/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create superAccount owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super); //Test nobody, access to details of superAccount should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $superAccount->addPermissions($nobody, Permission::READ); $this->assertTrue($superAccount->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $superAccount->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create meeting for an superAccount using the super user $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount); //Test nobody, access to edit, details and delete of meeting should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give nobody access to details view only Yii::app()->user->userModel = $super; $meeting->addPermissions($nobody, Permission::READ); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody); //Now access to meetings view by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Now access to meetings edit and delete by Nobody should fail $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give nobody access to both details and edit view Yii::app()->user->userModel = $super; $meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody); //Now access to meetings view and edit by Nobody should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Now access to meetings delete by Nobody should fail $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //revoke the permission from the nobody user to access the meeting Yii::app()->user->userModel = $super; $meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody); //Now nobodys, access to edit, details and delete of meetings should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give nobody access to both details and edit view Yii::app()->user->userModel = $super; $meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($meeting->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody); //Now nobodys, access to delete of meetings should not fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $meeting->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create account owned by super $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $account2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($account2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $account2->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a meeting owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $meeting2 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedBySuperForRole', $super, $account2); //Test userInChildRole, access to meetings details, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to meetings details, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give userInChildRole access to READ permision for meetings Yii::app()->user->userModel = $super; $meeting2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting2, $userInChildRole); //Test userInChildRole, access to meetings details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInChildRole, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to meetings details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInParentRole, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give userInChildRole access to read and write for the meetings Yii::app()->user->userModel = $super; $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole); //Test userInChildRole, access to meetings edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInChildRole, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to meetings edit should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInParentRole, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //revoke userInChildRole access to read and write meetings Yii::app()->user->userModel = $super; $meeting2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting2, $userInChildRole); //Test userInChildRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give userInChildRole access to read and write for the meetings Yii::app()->user->userModel = $super; $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE); $this->assertTrue($meeting2->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole); //Test userInParentRole, access to delete should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $meeting2->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS); $this->assertTrue($userInChildGroup->save()); //create account owned by super $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super); //Test userInParentGroup, access to details should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $account3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($account3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $account3->id)); $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details'); //create a meeting owned by super $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $meeting3 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('mettingCreatedBySuperForGroup', $super, $account3); //Add access for the confused user to accounts and creation of accounts. $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_ACCESS_MEETINGS); $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_CREATE_MEETINGS); $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_DELETE_MEETINGS); $this->assertTrue($userInChildGroup->save()); //Test userInParentGroup, access to meetings details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInChildGroup, access to meetings details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $meeting3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($meeting3, $parentGroup); //Test userInParentGroup, access to meetings details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInParentGroup, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInChildGroup, access to meetings details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details'); //Test userInChildGroup, access to meetings edit and delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($meeting3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup); //Test userInParentGroup, access to edit meetings should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInParentGroup, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInChildGroup, access to edit meetings should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit'); //Test userInChildGroup, access to meetings delete should fail. $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //revoke parentGroup access to meetings read and write Yii::app()->user->userModel = $super; $meeting3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($meeting3, $parentGroup); //Test userInChildGroup, access to meetings detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //Test userInParentGroup, access to meetings detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details'); $this->setGetArray(array('id' => $meeting3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit'); $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE); $this->assertTrue($meeting3->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup); //Test userInChildGroup, access to meetings delete should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $meeting3->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create contact web form owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super); //Test nobody, access to edit and details should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); //give nobody access to read Yii::app()->user->userModel = $super; $contactWebForm->addPermissions($nobody, Permission::READ); $this->assertTrue($contactWebForm->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); //Test nobody, access to edit should fail. $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm->id; $contactWebForm->forget(); $contactWebForm = ContactWebForm::getById($contactWebFormId); //give nobody access to read and write Yii::app()->user->userModel = $super; $contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody); //Now the nobody user should be able to access the edit view and still the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm->id; $contactWebForm->forget(); $contactWebForm = ContactWebForm::getById($contactWebFormId); //revoke nobody access to read Yii::app()->user->userModel = $super; $contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody); //Test nobody, access to detail should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create web form owned by super $contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $contactWebForm2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($contactWebForm2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); $contactWebFormId = $contactWebForm2->id; $contactWebForm2->forget(); $contactWebForm2 = ContactWebForm::getById($contactWebFormId); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $contactWebForm2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm2, $userInChildRole); //Test userInChildRole, access to edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm2->id; $contactWebForm2->forget(); $contactWebForm2 = ContactWebForm::getById($contactWebFormId); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $contactWebForm2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($contactWebForm2, $userInChildRole); //Test userInChildRole, access to detail should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //Test userInParentRole, access to detail should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to ContactWebForms and creation of ContactWebForms. $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS); $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS); $this->assertTrue($userInChildGroup->save()); //create web form owned by super $contactWebForm3 = ContactWebFormTestHelper::createContactWebFormByName('testingParentGroupPermission', $super); //Test userInParentGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //Test userInChildGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $contactWebForm3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($contactWebForm3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($contactWebForm3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details'); $contactWebFormId = $contactWebForm3->id; $contactWebForm3->forget(); $contactWebForm3 = ContactWebForm::getById($contactWebFormId); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $contactWebForm3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($contactWebForm3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm3, $parentGroup); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit'); $contactWebFormId = $contactWebForm3->id; $contactWebForm3->forget(); $contactWebForm3 = ContactWebForm::getById($contactWebFormId); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $contactWebForm3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($contactWebForm3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($contactWebForm3, $parentGroup); //Test userInChildGroup, access to detail should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //Test userInParentGroup, access to detail should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details'); $this->setGetArray(array('id' => $contactWebForm3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); //clear up the role relationships between users so not to effect next assertions $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create project owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super); //Test nobody, access to edit and details should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete'); //give nobody access to read Yii::app()->user->userModel = $super; $project->addPermissions($nobody, Permission::READ); $this->assertTrue($project->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $project->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); //Test nobody, access to edit should fail. $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete'); $projectId = $project->id; $project->forget(); $project = Project::getById($projectId); //give nobody access to read and write Yii::app()->user->userModel = $super; $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); //TODO :Its wierd that giving opportunity errors $this->assertTrue($project->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody); //Now the nobody user should be able to access the edit view and still the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $project->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); $projectId = $project->id; $project->forget(); $project = Project::getById($projectId); //revoke nobody access to read Yii::app()->user->userModel = $super; $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($project->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody); //Test nobody, access to detail should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create project owned by super $project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super); //Test userInParentRole, access to details and edit should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $project2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($project2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); $projectId = $project2->id; $project2->forget(); $project2 = Project::getById($projectId); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($project2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project2, $userInChildRole); //Test userInChildRole, access to edit should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $project2->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); $projectId = $project2->id; $project2->forget(); $project2 = Project::getById($projectId); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($project2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project2, $userInChildRole); //Test userInChildRole, access to detail should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //Test userInParentRole, access to detail should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to Products and creation of Products. $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_ACCESS_PROJECTS); $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_CREATE_PROJECTS); $this->assertTrue($userInChildGroup->save()); //create project owned by super $project3 = ProjectTestHelper::createProjectByNameForOwner('testingParentGroupPermission', $super); //Test userInParentGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //Test userInChildGroup, access to details and edit should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $project3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($project3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($project3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); //Test userInChildGroup, access to details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/details'); $projectId = $project3->id; $project3->forget(); $project3 = Project::getById($projectId); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($project3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($project3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($project3, $parentGroup); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $project3->id)); $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit'); $projectId = $project3->id; $project3->forget(); $project3 = Project::getById($projectId); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY); $this->assertTrue($project3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($project3, $parentGroup); //Test userInChildGroup, access to detail should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //Test userInParentGroup, access to detail should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details'); $this->setGetArray(array('id' => $project3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit'); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); //clear up the role relationships between users so not to effect next assertions $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate */ public function testRegularUserControllerActionsWithElevationToModels() { //Create lead owned by user super. $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super); //Test nobody, access to edit, details and delete should fail. $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give nobody access to read Yii::app()->user->userModel = $super; $lead->addPermissions($nobody, Permission::READ); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody); //Now the nobody user can access the details view. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test nobody, access to edit and delete should fail. $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give nobody access to read and write Yii::app()->user->userModel = $super; $lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody); //Now the nobody user should be able to access the edit view and still the details view Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test nobody, access to delete should fail. $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //revoke nobody access to read Yii::app()->user->userModel = $super; $lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody); //Test nobody, access to detail, edit and delete should fail. Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give nobody access to read, write and delete Yii::app()->user->userModel = $super; $lead->addPermissions($nobody, Permission::READ_WRITE_DELETE); $this->assertTrue($lead->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody); //now nobody should be able to delete a lead Yii::app()->user->userModel = $nobody; $this->setGetArray(array('id' => $lead->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index')); //create some roles Yii::app()->user->userModel = $super; $parentRole = new Role(); $parentRole->name = 'AAA'; $this->assertTrue($parentRole->save()); $childRole = new Role(); $childRole->name = 'BBB'; $this->assertTrue($childRole->save()); $userInParentRole = User::getByUsername('confused'); $userInChildRole = User::getByUsername('nobody'); $childRole->users->add($userInChildRole); $this->assertTrue($childRole->save()); $parentRole->users->add($userInParentRole); $parentRole->roles->add($childRole); $this->assertTrue($parentRole->save()); $userInChildRole->forget(); $userInChildRole = User::getByUsername('nobody'); $userInParentRole->forget(); $userInParentRole = User::getByUsername('confused'); $parentRoleId = $parentRole->id; $parentRole->forget(); $parentRole = Role::getById($parentRoleId); $childRoleId = $childRole->id; $childRole->forget(); $childRole = Role::getById($childRoleId); //create lead owned by super $lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super); //Test userInChildRole, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give userInChildRole access to READ Yii::app()->user->userModel = $super; $lead2->addPermissions($userInChildRole, Permission::READ); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead2, $userInChildRole); //Test userInChildRole, access to details should not fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInChildRole, access to edit and delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to details should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInParentRole, access to edit and delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give userInChildRole access to read and write Yii::app()->user->userModel = $super; $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead2, $userInChildRole); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole); //Test userInChildRole, access to edit and delete should not fail and also detaisl view must be accessible. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInChildRole, access to delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to edit should not fail. $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInParentRole, access to delete should fail. $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //revoke userInChildRole access to read and write Yii::app()->user->userModel = $super; $lead2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead2, $userInChildRole); //Test userInChildRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentRole, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead2->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give userInChildRole access to read, write and delete Yii::app()->user->userModel = $super; $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE); $this->assertTrue($lead2->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole); //Test userInParentRole, access to delete should not fail. Yii::app()->user->userModel = $userInParentRole; $this->setGetArray(array('id' => $lead2->id)); $this->resetPostArray(); $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index')); //clear up the role relationships between users so not to effect next assertions $parentRole->users->remove($userInParentRole); $parentRole->roles->remove($childRole); $this->assertTrue($parentRole->save()); $childRole->users->remove($userInChildRole); $this->assertTrue($childRole->save()); //create some groups and assign users to groups Yii::app()->user->userModel = $super; $parentGroup = new Group(); $parentGroup->name = 'AAA'; $this->assertTrue($parentGroup->save()); $childGroup = new Group(); $childGroup->name = 'BBB'; $this->assertTrue($childGroup->save()); $userInChildGroup = User::getByUsername('confused'); $userInParentGroup = User::getByUsername('nobody'); $childGroup->users->add($userInChildGroup); $this->assertTrue($childGroup->save()); $parentGroup->users->add($userInParentGroup); $parentGroup->groups->add($childGroup); $this->assertTrue($parentGroup->save()); $parentGroup->forget(); $childGroup->forget(); $parentGroup = Group::getByName('AAA'); $childGroup = Group::getByName('BBB'); //Add access for the confused user to leads and creation of leads. $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS); $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS); $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS); $this->assertTrue($userInChildGroup->save()); //create lead owned by super $lead3 = LeadTestHelper::createLeadByNameForOwner('leadsParentGroupPermission', $super); //Test userInParentGroup, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInChildGroup, access to details, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give parentGroup access to READ Yii::app()->user->userModel = $super; $lead3->addPermissions($parentGroup, Permission::READ); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($lead3, $parentGroup); //Test userInParentGroup, access to details should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInParentGroup, access to delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInChildGroup, access to edit and details should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/details'); //Test userInChildGroup, access to edit and delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give parentGroup access to read and write Yii::app()->user->userModel = $super; $lead3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($lead3, $parentGroup); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup); //Test userInParentGroup, access to edit should not fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInParentGroup, access to delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInChildGroup, access to edit should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit'); //Test userInChildGroup, access to delete should fail. $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //revoke parentGroup access to read and write Yii::app()->user->userModel = $super; $lead3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($lead3, $parentGroup); //Test userInChildGroup, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInChildGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //Test userInParentGroup, access to detail, edit and delete should fail. Yii::app()->user->userModel = $userInParentGroup; $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit'); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete'); //give parentGroup access to read, write and delete Yii::app()->user->userModel = $super; $lead3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE); $this->assertTrue($lead3->save()); AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup); //Test userInChildGroup, access to delete should not fail. Yii::app()->user->userModel = $userInChildGroup; $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username); $this->setGetArray(array('id' => $lead3->id)); $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index')); //clear up the role relationships between users so not to effect next assertions $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $userInParentGroup->forget(); $userInChildGroup->forget(); $childGroup->forget(); $parentGroup->forget(); $userInParentGroup = User::getByUsername('nobody'); $userInChildGroup = User::getByUsername('confused'); $childGroup = Group::getByName('BBB'); $parentGroup = Group::getByName('AAA'); $parentGroup->users->remove($userInParentGroup); $parentGroup->groups->remove($childGroup); $this->assertTrue($parentGroup->save()); $childGroup->users->remove($userInChildGroup); $this->assertTrue($childGroup->save()); }
/** * Ensures another user can 'clone' an account they can see, but is not necessarily the owner and does not have * super privileges. */ public function testCopyingAModelOwnedByAnotherUserWhereYouHaveRestrictedAccess() { Yii::app()->user->userModel = User::getByUsername('super'); $account = AccountTestHelper::createAccountByNameForOwner('a super account', Yii::app()->user->userModel); //This will simulate sally having access to 'clone' the account. $sally = User::getByUserName('sally'); $account->addPermissions($sally, Permission::READ); $account->save(); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account, $sally); Yii::app()->user->userModel = User::getByUsername('sally'); $copyOfAccount = new Account(); ZurmoCopyModelUtil::copy($account, $copyOfAccount); $saved = $copyOfAccount->save(); $this->assertTrue($saved); }
/** * @depends testCreateStarredTables */ public function testUnmarkModelAsStarredForAllUsers() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $steven = UserTestHelper::createBasicUser('Steven'); $account = new Account(); $account->owner = $super; $account->name = 'Test Account'; $account->officePhone = '1234567890'; $account->addPermissions($steven, Permission::READ); $this->assertTrue($account->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account, $steven); StarredUtil::markModelAsStarred($account); Yii::app()->user->userModel = $steven; StarredUtil::markModelAsStarred($account); $starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id); $this->assertEquals(2, $starredRecords); StarredUtil::unmarkModelAsStarredForAllUsers($account); $starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id); $this->assertEquals(0, $starredRecords); }
/** * Given a SecurableItem, add and remove permissions * based on what the provided ExplicitReadWriteModelPermissions indicates should be done. * Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user * can effectively add permissions even if the current user is no longer the owner. * @param SecurableItem $securableItem * @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions * @param bool $validate * @return bool|void * @throws NotSupportedException */ public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate = false) { assert('$securableItem->id > 0'); $optimizeReadPermissions = $securableItem::hasReadPermissionsOptimization(); $securableItem->setTreatCurrentUserAsOwnerForPermissions(true); $saveSecurableItem = false; if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) { if ($securableItem->addPermissions($permitable, Permission::READ) && $optimizeReadPermissions) { if ($permitable instanceof Group) { AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem); } elseif ($permitable instanceof User) { AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem); } else { throw new NotSupportedException(); } } } } if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) { if ($securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER) && $optimizeReadPermissions) { if ($permitable instanceof Group) { AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem); } elseif ($permitable instanceof User) { AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem); } else { throw new NotSupportedException(); } } } } if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) { $securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW); if ($optimizeReadPermissions) { if ($permitable instanceof Group) { AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem); } elseif ($permitable instanceof User) { AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem); } else { throw new NotSupportedException(); } } } } if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) { $securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW); if ($optimizeReadPermissions) { if ($permitable instanceof Group) { AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem); } elseif ($permitable instanceof User) { AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable); ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem); } else { throw new NotSupportedException(); } } } } if ($saveSecurableItem) { $setBackToProcess = false; if ($securableItem->shouldProcessWorkflowOnSave()) { $securableItem->setDoNotProcessWorkflowOnSave(); $setBackToProcess = true; } $saved = $securableItem->save($validate); if ($setBackToProcess) { $securableItem->setProcessWorkflowOnSave(); } $securableItem->setTreatCurrentUserAsOwnerForPermissions(false); return $saved; } $securableItem->setTreatCurrentUserAsOwnerForPermissions(false); return true; }
/** * @depends testRegularUserSwitchingOwnershipLosesAccessToAccount */ public function testRegularUserBullkWriteWhereSomeItemsTheyDontHavePrivledgesToDoIt() { $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super'); $confused = User::getByUsername('confused'); $billy = User::getByUsername('billy'); $this->assertEquals(Right::DENY, $confused->getEffectiveRight('ZurmoModule', ZurmoModule::RIGHT_BULK_WRITE)); $confused->setRight('ZurmoModule', ZurmoModule::RIGHT_BULK_WRITE); $this->assertTrue($confused->save()); $account1 = AccountTestHelper::createAccountByNameForOwner('canUpdate', $confused); $account2 = AccountTestHelper::createAccountByNameForOwner('canUpdate2', $confused); $account3 = AccountTestHelper::createAccountByNameForOwner('cannotUpdate', $billy); $this->assertEquals($confused, $account1->owner); $this->assertEquals($confused, $account2->owner); $this->assertEquals($billy, $account3->owner); //Give confused user read access to $account3 $this->assertNotEquals($account3->owner->id, $confused->id); $this->assertEquals(Permission::NONE, $account3->getEffectivePermissions($confused)); $account3->addPermissions($confused, Permission::READ); $this->assertTrue($account3->save()); AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account3, $confused); $this->assertEquals(Permission::READ, $account3->getEffectivePermissions($confused)); //Make confused user the current user. Yii::app()->user->userModel = $confused; //Load MassEdit view for the 3 accounts. $selectedIds = $account1->id . ',' . $account2->id . ',' . $account3->id; // Not Coding Standard $this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => '')); // Not Coding Standard $this->resetPostArray(); $content = $this->runControllerWithNoExceptionsAndGetContent('accounts/default/massEdit'); $this->assertContains('<strong>3</strong> records selected for updating', $content); //Test trying to change the owner to super and trying to change name which is required, but leaving it blank. //This will result in a validation error, but since since the owner has been selected as super, we want //to make sure there are no exceptions and the validation appears in the user interface correctly. $this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => '', 'Account_page' => 1)); $this->setPostArray(array('Account' => array('name' => '', 'owner' => array('id' => $super->id)), 'MassEdit' => array('name' => 1, 'owner' => 1))); $content = $this->runControllerWithNoExceptionsAndGetContent('accounts/default/massEdit'); $this->assertContains('<strong>3</strong> records selected for updating', $content); //Now set office phone to a real value, keep owner set at super, and try again. This time the mass update //should be successful except for account3 which the confused user does not have write access too. $this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => '', 'Account_page' => 1)); $this->setPostArray(array('Account' => array('name' => '7799', 'owner' => array('id' => $super->id)), 'MassEdit' => array('name' => 1, 'owner' => 1))); $content = $this->runControllerWithRedirectExceptionAndGetContent('accounts/default/massEdit'); //Confirm the flash message shows the correct information that 1 failed. $this->assertContains('Successfully updated 2 records. 1 account skipped because you do not have sufficient permissions.', Yii::app()->user->getFlash('notification')); //Confirm updates are correct Yii::app()->user->userModel = $super; $account1 = Account::getById($account1->id); $account2 = Account::getById($account2->id); $account3 = Account::getById($account3->id); $this->assertEquals('7799', $account1->name); $this->assertEquals('7799', $account2->name); $this->assertEquals('cannotUpdate', $account3->name); $this->assertEquals($super->getFullName(), $account2->owner->getFullName()); $this->assertEquals($super->getFullName(), $account2->owner->getFullName()); $this->assertEquals($billy->getFullName(), $account3->owner->getFullName()); }