function testAllUsersCreateSiteByDefault()
{
$user = new UserAccountModel();
$user->setEmail("*****@*****.**");
$user->setUsername("test");
$user->setPassword("password");
$userRepo = new UserAccountRepository();
$userRepo->create($user);
$userRepo->verifyEmail($user);
// reload user object so all flags set correctly
$user = $userRepo->loadByUserName("test");
$extensionsManager = new ExtensionManager($this->app);
$userPerRepo = new \repositories\UserPermissionsRepository($extensionsManager);
## user can create sites, anon can't!
$permissions = $userPerRepo->getPermissionsForUserInIndex(null, false);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex(null, true);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex($user, false);
$this->assertEquals(1, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex($user, true);
$this->assertEquals(0, count($permissions->getPermissions()));
}
function testSpecificUsersCreateSite()
{
$user = new UserAccountModel();
$user->setEmail("*****@*****.**");
$user->setUsername("test");
$user->setPassword("password");
$userOther = new UserAccountModel();
$userOther->setEmail("*****@*****.**");
$userOther->setUsername("other");
$userOther->setPassword("password");
$userRepo = new UserAccountRepository();
$userRepo->create($user);
$userRepo->verifyEmail($user);
$userRepo->create($userOther);
$userRepo->verifyEmail($userOther);
// reload user object so all flags set correctly
$userOther = $userRepo->loadByUserName($userOther->getUsername());
$user = $userRepo->loadByUserName("test");
$extensionsManager = new ExtensionManager($this->app);
$userPerRepo = new \repositories\UserPermissionsRepository($extensionsManager);
## Noone can create sites
$permissions = $userPerRepo->getPermissionsForUserInIndex(null);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex($user);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex($userOther);
$this->assertEquals(0, count($permissions->getPermissions()));
## Now create user group for all users
$userGroupModel = new \models\UserGroupModel();
$userGroupModel->setTitle("TITLE");
$userGroupRepo = new \repositories\UserGroupRepository();
$userGroupRepo->createForIndex($userGroupModel);
$userGroupRepo->addUserToGroup($user, $userGroupModel);
$userGroupRepo->addPermissionToGroup(new \userpermissions\CreateSiteUserPermission(), $userGroupModel, null);
## Now user can create sites, anon can't!
$permissions = $userPerRepo->getPermissionsForUserInIndex(null, false);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex(null, true);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex($user, false);
$this->assertEquals(1, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex($user, true);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex($userOther, false);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInIndex($userOther, true);
$this->assertEquals(0, count($permissions->getPermissions()));
}
$timezone = "";
if (isset($_GET['mytimezone']) && in_array($_GET['mytimezone'], $timezones)) {
setcookie("siteIndextimezone", $_GET['mytimezone'], time() + 60 * 60 * 24 * 365, '/', $CONFIG->webCommonSessionDomain, false, false);
$timezone = $_GET['mytimezone'];
} else {
if (isset($_COOKIE["siteIndextimezone"]) && in_array($_COOKIE["siteIndextimezone"], $timezones)) {
$timezone = $_COOKIE["siteIndextimezone"];
} else {
$timezone = 'Europe/London';
}
}
$app['twig']->addGlobal('currentTimeZone', $timezone);
$app['twig']->addGlobal('allowedTimeZones', $timezones);
$app['currentTimeZone'] = $timezone;
# ////////////// Permissions
$userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']);
$app['currentUserPermissions'] = $userPermissionsRepo->getPermissionsForUserInIndex($app['currentUser'], false, true);
$app['twig']->addGlobal('actionCreateSite', $app['currentUserPermissions']->hasPermission("org.openacalendar", "CREATE_SITE"));
});
$permissionCreateSiteRequired = function (Request $request, Application $app) {
global $CONFIG;
if (!$app['currentUserPermissions']->hasPermission("org.openacalendar", "CREATE_SITE")) {
return new RedirectResponse($CONFIG->getWebIndexDomainSecure() . '/you/login');
}
};
$appUserRequired = function (Request $request) use($app) {
global $CONFIG;
if (!$app['currentUser']) {
return new RedirectResponse($CONFIG->getWebIndexDomainSecure() . '/you/login');
}
};
header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 30 * 60));
$data = array();
// TODO would like to depreceate httpDomain and get scripts to just use httpDomainIndex & httpDomainSite for clarity
$data['httpDomain'] = $site->getSlug() . "." . $CONFIG->webSiteDomain;
$data['httpDomainIndex'] = $CONFIG->webIndexDomain;
if ($CONFIG->hasSSL) {
$data['hasSSL'] = true;
$data['httpsDomain'] = $site->getSlug() . "." . $CONFIG->webSiteDomainSSL;
$data['httpsDomainIndex'] = $CONFIG->webIndexDomainSSL;
} else {
$data['hasSSL'] = false;
}
$data['twitter'] = $CONFIG->contactTwitter;
$data['isSingleSiteMode'] = false;
$user = userGetCurrent();
if ($user) {
$data['currentUser'] = array('username' => $user->getUsername());
} else {
$data['currentUser'] = false;
}
$removeEditorPermissions = false;
$userHasNoEditorPermissionsInSiteRepo = new UserHasNoEditorPermissionsInSiteRepository();
if ($app['currentUser'] && $userHasNoEditorPermissionsInSiteRepo->isUserInSite($app['currentUser'], $site)) {
$removeEditorPermissions = true;
}
$userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']);
$currentUserPermissions = $userPermissionsRepo->getPermissionsForUserInSite($user, $site, $removeEditorPermissions, true);
$data['currentUserPermissions'] = $currentUserPermissions->getAsArrayForJSON();
print "var config = " . json_encode($data);
}
}
if ($apiapp && !$apiapp->getIsClosedBySysAdmin()) {
$app['apiApp'] = $apiapp;
$app['userAgent']->setApi2ApplicationId($apiapp->getId());
// User Token
$userTokenRepo = new API2ApplicationUserTokenRepository();
if ($data['user_token']) {
$app['apiUserToken'] = $userTokenRepo->loadByAppAndUserTokenAndUserSecret($apiapp, $data['user_token'], $data['user_secret']);
if ($app['apiUserToken']) {
// User
$userRepo = new UserAccountRepository();
$app['apiUser'] = $userRepo->loadByID($app['apiUserToken']->getUserId());
}
}
}
// user permissons
$userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']);
// if app is not editor or token is not editor, remove edit permissions
$removeEditPermissions = $app['apiApp'] && !$app['apiApp']->getIsEditor() || $app['apiUserToken'] && !$app['apiUserToken']->getIsEditor();
$app['currentUserPermissions'] = $userPermissionsRepo->getPermissionsForUserInSite($app['apiUser'], $app['currentSite'], $removeEditPermissions, true);
// finally user actions
$app['currentUserActions'] = new UserActionsSiteList($app['currentSite'], $app['currentUserPermissions']);
});
$appUserRequired = function (Request $request) use($app) {
if (!$app['apiUser']) {
// TODO also if app closed
die("ERROR");
// TODO something better
}
};
$appUserPermissionCalendarChangeRequired = function (Request $request) use($app) {
if (!$app['apiUser']) {
$app['twig']->addGlobal('currentSite', $site);
$app['currentSite'] = $site;
# ////////////// Site closed
if ($app['currentSite']->getIsClosedBySysAdmin()) {
$app['twig']->addGlobal('currentUserInSite', null);
$app['twig']->addGlobal('currentUserCanAdminSite', false);
$app['twig']->addGlobal('currentUserCanEditSite', false);
return new Response($app['twig']->render('site/closed_by_sys_admin.html.twig', array()));
}
# ////////////// Features
$siteFeaturesRepo = new repositories\SiteFeatureRepository($app);
$app['currentSiteFeatures'] = new SiteFeaturesList($siteFeaturesRepo->getForSiteAsTree($app['currentSite']));
$app['twig']->addGlobal('currentSiteFeatures', $app['currentSiteFeatures']);
$app['currentSiteFeatures']->setFeaturesOnSite($app['currentSite']);
# ////////////// Permissions and Watch
$userPermissionsRepo = new \repositories\UserPermissionsRepository($app['extensions']);
// We do not check UserHasNoEditorPermissionsInSiteRepository(); because that is site mode only.
// In Single Site mode sysadmins can remove this right.
$app['currentUserPermissions'] = $userPermissionsRepo->getPermissionsForUserInSite($app['currentUser'], $app['currentSite'], false, true);
# ////////////// User and their watch and perms
$app['currentUserActions'] = new UserActionsSiteList($app['currentSite'], $app['currentUserPermissions']);
$app['currentUserWatchesSite'] = false;
if ($app['currentUser']) {
$uwsr = new UserWatchesSiteRepository();
$uws = $uwsr->loadByUserAndSite($app['currentUser'], $app['currentSite']);
$app['currentUserWatchesSite'] = $uws && $uws->getIsWatching();
}
$app['twig']->addGlobal('currentUserActions', $app['currentUserActions']);
$app['twig']->addGlobal('currentUserWatchesSite', $app['currentUserWatchesSite']);
# ////////////// if not current user, let templates see what currentUser could do
if (!$app['currentUser']) {
function testSiteOwnerSpecificEdit()
{
global $CONFIG;
$CONFIG->newUsersAreEditors = true;
$this->addCountriesToTestDB();
$userOwner = new UserAccountModel();
$userOwner->setEmail("*****@*****.**");
$userOwner->setUsername("test");
$userOwner->setPassword("password");
$userVerified = new UserAccountModel();
$userVerified->setEmail("*****@*****.**");
$userVerified->setUsername("verified");
$userVerified->setPassword("password");
$userUnverified = new UserAccountModel();
$userUnverified->setEmail("*****@*****.**");
$userUnverified->setUsername("unverified");
$userUnverified->setPassword("password");
$userRepo = new UserAccountRepository();
$userRepo->create($userOwner);
$userRepo->verifyEmail($userOwner);
$userRepo->create($userVerified);
$userRepo->verifyEmail($userVerified);
$userRepo->create($userUnverified);
// reload user object so all flags set correctly
$userOwner = $userRepo->loadByUserName($userOwner->getUsername());
$userVerified = $userRepo->loadByUserName($userVerified->getUsername());
$userUnverified = $userRepo->loadByUserName($userUnverified->getUsername());
$extensionsManager = new ExtensionManager($this->app);
$userPerRepo = new \repositories\UserPermissionsRepository($extensionsManager);
$siteModel = new \models\SiteModel();
$siteModel->setTitle("Test");
$siteModel->setSlug("test");
$siteRepository = new \repositories\SiteRepository();
$countryRepository = new \repositories\CountryRepository();
$siteRepository->create($siteModel, $userOwner, array($countryRepository->loadByTwoCharCode("GB")), $this->getSiteQuotaUsedForTesting(), false);
## Check!
$extensionsManager = new ExtensionManager($this->app);
$userPerRepo = new \repositories\UserPermissionsRepository($extensionsManager);
$permissions = $userPerRepo->getPermissionsForUserInSite($userOwner, $siteModel, false);
$this->assertEquals(2, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInSite($userOwner, $siteModel, true);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInSite($userVerified, $siteModel, false);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInSite($userVerified, $siteModel, true);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInSite($userUnverified, $siteModel, false);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForUserInSite($userUnverified, $siteModel, true);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForAnonymousInSite($siteModel, false, false);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForAnyUserInSite($siteModel, false, false);
$this->assertEquals(0, count($permissions->getPermissions()));
$permissions = $userPerRepo->getPermissionsForAnyVerifiedUserInSite($siteModel, false, false);
$this->assertEquals(0, count($permissions->getPermissions()));
}
