/**
* change general user permissions
* @depends testModifyUserToAdmin
* @var User $user
*/
public function testPermissionChanges()
{
$userGroup = User::getByName("unitTestUserGroup");
$username = $userGroup->getUsername();
$userGroup->setAdmin(false);
$userGroup->save();
unset($userGroup);
$userGroup = User::getByName($username);
//test if admin is allowed all
$permissionList = new User_Permission_Definition_List();
$permissionList->load();
$permissions = $permissionList->getDefinitions();
$setPermissions = array();
//gradually set all system permissions
foreach ($permissions as $permission) {
$userGroup->setPermission($permission->getKey());
$setPermissions[] = $permission->getKey();
$userGroup->save();
unset($userGroup);
$userGroup = User::getByName($username);
foreach ($setPermissions as $p) {
$this->assertTrue($userGroup->isAllowed($p));
}
}
//remove system permissions
$userGroup->setAllAclToFalse();
foreach ($setPermissions as $p) {
$this->assertFalse($userGroup->isAllowed($p));
}
//cannot list documents, assts, objects because no permissions by now
$documentRoot = Document::getById(1);
$documentRoot->getPermissionsForUser($userGroup);
$this->assertFalse($documentRoot->isAllowed("list"));
$objectRoot = Object_Abstract::getById(1);
$objectRoot->getPermissionsForUser($userGroup);
$this->assertFalse($objectRoot->isAllowed("list"));
$assetRoot = Asset::getById(1);
$assetRoot->getPermissionsForUser($userGroup);
$this->assertFalse($assetRoot->isAllowed("list"));
$objectFolder = new Object_Folder();
$objectFolder->setParentId(1);
$objectFolder->setUserOwner(1);
$objectFolder->setUserModification(1);
$objectFolder->setCreationDate(time());
$objectFolder->setKey(uniqid() . rand(10, 99));
$objectFolder->save();
$documentFolder = Document_Folder::create(1, array("userOwner" => 1, "key" => uniqid() . rand(10, 99)));
$assetFolder = Asset_Folder::create(1, array("filename" => uniqid() . "_data", "type" => "folder", "userOwner" => 1));
$user = User::getByName("unitTestUser");
$user->setAdmin(false);
$user->save();
$userGroup->setPermission("objects");
$userGroup->setPermission("documents");
$userGroup->setPermission("assets");
$userGroup->save();
//test permissions with user group and user
$this->permissionTest($objectRoot, $objectFolder, $userGroup, $user, $user, "object");
$this->permissionTest($assetRoot, $assetFolder, $userGroup, $user, $user, "asset");
$this->permissionTest($documentRoot, $documentFolder, $userGroup, $user, $user, "document");
//test permissions when there is no user group permissions
$user = User::create(array("parentId" => 0, "username" => "unitTestUser2", "password" => md5("unitTestUser2"), "hasCredentials" => true, "active" => true));
unset($user);
$user = User::getByName("unitTestUser2");
$user->setPermission("objects");
$user->setPermission("documents");
$user->setPermission("assets");
$user->save();
$this->assertTrue($user instanceof User and $user->getUsername() == "unitTestUser2");
$this->permissionTest($objectRoot, $objectFolder, null, $user, $user, "object");
$this->permissionTest($assetRoot, $assetFolder, null, $user, $user, "asset");
$this->permissionTest($documentRoot, $documentFolder, null, $user, $user, "document");
//test permissions when there is only user group permissions
$user = User::create(array("parentId" => $userGroup->getId(), "username" => "unitTestUser3", "password" => md5("unitTestUser3"), "hasCredentials" => true, "active" => true));
unset($user);
$user = User::getByName("unitTestUser3");
$this->assertTrue($user instanceof User and $user->getUsername() == "unitTestUser3");
$this->permissionTest($objectRoot, $objectFolder, $userGroup, null, $user, "object");
$this->permissionTest($assetRoot, $assetFolder, $userGroup, null, $user, "asset");
$this->permissionTest($documentRoot, $documentFolder, $userGroup, null, $user, "document");
}
/**
*
* @return Array $permissionNames
*/
public static function getAllPermissionDefinitions()
{
if (empty(self::$permissionNames)) {
$list = new User_Permission_Definition_List();
self::$permissionNames = $list->load();
}
return self::$permissionNames;
}
/**
* Generates the permission list required for frontend display
*
* @return void
*/
public function generatePermissionList()
{
$permissionInfo = null;
$list = new User_Permission_Definition_List();
$definitions = $list->load();
foreach ($definitions as $definition) {
$permissionInfo[$definition->getKey()] = $this->getPermission($definition->getKey());
}
return $permissionInfo;
}
public function roleGetAction()
{
$role = User_Role::getById(intval($this->_getParam("id")));
// workspaces
$types = array("asset", "document", "object");
foreach ($types as $type) {
$workspaces = $role->{"getWorkspaces" . ucfirst($type)}();
foreach ($workspaces as $workspace) {
$el = Element_Service::getElementById($type, $workspace->getCid());
if ($el) {
// direct injection => not nice but in this case ok ;-)
$workspace->path = $el->getFullPath();
}
}
}
// get available permissions
$availableUserPermissionsList = new User_Permission_Definition_List();
$availableUserPermissions = $availableUserPermissionsList->load();
$this->_helper->json(array("success" => true, "role" => $role, "permissions" => $role->generatePermissionList(), "availablePermissions" => $availableUserPermissions));
}
