteria = Contacts::model()->getAccessCriteria('t', 'X2PermissionsBehavior', true);
$contacts = Contacts::model()->findAll($criteria);
$this->assertEquals(6, count($contacts));
$this->assertEquals(6, count(array_intersect(array($contactGroup->id, $contactGroupmate->id, $contactAnyone->id, $contactUserPrivate->id, $contactOtherPrivate->id, $contactInvisible->id), array_map(function ($contact) {
return $contact->id;
}, $contacts))));
TestingAuxLib::restoreX2AuthManager();
}
