/** * change general user permissions * @depends testModifyUserToAdmin * @var User $user */ public function testPermissionChanges() { $userGroup = User::getByName("unitTestUserGroup"); $username = $userGroup->getUsername(); $userGroup->setAdmin(false); $userGroup->save(); unset($userGroup); $userGroup = User::getByName($username); //test if admin is allowed all $permissionList = new User_Permission_Definition_List(); $permissionList->load(); $permissions = $permissionList->getDefinitions(); $setPermissions = array(); //gradually set all system permissions foreach ($permissions as $permission) { $userGroup->setPermission($permission->getKey()); $setPermissions[] = $permission->getKey(); $userGroup->save(); unset($userGroup); $userGroup = User::getByName($username); foreach ($setPermissions as $p) { $this->assertTrue($userGroup->isAllowed($p)); } } //remove system permissions $userGroup->setAllAclToFalse(); foreach ($setPermissions as $p) { $this->assertFalse($userGroup->isAllowed($p)); } //cannot list documents, assts, objects because no permissions by now $documentRoot = Document::getById(1); $documentRoot->getPermissionsForUser($userGroup); $this->assertFalse($documentRoot->isAllowed("list")); $objectRoot = Object_Abstract::getById(1); $objectRoot->getPermissionsForUser($userGroup); $this->assertFalse($objectRoot->isAllowed("list")); $assetRoot = Asset::getById(1); $assetRoot->getPermissionsForUser($userGroup); $this->assertFalse($assetRoot->isAllowed("list")); $objectFolder = new Object_Folder(); $objectFolder->setParentId(1); $objectFolder->setUserOwner(1); $objectFolder->setUserModification(1); $objectFolder->setCreationDate(time()); $objectFolder->setKey(uniqid() . rand(10, 99)); $objectFolder->save(); $documentFolder = Document_Folder::create(1, array("userOwner" => 1, "key" => uniqid() . rand(10, 99))); $assetFolder = Asset_Folder::create(1, array("filename" => uniqid() . "_data", "type" => "folder", "userOwner" => 1)); $user = User::getByName("unitTestUser"); $user->setAdmin(false); $user->save(); $userGroup->setPermission("objects"); $userGroup->setPermission("documents"); $userGroup->setPermission("assets"); $userGroup->save(); //test permissions with user group and user $this->permissionTest($objectRoot, $objectFolder, $userGroup, $user, $user, "object"); $this->permissionTest($assetRoot, $assetFolder, $userGroup, $user, $user, "asset"); $this->permissionTest($documentRoot, $documentFolder, $userGroup, $user, $user, "document"); //test permissions when there is no user group permissions $user = User::create(array("parentId" => 0, "username" => "unitTestUser2", "password" => md5("unitTestUser2"), "hasCredentials" => true, "active" => true)); unset($user); $user = User::getByName("unitTestUser2"); $user->setPermission("objects"); $user->setPermission("documents"); $user->setPermission("assets"); $user->save(); $this->assertTrue($user instanceof User and $user->getUsername() == "unitTestUser2"); $this->permissionTest($objectRoot, $objectFolder, null, $user, $user, "object"); $this->permissionTest($assetRoot, $assetFolder, null, $user, $user, "asset"); $this->permissionTest($documentRoot, $documentFolder, null, $user, $user, "document"); //test permissions when there is only user group permissions $user = User::create(array("parentId" => $userGroup->getId(), "username" => "unitTestUser3", "password" => md5("unitTestUser3"), "hasCredentials" => true, "active" => true)); unset($user); $user = User::getByName("unitTestUser3"); $this->assertTrue($user instanceof User and $user->getUsername() == "unitTestUser3"); $this->permissionTest($objectRoot, $objectFolder, $userGroup, null, $user, "object"); $this->permissionTest($assetRoot, $assetFolder, $userGroup, null, $user, "asset"); $this->permissionTest($documentRoot, $documentFolder, $userGroup, null, $user, "document"); }