/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create superAccount owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
//Test nobody, access to details of superAccount should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$superAccount->addPermissions($nobody, Permission::READ);
$this->assertTrue($superAccount->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create meeting for an superAccount using the super user
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount);
//Test nobody, access to edit, details and delete of meeting should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to details view only
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody);
//Now access to meetings view by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Now access to meetings edit and delete by Nobody should fail
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
//Now access to meetings view and edit by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Now access to meetings delete by Nobody should fail
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//revoke the permission from the nobody user to access the meeting
Yii::app()->user->userModel = $super;
$meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody);
//Now nobodys, access to edit, details and delete of meetings should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
//Now nobodys, access to delete of meetings should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create account owned by super
$account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$account2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($account2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $account2->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a meeting owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$meeting2 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedBySuperForRole', $super, $account2);
//Test userInChildRole, access to meetings details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentRole, access to meetings details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give userInChildRole access to READ permision for meetings
Yii::app()->user->userModel = $super;
$meeting2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($meeting2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting2, $userInChildRole);
//Test userInChildRole, access to meetings details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Test userInChildRole, access to meetings edit and delete should fail.
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentRole, access to meetings details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Test userInParentRole, access to meetings edit and delete should fail.
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give userInChildRole access to read and write for the meetings
Yii::app()->user->userModel = $super;
$meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
//Test userInChildRole, access to meetings edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Test userInChildRole, access to meetings delete should fail.
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentRole, access to meetings edit should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Test userInParentRole, access to meetings delete should fail.
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//revoke userInChildRole access to read and write meetings
Yii::app()->user->userModel = $super;
$meeting2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting2, $userInChildRole);
//Test userInChildRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give userInChildRole access to read and write for the meetings
Yii::app()->user->userModel = $super;
$meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
$this->assertTrue($meeting2->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
//Test userInParentRole, access to delete should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $meeting2->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$this->assertTrue($userInChildGroup->save());
//create account owned by super
$account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
//Test userInParentGroup, access to details should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$account3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($account3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $account3->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create a meeting owned by super
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$meeting3 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('mettingCreatedBySuperForGroup', $super, $account3);
//Add access for the confused user to accounts and creation of accounts.
$userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_ACCESS_MEETINGS);
$userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_CREATE_MEETINGS);
$userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_DELETE_MEETINGS);
$this->assertTrue($userInChildGroup->save());
//Test userInParentGroup, access to meetings details and edit should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInChildGroup, access to meetings details and edit should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$meeting3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($meeting3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($meeting3, $parentGroup);
//Test userInParentGroup, access to meetings details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Test userInParentGroup, access to meetings edit and delete should fail.
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInChildGroup, access to meetings details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Test userInChildGroup, access to meetings edit and delete should fail.
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$meeting3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($meeting3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
//Test userInParentGroup, access to edit meetings should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Test userInParentGroup, access to meetings delete should fail.
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInChildGroup, access to edit meetings should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Test userInChildGroup, access to meetings delete should fail.
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//revoke parentGroup access to meetings read and write
Yii::app()->user->userModel = $super;
$meeting3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($meeting3, $parentGroup);
//Test userInChildGroup, access to meetings detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//Test userInParentGroup, access to meetings detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$meeting3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
$this->assertTrue($meeting3->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
//Test userInChildGroup, access to meetings delete should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $meeting3->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create contact web form owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super);
//Test nobody, access to edit and details should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$contactWebForm->addPermissions($nobody, Permission::READ);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test nobody, access to edit should fail.
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm->id;
$contactWebForm->forget();
$contactWebForm = ContactWebForm::getById($contactWebFormId);
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody);
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm->id;
$contactWebForm->forget();
$contactWebForm = ContactWebForm::getById($contactWebFormId);
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
//Test nobody, access to detail should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create web form owned by super
$contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$contactWebForm2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($contactWebForm2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
$contactWebFormId = $contactWebForm2->id;
$contactWebForm2->forget();
$contactWebForm2 = ContactWebForm::getById($contactWebFormId);
//give userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm2, $userInChildRole);
//Test userInChildRole, access to edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
//Test userInParentRole, access to edit should not fail.
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm2->id;
$contactWebForm2->forget();
$contactWebForm2 = ContactWebForm::getById($contactWebFormId);
//revoke userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($contactWebForm2, $userInChildRole);
//Test userInChildRole, access to detail should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//Test userInParentRole, access to detail should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to ContactWebForms and creation of ContactWebForms.
$userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS);
$userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS);
$this->assertTrue($userInChildGroup->save());
//create web form owned by super
$contactWebForm3 = ContactWebFormTestHelper::createContactWebFormByName('testingParentGroupPermission', $super);
//Test userInParentGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//Test userInChildGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$contactWebForm3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($contactWebForm3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($contactWebForm3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
$contactWebFormId = $contactWebForm3->id;
$contactWebForm3->forget();
$contactWebForm3 = ContactWebForm::getById($contactWebFormId);
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($contactWebForm3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm3, $parentGroup);
//Test userInParentGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
//Test userInChildGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm3->id;
$contactWebForm3->forget();
$contactWebForm3 = ContactWebForm::getById($contactWebFormId);
//revoke parentGroup access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($contactWebForm3, $parentGroup);
//Test userInChildGroup, access to detail should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//Test userInParentGroup, access to detail should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
//clear up the role relationships between users so not to effect next assertions
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create project owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super);
//Test nobody, access to edit and details should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
//give nobody access to read
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ);
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
//Test nobody, access to edit should fail.
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
$projectId = $project->id;
$project->forget();
$project = Project::getById($projectId);
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
//TODO :Its wierd that giving opportunity errors
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody);
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
$projectId = $project->id;
$project->forget();
$project = Project::getById($projectId);
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody);
//Test nobody, access to detail should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create project owned by super
$project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$project2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($project2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
$projectId = $project2->id;
$project2->forget();
$project2 = Project::getById($projectId);
//give userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($project2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project2, $userInChildRole);
//Test userInChildRole, access to edit should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
//Test userInParentRole, access to edit should not fail.
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
$this->setGetArray(array('id' => $project2->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
$projectId = $project2->id;
$project2->forget();
$project2 = Project::getById($projectId);
//revoke userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($project2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project2, $userInChildRole);
//Test userInChildRole, access to detail should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//Test userInParentRole, access to detail should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to Products and creation of Products.
$userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_ACCESS_PROJECTS);
$userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_CREATE_PROJECTS);
$this->assertTrue($userInChildGroup->save());
//create project owned by super
$project3 = ProjectTestHelper::createProjectByNameForOwner('testingParentGroupPermission', $super);
//Test userInParentGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//Test userInChildGroup, access to details and edit should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$project3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($project3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($project3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
//Test userInChildGroup, access to details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
$projectId = $project3->id;
$project3->forget();
$project3 = Project::getById($projectId);
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($project3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($project3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($project3, $parentGroup);
//Test userInParentGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
//Test userInChildGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $project3->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
$projectId = $project3->id;
$project3->forget();
$project3 = Project::getById($projectId);
//revoke parentGroup access to read and write
Yii::app()->user->userModel = $super;
$project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($project3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($project3, $parentGroup);
//Test userInChildGroup, access to detail should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//Test userInParentGroup, access to detail should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
//clear up the role relationships between users so not to effect next assertions
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create lead owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super);
//Test nobody, access to edit, details and delete should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test nobody, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
//Now the nobody user should be able to access the edit view and still the details view
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test nobody, access to delete should fail.
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody);
//Test nobody, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read, write and delete
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
//now nobody should be able to delete a lead
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create lead owned by super
$lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super);
//Test userInChildRole, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentRole, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$lead2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($lead2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test userInChildRole, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test userInParentRole, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$lead2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead2->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead2, $userInChildRole);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
//Test userInChildRole, access to edit and delete should not fail and also detaisl view must be accessible.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test userInChildRole, access to delete should fail.
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentRole, access to edit should not fail.
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test userInParentRole, access to delete should fail.
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//revoke userInChildRole access to read and write
Yii::app()->user->userModel = $super;
$lead2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead2->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead2, $userInChildRole);
//Test userInChildRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentRole, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give userInChildRole access to read, write and delete
Yii::app()->user->userModel = $super;
$lead2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
$this->assertTrue($lead2->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
//Test userInParentRole, access to delete should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $lead2->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
//clear up the role relationships between users so not to effect next assertions
$parentRole->users->remove($userInParentRole);
$parentRole->roles->remove($childRole);
$this->assertTrue($parentRole->save());
$childRole->users->remove($userInChildRole);
$this->assertTrue($childRole->save());
//create some groups and assign users to groups
Yii::app()->user->userModel = $super;
$parentGroup = new Group();
$parentGroup->name = 'AAA';
$this->assertTrue($parentGroup->save());
$childGroup = new Group();
$childGroup->name = 'BBB';
$this->assertTrue($childGroup->save());
$userInChildGroup = User::getByUsername('confused');
$userInParentGroup = User::getByUsername('nobody');
$childGroup->users->add($userInChildGroup);
$this->assertTrue($childGroup->save());
$parentGroup->users->add($userInParentGroup);
$parentGroup->groups->add($childGroup);
$this->assertTrue($parentGroup->save());
$parentGroup->forget();
$childGroup->forget();
$parentGroup = Group::getByName('AAA');
$childGroup = Group::getByName('BBB');
//Add access for the confused user to leads and creation of leads.
$userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
$userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS);
$userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS);
$this->assertTrue($userInChildGroup->save());
//create lead owned by super
$lead3 = LeadTestHelper::createLeadByNameForOwner('leadsParentGroupPermission', $super);
//Test userInParentGroup, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInChildGroup, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give parentGroup access to READ
Yii::app()->user->userModel = $super;
$lead3->addPermissions($parentGroup, Permission::READ);
$this->assertTrue($lead3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($lead3, $parentGroup);
//Test userInParentGroup, access to details should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test userInParentGroup, access to delete should fail.
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInChildGroup, access to edit and details should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test userInChildGroup, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give parentGroup access to read and write
Yii::app()->user->userModel = $super;
$lead3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead3->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($lead3, $parentGroup);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
//Test userInParentGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test userInParentGroup, access to delete should fail.
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInChildGroup, access to edit should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test userInChildGroup, access to delete should fail.
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//revoke parentGroup access to read and write
Yii::app()->user->userModel = $super;
$lead3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead3->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($lead3, $parentGroup);
//Test userInChildGroup, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//Test userInParentGroup, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $userInParentGroup;
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give parentGroup access to read, write and delete
Yii::app()->user->userModel = $super;
$lead3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
$this->assertTrue($lead3->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
//Test userInChildGroup, access to delete should not fail.
Yii::app()->user->userModel = $userInChildGroup;
$this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
$this->setGetArray(array('id' => $lead3->id));
$this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
//clear up the role relationships between users so not to effect next assertions
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$userInParentGroup->forget();
$userInChildGroup->forget();
$childGroup->forget();
$parentGroup->forget();
$userInParentGroup = User::getByUsername('nobody');
$userInChildGroup = User::getByUsername('confused');
$childGroup = Group::getByName('BBB');
$parentGroup = Group::getByName('AAA');
$parentGroup->users->remove($userInParentGroup);
$parentGroup->groups->remove($childGroup);
$this->assertTrue($parentGroup->save());
$childGroup->users->remove($userInChildGroup);
$this->assertTrue($childGroup->save());
}
/**
* Ensures another user can 'clone' an account they can see, but is not necessarily the owner and does not have
* super privileges.
*/
public function testCopyingAModelOwnedByAnotherUserWhereYouHaveRestrictedAccess()
{
Yii::app()->user->userModel = User::getByUsername('super');
$account = AccountTestHelper::createAccountByNameForOwner('a super account', Yii::app()->user->userModel);
//This will simulate sally having access to 'clone' the account.
$sally = User::getByUserName('sally');
$account->addPermissions($sally, Permission::READ);
$account->save();
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account, $sally);
Yii::app()->user->userModel = User::getByUsername('sally');
$copyOfAccount = new Account();
ZurmoCopyModelUtil::copy($account, $copyOfAccount);
$saved = $copyOfAccount->save();
$this->assertTrue($saved);
}
/**
* @depends testCreateStarredTables
*/
public function testUnmarkModelAsStarredForAllUsers()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$steven = UserTestHelper::createBasicUser('Steven');
$account = new Account();
$account->owner = $super;
$account->name = 'Test Account';
$account->officePhone = '1234567890';
$account->addPermissions($steven, Permission::READ);
$this->assertTrue($account->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account, $steven);
StarredUtil::markModelAsStarred($account);
Yii::app()->user->userModel = $steven;
StarredUtil::markModelAsStarred($account);
$starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id);
$this->assertEquals(2, $starredRecords);
StarredUtil::unmarkModelAsStarredForAllUsers($account);
$starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id);
$this->assertEquals(0, $starredRecords);
}
/**
* Given a SecurableItem, add and remove permissions
* based on what the provided ExplicitReadWriteModelPermissions indicates should be done.
* Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user
* can effectively add permissions even if the current user is no longer the owner.
* @param SecurableItem $securableItem
* @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions
* @param bool $validate
* @return bool|void
* @throws NotSupportedException
*/
public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate = false)
{
assert('$securableItem->id > 0');
$optimizeReadPermissions = $securableItem::hasReadPermissionsOptimization();
$securableItem->setTreatCurrentUserAsOwnerForPermissions(true);
$saveSecurableItem = false;
if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) {
if ($securableItem->addPermissions($permitable, Permission::READ) && $optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) {
if ($securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER) && $optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) {
$securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW);
if ($optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) {
$securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW);
if ($optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($saveSecurableItem) {
$setBackToProcess = false;
if ($securableItem->shouldProcessWorkflowOnSave()) {
$securableItem->setDoNotProcessWorkflowOnSave();
$setBackToProcess = true;
}
$saved = $securableItem->save($validate);
if ($setBackToProcess) {
$securableItem->setProcessWorkflowOnSave();
}
$securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
return $saved;
}
$securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
return true;
}
/**
* @depends testRegularUserSwitchingOwnershipLosesAccessToAccount
*/
public function testRegularUserBullkWriteWhereSomeItemsTheyDontHavePrivledgesToDoIt()
{
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$confused = User::getByUsername('confused');
$billy = User::getByUsername('billy');
$this->assertEquals(Right::DENY, $confused->getEffectiveRight('ZurmoModule', ZurmoModule::RIGHT_BULK_WRITE));
$confused->setRight('ZurmoModule', ZurmoModule::RIGHT_BULK_WRITE);
$this->assertTrue($confused->save());
$account1 = AccountTestHelper::createAccountByNameForOwner('canUpdate', $confused);
$account2 = AccountTestHelper::createAccountByNameForOwner('canUpdate2', $confused);
$account3 = AccountTestHelper::createAccountByNameForOwner('cannotUpdate', $billy);
$this->assertEquals($confused, $account1->owner);
$this->assertEquals($confused, $account2->owner);
$this->assertEquals($billy, $account3->owner);
//Give confused user read access to $account3
$this->assertNotEquals($account3->owner->id, $confused->id);
$this->assertEquals(Permission::NONE, $account3->getEffectivePermissions($confused));
$account3->addPermissions($confused, Permission::READ);
$this->assertTrue($account3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account3, $confused);
$this->assertEquals(Permission::READ, $account3->getEffectivePermissions($confused));
//Make confused user the current user.
Yii::app()->user->userModel = $confused;
//Load MassEdit view for the 3 accounts.
$selectedIds = $account1->id . ',' . $account2->id . ',' . $account3->id;
// Not Coding Standard
$this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => ''));
// Not Coding Standard
$this->resetPostArray();
$content = $this->runControllerWithNoExceptionsAndGetContent('accounts/default/massEdit');
$this->assertContains('<strong>3</strong> records selected for updating', $content);
//Test trying to change the owner to super and trying to change name which is required, but leaving it blank.
//This will result in a validation error, but since since the owner has been selected as super, we want
//to make sure there are no exceptions and the validation appears in the user interface correctly.
$this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => '', 'Account_page' => 1));
$this->setPostArray(array('Account' => array('name' => '', 'owner' => array('id' => $super->id)), 'MassEdit' => array('name' => 1, 'owner' => 1)));
$content = $this->runControllerWithNoExceptionsAndGetContent('accounts/default/massEdit');
$this->assertContains('<strong>3</strong> records selected for updating', $content);
//Now set office phone to a real value, keep owner set at super, and try again. This time the mass update
//should be successful except for account3 which the confused user does not have write access too.
$this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => '', 'Account_page' => 1));
$this->setPostArray(array('Account' => array('name' => '7799', 'owner' => array('id' => $super->id)), 'MassEdit' => array('name' => 1, 'owner' => 1)));
$content = $this->runControllerWithRedirectExceptionAndGetContent('accounts/default/massEdit');
//Confirm the flash message shows the correct information that 1 failed.
$this->assertContains('Successfully updated 2 records. 1 account skipped because you do not have sufficient permissions.', Yii::app()->user->getFlash('notification'));
//Confirm updates are correct
Yii::app()->user->userModel = $super;
$account1 = Account::getById($account1->id);
$account2 = Account::getById($account2->id);
$account3 = Account::getById($account3->id);
$this->assertEquals('7799', $account1->name);
$this->assertEquals('7799', $account2->name);
$this->assertEquals('cannotUpdate', $account3->name);
$this->assertEquals($super->getFullName(), $account2->owner->getFullName());
$this->assertEquals($super->getFullName(), $account2->owner->getFullName());
$this->assertEquals($billy->getFullName(), $account3->owner->getFullName());
}
