/** * @return string content * @param EmailMessage object $emailMessage * @param User object $user */ public static function renderEmailMessageToMatchContent(EmailMessage $emailMessage, $user) { $userCanAccessContacts = RightsUtil::canUserAccessModule('ContactsModule', $user); $userCanAccessLeads = RightsUtil::canUserAccessModule('LeadsModule', $user); $userCanCreateContact = RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getCreateRight(), $user); $userCanCreateLead = RightsUtil::doesUserHaveAllowByRightName('LeadsModule', LeadsModule::getCreateRight(), $user); if ($userCanAccessLeads && $userCanAccessContacts) { $selectForm = new AnyContactSelectForm(); } elseif (!$userCanAccessLeads && $userCanAccessContacts) { $selectForm = new ContactSelectForm(); } else { $selectForm = new LeadSelectForm(); } if ($userCanCreateContact && $userCanCreateLead) { $gridSize = 3; } elseif ($userCanCreateContact || $userCanCreateLead) { $gridSize = 2; } else { $gridSize = 1; } $contact = new Contact(); self::resolveEmailAddressAndNameToContact($emailMessage, $contact); $view = new ArchivedEmailMatchingView('default', 'emailMessages', $emailMessage, $contact, $selectForm, $userCanAccessLeads, $userCanAccessContacts, $userCanCreateContact, $userCanCreateLead, $gridSize); return $view->render(); }
/** * @depends testListLead */ public function testUnprivilegedUserViewUpdateDeleteLead() { Yii::app()->user->userModel = User::getByUsername('super'); $notAllowedUser = UserTestHelper::createBasicUser('Steven'); $notAllowedUser->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API); $saved = $notAllowedUser->save(); $authenticationData = $this->login('steven', 'steven'); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME); $this->assertTrue($everyoneGroup->save()); $leads = Contact::getByName('Michael Smith'); $this->assertEquals(1, count($leads)); $data['department'] = "Support"; // Test with unprivileged user to view, edit and delete account. $authenticationData = $this->login('steven', 'steven'); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have rights to perform this action.', $response['message']); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have rights to perform this action.', $response['message']); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have rights to perform this action.', $response['message']); //now check if user have rights, but no permissions. $notAllowedUser->setRight('LeadsModule', LeadsModule::getAccessRight()); $notAllowedUser->setRight('LeadsModule', LeadsModule::getCreateRight()); $notAllowedUser->setRight('LeadsModule', LeadsModule::getDeleteRight()); $saved = $notAllowedUser->save(); $this->assertTrue($saved); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have permissions for this action.', $response['message']); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have permissions for this action.', $response['message']); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have permissions for this action.', $response['message']); // Update unprivileged user permissions $authenticationData = $this->login(); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); unset($data); $data['explicitReadWriteModelPermissions'] = array('type' => ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_EVERYONE_GROUP); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $authenticationData = $this->login('steven', 'steven'); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); unset($data); $data['department'] = "Support"; $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/update/' . $leads[0]->id, 'PUT', $headers, array('data' => $data)); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $this->assertEquals('Support', $response['data']['department']); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); $this->assertEquals('You do not have permissions for this action.', $response['message']); // Test with privileged user $authenticationData = $this->login(); $headers = array('Accept: application/json', 'ZURMO_SESSION_ID: ' . $authenticationData['sessionId'], 'ZURMO_TOKEN: ' . $authenticationData['token'], 'ZURMO_API_REQUEST_TYPE: REST'); //Test Delete $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/delete/' . $leads[0]->id, 'DELETE', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_SUCCESS, $response['status']); $response = ApiRestTestHelper::createApiCall($this->serverUrl . '/test.php/leads/contact/api/read/' . $leads[0]->id, 'GET', $headers); $response = json_decode($response, true); $this->assertEquals(ApiResponse::STATUS_FAILURE, $response['status']); }