public function testRegularUserAllDefaultControllerActions()
 {
     $marketingList = MarketingListTestHelper::createMarketingListByName('MarketingListName 01', 'MarketingListDescription 01');
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default');
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/index');
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/list');
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/create');
     $this->setGetArray(array('id' => $marketingList->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/edit');
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/details');
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/getInfoToCopyToCampaign');
     $this->setGetArray(array('term' => 'inexistant'));
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/autoComplete');
     $this->setGetArray(array('modalTransferInformation' => array('sourceIdFieldId' => 'Campaign_marketingList_id', 'sourceNameFieldId' => 'Campaign_marketingList_name', 'modalId' => 'modalContainer-edit-form')));
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/modalList');
     $this->resetGetArray();
     $this->user->setRight('MarketingListsModule', MarketingListsModule::getAccessRight());
     $this->assertTrue($this->user->save());
     $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default');
     $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/index');
     $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/list');
     $this->setGetArray(array('term' => 'inexistant'));
     $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/autoComplete');
     $this->setGetArray(array('id' => $marketingList->id));
     $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/getInfoToCopyToCampaign');
     $this->setGetArray(array('modalTransferInformation' => array('sourceIdFieldId' => 'Campaign_marketingList_id', 'sourceNameFieldId' => 'Campaign_marketingList_name', 'modalId' => 'modalContainer-edit-form')));
     $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/modalList');
     $this->setGetArray(array('id' => $marketingList->id));
     $content = $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/details');
     $this->assertContains('<p>To manage Marketing Lists you must have access to either contacts' . ' or leads. Contact the CRM administrator about this issue.</p>', $content);
     $this->resetGetArray();
     $this->user->setRight('MarketingListsModule', MarketingListsModule::getCreateRight());
     $this->assertTrue($this->user->save());
     $content = $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/create');
     $this->assertContains('<p>To manage Marketing Lists you must have access to either contacts' . ' or leads. Contact the CRM administrator about this issue.</p>', $content);
     $this->user->setRight('ContactsModule', ContactsModule::getAccessRight());
     $this->user->setRight('LeadsModule', LeadsModule::getAccessRight());
     $this->assertTrue($this->user->save());
     $this->setGetArray(array('id' => $marketingList->id));
     $content = $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/details');
     $this->assertNotContains('<p>To manage Marketing Lists you must have access to either contacts' . ' or leads. Contact the CRM administrator about this issue.</p>', $content);
     $this->resetGetArray();
     $this->user->setRight('MarketingListsModule', MarketingListsModule::getCreateRight());
     $this->assertTrue($this->user->save());
     $content = $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/create');
     $this->assertNotContains('<p>To manage Marketing Lists you must have access to either contacts' . ' or leads. Contact the CRM administrator about this issue.</p>', $content);
     $this->setGetArray(array('id' => $marketingList->id));
     $this->runControllerWithNoExceptionsAndGetContent('marketingLists/default/edit');
     $this->user->setRight('MarketingListsModule', MarketingListsModule::getDeleteRight());
     $this->assertTrue($this->user->save());
     $this->runControllerWithRedirectExceptionAndGetUrl('marketingLists/default/delete');
     $this->setGetArray(array('id' => static::$listOwnedBySuper->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/edit');
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/details');
     $this->runControllerShouldResultInAccessFailureAndGetContent('marketingLists/default/delete');
 }
示例#2
0
 /**
  * @depends testListLead
  */
 public function testUnprivilegedUserViewUpdateDeleteLead()
 {
     Yii::app()->user->userModel = User::getByUsername('super');
     $notAllowedUser = UserTestHelper::createBasicUser('Steven');
     $notAllowedUser->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
     $saved = $notAllowedUser->save();
     $authenticationData = $this->login('steven', 'steven');
     $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
     $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
     $this->assertTrue($everyoneGroup->save());
     $leads = Contact::getByName('Michael Smith');
     $this->assertEquals(1, count($leads));
     $data['department'] = "Support";
     // Test with unprivileged user to view, edit and delete account.
     $authenticationData = $this->login('steven', 'steven');
     $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers);
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
     $this->assertEquals('You do not have rights to perform this action.', $response['message']);
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data));
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
     $this->assertEquals('You do not have rights to perform this action.', $response['message']);
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers);
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
     $this->assertEquals('You do not have rights to perform this action.', $response['message']);
     //now check if user have rights, but no permissions.
     $notAllowedUser->setRight('LeadsModule', LeadsModule::getAccessRight());
     $notAllowedUser->setRight('LeadsModule', LeadsModule::getCreateRight());
     $notAllowedUser->setRight('LeadsModule', LeadsModule::getDeleteRight());
     $saved = $notAllowedUser->save();
     $this->assertTrue($saved);
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers);
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
     $this->assertEquals('You do not have permissions for this action.', $response['message']);
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data));
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
     $this->assertEquals('You do not have permissions for this action.', $response['message']);
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers);
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
     $this->assertEquals('You do not have permissions for this action.', $response['message']);
     // Update unprivileged user permissions
     $authenticationData = $this->login();
     $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
     unset($data);
     $data['explicitReadWriteModelPermissions'] = array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_EVERYONE_GROUP);
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data));
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
     $authenticationData = $this->login('steven', 'steven');
     $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers);
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
     unset($data);
     $data['department'] = "Support";
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data));
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
     $this->assertEquals('Support', $response['data']['department']);
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers);
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
     $this->assertEquals('You do not have permissions for this action.', $response['message']);
     // Test with privileged user
     $authenticationData = $this->login();
     $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
     //Test Delete
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers);
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']);
     $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers);
     $response = json_decode($response, true);
     $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']);
 }
 /**
  * Test if all newly created items was pulled from read permission tables via API.
  * Please note that here we do not test if data are inserted in read permission tables correctly, that is
  * part of read permission subscription tests
  * @throws NotFoundException
  * @throws NotImplementedException
  * @throws NotSupportedException
  */
 public function testGetCreatedLeads()
 {
     $timestamp = time();
     sleep(1);
     $super = User::getByUsername('super');
     Yii::app()->user->userModel = $super;
     $lisa = UserTestHelper::createBasicUser('Lisa');
     $lisa->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
     $lisa->setRight('LeadsModule', LeadsModule::getAccessRight());
     $this->assertTrue($lisa->save());
     $this->deleteAllModelsAndRecordsFromReadPermissionTable('Contact');
     $job = new ReadPermissionSubscriptionUpdateJob();
     ReadPermissionsOptimizationUtil::rebuild();
     $lead1 = LeadTestHelper::createLeadbyNameForOwner('Mike', $super);
     sleep(1);
     $lead2 = LeadTestHelper::createLeadbyNameForOwner('Jake', $super);
     sleep(1);
     $lead3 = LeadTestHelper::createLeadbyNameForOwner('Joe', $super);
     sleep(1);
     $lead1->primaryEmail->emailAddress = '*****@*****.**';
     $lead1->companyName = "IBM";
     $this->assertTrue($lead1->save());
     $lead2->primaryEmail->emailAddress = '*****@*****.**';
     $this->assertTrue($lead2->save());
     $lead3->primaryEmail->emailAddress = '*****@*****.**';
     $this->assertTrue($lead3->save());
     $this->assertTrue($job->run());
     $authenticationData = $this->login();
     $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
     $data = array('sinceTimestamp' => $timestamp, 'pagination' => array('pageSize' => 2, 'page' => 1));
     $response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data));
     $response = json_decode($response, true);
     $this->assertEquals(3, $response['data']['totalCount']);
     $this->assertEquals(2, $response['data']['pageSize']);
     $this->assertEquals(1, $response['data']['currentPage']);
     $this->assertEquals($lead1->id, $response['data']['items'][0]['id']);
     $this->assertEquals($super->id, $response['data']['items'][0]['owner']['id']);
     $this->assertEquals($lead1->firstName, $response['data']['items'][0]['firstName']);
     $this->assertEquals($lead1->lastName, $response['data']['items'][0]['lastName']);
     $this->assertEquals($lead1->companyName, $response['data']['items'][0]['companyName']);
     $this->assertEquals($lead1->primaryEmail->emailAddress, $response['data']['items'][0]['primaryEmail']['emailAddress']);
     $this->assertEquals($lead2->id, $response['data']['items'][1]['id']);
     $this->assertEquals($super->id, $response['data']['items'][1]['owner']['id']);
     $this->assertEquals($lead2->firstName, $response['data']['items'][1]['firstName']);
     $this->assertEquals($lead2->lastName, $response['data']['items'][1]['lastName']);
     $this->assertEquals($lead2->primaryEmail->emailAddress, $response['data']['items'][1]['primaryEmail']['emailAddress']);
     $data = array('sinceTimestamp' => 0, 'pagination' => array('pageSize' => 2, 'page' => 2));
     $response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data));
     $response = json_decode($response, true);
     $this->assertEquals(3, $response['data']['totalCount']);
     $this->assertEquals(2, $response['data']['pageSize']);
     $this->assertEquals(2, $response['data']['currentPage']);
     $this->assertEquals($lead3->id, $response['data']['items'][0]['id']);
     $this->assertEquals($super->id, $response['data']['items'][0]['owner']['id']);
     $this->assertEquals($lead3->firstName, $response['data']['items'][0]['firstName']);
     $this->assertEquals($lead3->lastName, $response['data']['items'][0]['lastName']);
     $this->assertEquals($lead3->primaryEmail->emailAddress, $response['data']['items'][0]['primaryEmail']['emailAddress']);
     // Change owner of $contact1, it should appear in Lisa's created contacts
     $lead1->owner = $lisa;
     $this->assertTrue($lead1->save());
     sleep(1);
     $this->assertTrue($job->run());
     $data = array('sinceTimestamp' => $timestamp, 'pagination' => array('pageSize' => 2, 'page' => 1));
     $response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data));
     $response = json_decode($response, true);
     $this->assertEquals(2, $response['data']['totalCount']);
     $this->assertEquals(2, $response['data']['pageSize']);
     $this->assertEquals(1, $response['data']['currentPage']);
     $this->assertEquals($lead2->id, $response['data']['items'][0]['id']);
     $this->assertEquals($super->id, $response['data']['items'][0]['owner']['id']);
     $this->assertEquals($lead2->firstName, $response['data']['items'][0]['firstName']);
     $this->assertEquals($lead2->lastName, $response['data']['items'][0]['lastName']);
     $this->assertEquals($lead2->companyName, $response['data']['items'][0]['companyName']);
     $this->assertEquals($lead2->primaryEmail->emailAddress, $response['data']['items'][0]['primaryEmail']['emailAddress']);
     $this->assertEquals($lead3->id, $response['data']['items'][1]['id']);
     $this->assertEquals($super->id, $response['data']['items'][1]['owner']['id']);
     $this->assertEquals($lead3->firstName, $response['data']['items'][1]['firstName']);
     $this->assertEquals($lead3->lastName, $response['data']['items'][1]['lastName']);
     $this->assertEquals($lead3->primaryEmail->emailAddress, $response['data']['items'][1]['primaryEmail']['emailAddress']);
     $authenticationData = $this->login('lisa', 'lisa');
     $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST');
     $data = array('sinceTimestamp' => $timestamp, 'pagination' => array('pageSize' => 2, 'page' => 1));
     $response = $this->createApiCallWithRelativeUrl('getCreatedItems/', 'POST', $headers, array('data' => $data));
     $response = json_decode($response, true);
     $this->assertEquals(1, $response['data']['totalCount']);
     $this->assertEquals(2, $response['data']['pageSize']);
     $this->assertEquals(1, $response['data']['currentPage']);
     $this->assertEquals($lead1->id, $response['data']['items'][0]['id']);
     $this->assertEquals($lisa->id, $response['data']['items'][0]['owner']['id']);
     $this->assertEquals($lead1->firstName, $response['data']['items'][0]['firstName']);
     $this->assertEquals($lead1->lastName, $response['data']['items'][0]['lastName']);
     $this->assertEquals($lead1->companyName, $response['data']['items'][0]['companyName']);
     $this->assertEquals($lead1->primaryEmail->emailAddress, $response['data']['items'][0]['primaryEmail']['emailAddress']);
 }