示例#1
0
 public function testAddingUserToRole()
 {
     Yii::app()->user->userModel = User::getByUsername('super');
     $role = new Role();
     $role->name = 'myRole';
     $role->validate();
     $saved = $role->save();
     $this->assertTrue($saved);
     $benny = User::getByUsername('benny');
     //Add the role to benny
     $benny->role = $role;
     $saved = $benny->save();
     $this->assertTrue($saved);
     $roleId = $role->id;
     unset($role);
     $role = Role::getById($roleId);
     $this->assertEquals(1, $role->users->count());
     $this->assertTrue($role->users[0]->isSame($benny));
     //Now try adding billy to the role but from the other side, from the role side.
     $billy = User::getByUsername('billy');
     $role->users->add($billy);
     $saved = $role->save();
     $this->assertTrue($saved);
     $billy->forget();
     //need to forget billy otherwise it won't pick up the change. i tried unset(), test fails
     $billy = User::getByUsername('billy');
     $this->assertTrue($billy->role->id > 0);
     $this->assertTrue($billy->role->isSame($role));
 }
示例#2
0
文件: User.php 项目: elvyrra/hawk
 /**
  * Constructor
  *
  * @param array $data The data to set to the user
  */
 public function __construct($data = array())
 {
     parent::__construct($data);
     if (!empty($this->roleId)) {
         $this->role = Role::getById($this->roleId);
     }
 }
示例#3
0
 /**
  * Remove a role
  */
 public function remove()
 {
     $role = Role::getById($this->roleId);
     if ($role && $role->isRemovable()) {
         User::getDbInstance()->update(User::getTable(), new DBExample(array('roleId' => $role->id)), array('roleId' => Option::get('roles.default-role')));
         $role->delete();
     }
 }
 public function testMakeDataProviderBySearchAttributeData()
 {
     $role = Role::getById(self::$roleId);
     $searchAttributeData = UsersByModelModalListControllerUtil::makeModalSearchAttributeDataByModel($role, 'role');
     $dataProvider = UsersByModelModalListControllerUtil::makeDataProviderBySearchAttributeData($searchAttributeData);
     $this->assertTrue($dataProvider instanceof RedBeanModelDataProvider);
     $data = $dataProvider->getData();
     $this->assertEquals(1, count($data));
     $this->assertEquals($role->id, $data[0]->role->id);
 }
示例#5
0
 /**
  * Display the main page of the permission settings
  */
 public function index()
 {
     $permissionGroups = Permission::getAllGroupByPlugin();
     $example = isset($this->roleId) ? array('roleId' => $this->roleId) : array();
     $data = RolePermission::getListByExample(new DBExample($example));
     $values = array();
     foreach ($data as $value) {
         $values[$value->permissionId][$value->roleId] = $value->value;
     }
     $roles = isset($this->roleId) ? array(Role::getById($this->roleId)) : Role::getAll(null, array(), array(), true);
     $param = array('id' => 'permissions-form', 'fieldsets' => array('form' => array(), '_submits' => array(new SubmitInput(array('name' => 'valid', 'value' => Lang::get('main.valid-button'))))));
     foreach ($roles as $role) {
         foreach ($permissionGroups as $group => $permissions) {
             if (Plugin::get($group)) {
                 foreach ($permissions as $permission) {
                     if ($role->id == Role::ADMIN_ROLE_ID) {
                         $default = 1;
                     } elseif (isset($values[$permission->id][$role->id])) {
                         $default = $values[$permission->id][$role->id];
                     } else {
                         $default = 0;
                     }
                     $param['fieldsets']['form'][] = new CheckboxInput(array('name' => "permission-{$permission->id}-{$role->id}", 'disabled' => $role->id == Role::ADMIN_ROLE_ID || $role->id == Role::GUEST_ROLE_ID && !$permission->availableForGuests, 'default' => $default, 'class' => $permission->id == Permission::ALL_PRIVILEGES_ID ? 'select-all' : '', 'nl' => false));
                 }
             }
         }
     }
     $form = new Form($param);
     if (!$form->submitted()) {
         $page = View::make(Plugin::current()->getView("permissions.tpl"), array('permissions' => $permissionGroups, 'fields' => $form->inputs, 'roles' => $roles));
         return NoSidebarTab::make(array('icon' => 'unlock-alt', 'title' => Lang::get('permissions.page-title'), 'page' => $form->wrap($page)));
     } else {
         try {
             foreach ($form->inputs as $name => $field) {
                 if (preg_match('/^permission\\-(\\d+)\\-(\\d+)$/', $name, $match)) {
                     $permissionId = $match[1];
                     $roleId = $match[2];
                     $value = App::request()->getBody($name) ? 1 : 0;
                     if ($roleId != Role::ADMIN_ROLE_ID && !($roleId == Role::GUEST_ROLE_ID && !$permission->availableForGuests)) {
                         $permission = new RolePermission();
                         $permission->set(array('roleId' => $roleId, 'permissionId' => $permissionId, 'value' => $value));
                         $permission->save();
                     }
                 }
             }
             App::logger()->info('Permissions were succesfully updated');
             return $form->response(Form::STATUS_SUCCESS, Lang::get("roles.permissions-update-success"));
         } catch (Exception $e) {
             App::logger()->error('An error occured while updating permissions');
             return $form->response(Form::STATUS_ERROR, DEBUG_MODE ? $e->getMessage() : Lang::get("roles.permissions-update-error"));
         }
     }
 }
 /**
  * @param RedBeanModel $model
  * @param User $triggeredByUser
  * @return array
  */
 public function makeRecipients(RedBeanModel $model, User $triggeredByUser)
 {
     try {
         $role = Role::getById((int) $this->roleId);
     } catch (NotFoundException $e) {
         return array();
     }
     $recipients = array();
     foreach ($role->users as $user) {
         if ($user->primaryEmail->emailAddress != null) {
             $recipient = new EmailMessageRecipient();
             $recipient->toAddress = $user->primaryEmail->emailAddress;
             $recipient->toName = strval($user);
             $recipient->type = $this->audienceType;
             $recipient->personOrAccount = $user;
             $recipients[] = $recipient;
         }
     }
     return $recipients;
 }
 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create superAccount owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
     //Test nobody, access to details of superAccount should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $superAccount->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $superAccount->addPermissions($nobody, Permission::READ);
     $this->assertTrue($superAccount->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $superAccount->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create meeting for an superAccount using the super user
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount);
     //Test nobody, access to edit, details and delete of meeting should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to details view only
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody);
     //Now access to meetings view by Nobody should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Now access to meetings edit and delete by Nobody should fail
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to both details and edit view
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
     //Now access to meetings view and edit by Nobody should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Now access to meetings delete by Nobody should fail
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke the permission from the nobody user to access the meeting
     Yii::app()->user->userModel = $super;
     $meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody);
     //Now nobodys, access to edit, details and delete of meetings should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to both details and edit view
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
     //Now nobodys, access to delete of meetings should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create account owned by super
     $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $account2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $account2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($account2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $account2->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $account2->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create a meeting owned by super
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting2 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedBySuperForRole', $super, $account2);
     //Test userInChildRole, access to meetings details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to meetings details, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give userInChildRole access to READ permision for meetings
     Yii::app()->user->userModel = $super;
     $meeting2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting2, $userInChildRole);
     //Test userInChildRole, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInChildRole, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInParentRole, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give userInChildRole access to read and write for the meetings
     Yii::app()->user->userModel = $super;
     $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
     //Test userInChildRole, access to meetings edit should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInChildRole, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to meetings edit should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInParentRole, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke userInChildRole access to read and write meetings
     Yii::app()->user->userModel = $super;
     $meeting2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting2, $userInChildRole);
     //Test userInChildRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give userInChildRole access to read and write for the meetings
     Yii::app()->user->userModel = $super;
     $meeting2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting2->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting2, $userInChildRole);
     //Test userInParentRole, access to delete should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $meeting2->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to accounts and creation of accounts.
     $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
     $this->assertTrue($userInChildGroup->save());
     //create account owned by super
     $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
     //Test userInParentGroup, access to details should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //Test userInChildGroup, access to details should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $account3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($account3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($account3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //Test userInChildGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $account3->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create a meeting owned by super
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting3 = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('mettingCreatedBySuperForGroup', $super, $account3);
     //Add access for the confused user to accounts and creation of accounts.
     $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_ACCESS_MEETINGS);
     $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_CREATE_MEETINGS);
     $userInChildGroup->setRight('MeetingsModule', MeetingsModule::RIGHT_DELETE_MEETINGS);
     $this->assertTrue($userInChildGroup->save());
     //Test userInParentGroup, access to meetings details and edit should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInChildGroup, access to meetings details and edit should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $meeting3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($meeting3, $parentGroup);
     //Test userInParentGroup, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInParentGroup, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInChildGroup, access to meetings details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Test userInChildGroup, access to meetings edit and delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($meeting3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
     //Test userInParentGroup, access to edit meetings should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInParentGroup, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInChildGroup, access to edit meetings should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Test userInChildGroup, access to meetings delete should fail.
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke parentGroup access to meetings read and write
     Yii::app()->user->userModel = $super;
     $meeting3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($meeting3, $parentGroup);
     //Test userInChildGroup, access to meetings detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //Test userInParentGroup, access to meetings detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $meeting3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting3->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($meeting3, $parentGroup);
     //Test userInChildGroup, access to meetings delete should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $meeting3->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }
 public function testArePermissionsFlushedOnRemovingParentFromChildRole()
 {
     Contact::deleteAll();
     try {
         $role = Role::getByName('Parent');
         $role->delete();
     } catch (NotFoundException $e) {
     }
     try {
         $user = User::getByUsername('jim');
         $user->delete();
     } catch (NotFoundException $e) {
     }
     try {
         $user = User::getByUsername('jane');
         $user->delete();
     } catch (NotFoundException $e) {
     }
     // we could have used helpers to do a lot of the following stuff (such as creating users, roles,
     // etc) but we wanted to mimic user's interaction as closely as possible. Hence using walkthroughs
     // for everything
     // create Parent and Child Roles, Create Jim to be member of Child role
     // create parent role
     $this->resetGetArray();
     $this->setPostArray(array('Role' => array('name' => 'Parent')));
     $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/role/create');
     $parentRole = Role::getByName('Parent');
     $this->assertNotNull($parentRole);
     $this->assertEquals('Parent', strval($parentRole));
     $parentRoleId = $parentRole->id;
     // create child role
     $this->resetGetArray();
     $this->setPostArray(array('Role' => array('name' => 'Child', 'role' => array('id' => $parentRoleId))));
     $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/role/create');
     $childRole = Role::getByName('Child');
     $this->assertNotNull($childRole);
     $this->assertEquals('Child', strval($childRole));
     $parentRole->forgetAll();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forgetAll();
     $childRole = Role::getById($childRoleId);
     $this->assertEquals($childRole->id, $parentRole->roles[0]->id);
     // create jim's user
     $this->resetGetArray();
     $this->setPostArray(array('UserPasswordForm' => array('firstName' => 'Some', 'lastName' => 'Body', 'username' => 'jim', 'newPassword' => 'myPassword123', 'newPassword_repeat' => 'myPassword123', 'officePhone' => '456765421', 'userStatus' => 'Active', 'role' => array('id' => $childRoleId))));
     $this->runControllerWithRedirectExceptionAndGetContent('/users/default/create');
     $jim = User::getByUsername('jim');
     $this->assertNotNull($jim);
     $childRole->forgetAll();
     $childRole = Role::getById($childRoleId);
     $this->assertEquals($childRole->id, $jim->role->id);
     // give jim rights to contact's module
     $jim->setRight('ContactsModule', ContactsModule::getAccessRight());
     $jim->setRight('ContactsModule', ContactsModule::getCreateRight());
     $this->assertTrue($jim->save());
     $jim->forgetAll();
     $jim = User::getByUsername('jim');
     // create jane's user
     $this->resetGetArray();
     $this->setPostArray(array('UserPasswordForm' => array('firstName' => 'Some', 'lastName' => 'Body', 'username' => 'jane', 'newPassword' => 'myPassword123', 'newPassword_repeat' => 'myPassword123', 'officePhone' => '456765421', 'userStatus' => 'Active', 'role' => array('id' => $parentRoleId))));
     $this->runControllerWithRedirectExceptionAndGetContent('/users/default/create');
     $jane = User::getByUsername('jane');
     $this->assertNotNull($jane);
     $parentRole->forgetAll();
     $parentRole = Role::getById($parentRoleId);
     $this->assertEquals($parentRole->id, $jane->role->id);
     // give jane rights to contact's module, we need to do this because once the link between parent and child
     // role is broken jane won't be able to access the listview of contacts
     $jane->setRight('ContactsModule', ContactsModule::getAccessRight());
     $this->assertTrue($jane->save());
     $jane->forgetAll();
     $jane = User::getByUsername('jane');
     // create a contact from jim's account
     // create ContactStates
     ContactsModule::loadStartingData();
     // ensure contact states have been created
     $this->assertEquals(6, count(ContactState::GetAll()));
     $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim');
     // go ahead and create contact with parent role given readwrite.
     $startingState = ContactsUtil::getStartingState();
     $this->resetGetArray();
     $this->setPostArray(array('Contact' => array('firstName' => 'Jim', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id))));
     $url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create');
     $jimDoeContactId = intval(substr($url, strpos($url, 'id=') + 3));
     $jimDoeContact = Contact::getById($jimDoeContactId);
     $this->assertNotNull($jimDoeContact);
     $this->resetPostArray();
     $this->setGetArray(array('id' => $jimDoeContactId));
     $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
     $this->assertContains('Who can read and write Owner', $content);
     // create a contact using jane which she would see at all times
     $this->logoutCurrentUserLoginNewUserAndGetByUsername('jane');
     $this->resetGetArray();
     $this->setPostArray(array('Contact' => array('firstName' => 'Jane', 'lastName' => 'Doe', 'officePhone' => '456765421', 'state' => array('id' => $startingState->id))));
     $url = $this->runControllerWithRedirectExceptionAndGetUrl('/contacts/default/create');
     $janeDoeContactId = intval(substr($url, strpos($url, 'id=') + 3));
     $janeDoeContact = Contact::getById($jimDoeContactId);
     $this->assertNotNull($janeDoeContact);
     $this->resetPostArray();
     $this->setGetArray(array('id' => $janeDoeContactId));
     $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
     $this->assertContains('Who can read and write Owner', $content);
     // ensure jim can see that contact everywhere
     // jim should have access to see contact on list view
     $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim');
     $this->resetGetArray();
     // get the page, ensure the name of contact does show up there.
     $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default');
     $this->assertContains('Jim Doe</a></td><td>', $content);
     $this->assertNotContains('Jane Doe</a></td><td>', $content);
     // jim should have access to jimDoeContact's detail view
     $this->setGetArray(array('id' => $jimDoeContactId));
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
     // jim should have access to jimDoeContact's edit view
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit');
     // jim should not have access to janeDoeContact's detail view
     $this->setGetArray(array('id' => $janeDoeContactId));
     try {
         $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
         $this->fail('Accessing details action should have thrown ExitException');
     } catch (ExitException $e) {
         // just cleanup buffer
         $this->endAndGetOutputBuffer();
     }
     // jim should have access to janeDoeContact's edit view
     try {
         $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit');
         $this->fail('Accessing edit action should have thrown ExitException');
     } catch (ExitException $e) {
         // just cleanup buffer
         $this->endAndGetOutputBuffer();
     }
     // ensure jane can see that contact everywhere
     // jane should have access to see contact on list view
     $this->logoutCurrentUserLoginNewUserAndGetByUsername('jane');
     $this->resetGetArray();
     // get the page, ensure the name of contact does show up there.
     $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default');
     $this->assertContains('Jim Doe</a></td><td>', $content);
     $this->assertContains('Jane Doe</a></td><td>', $content);
     // jane should have access to jimDoeContact's detail view
     $this->setGetArray(array('id' => $jimDoeContactId));
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
     // jane should have access to jimDoeContact's edit view
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit');
     // jane should have access to janeDoeContact's detail view
     $this->setGetArray(array('id' => $janeDoeContactId));
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
     // jane should have access to janeDoeContact's edit view
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit');
     // unlink Parent role from child
     $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $this->setGetArray(array('id' => $childRoleId));
     $this->setPostArray(array('Role' => array('name' => 'Child', 'role' => array('id' => ''))));
     $this->runControllerWithRedirectExceptionAndGetUrl('/zurmo/role/edit');
     $childRole = Role::getByName('Child');
     $this->assertNotNull($childRole);
     $this->assertEquals('Child', strval($childRole));
     $parentRole->forgetAll();
     $parentRole = Role::getById($parentRoleId);
     $this->assertNotNull($parentRole);
     $this->assertCount(0, $parentRole->roles);
     // ensure jim can still see that contact everywhere
     // jim should have access to see contact on list view
     $this->logoutCurrentUserLoginNewUserAndGetByUsername('jim');
     $this->resetGetArray();
     // get the page, ensure the name of contact does show up there.
     $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default');
     $this->assertContains('Jim Doe</a></td><td>', $content);
     $this->assertNotContains('Jane Doe</a></td><td>', $content);
     // jim should have access to jimDoeContact's detail view
     $this->setGetArray(array('id' => $jimDoeContactId));
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
     // jim should have access to jimDoeContact's edit view
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit');
     // jim should not have access to janeDoeContact's detail view
     $this->setGetArray(array('id' => $janeDoeContactId));
     try {
         $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
         $this->fail('Accessing details action should have thrown ExitException');
     } catch (ExitException $e) {
         // just cleanup buffer
         $this->endAndGetOutputBuffer();
     }
     // jim should have access to janeDoeContact's edit view
     try {
         $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit');
         $this->fail('Accessing edit action should have thrown ExitException');
     } catch (ExitException $e) {
         // just cleanup buffer
         $this->endAndGetOutputBuffer();
     }
     // ensure jane can not see that contact anywhere
     // jane should have access to see contact on list view
     $this->logoutCurrentUserLoginNewUserAndGetByUsername('jane');
     $this->resetGetArray();
     // get the page, ensure the name of contact does not show up there.
     $content = $this->runControllerWithNoExceptionsAndGetContent('/contacts/default');
     $this->assertNotContains('Jim Doe</a></td><td>', $content);
     $this->assertContains('Jane Doe</a></td><td>', $content);
     // jane should have access to janeDoeContact's detail view
     $this->setGetArray(array('id' => $janeDoeContactId));
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
     // jane should have access to janeDoeContact's edit view
     $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit');
     // jane should not have access to jimDoeContact's detail view
     $this->setGetArray(array('id' => $jimDoeContactId));
     try {
         $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/details');
         $this->fail('Accessing details action should have thrown ExitException');
     } catch (ExitException $e) {
         // just cleanup buffer
         $this->endAndGetOutputBuffer();
     }
     // jane should not have access to jimDoeContact's edit view
     try {
         $this->runControllerWithNoExceptionsAndGetContent('/contacts/default/edit');
         $this->fail('Accessing edit action should have thrown ExitException');
     } catch (ExitException $e) {
         // just cleanup buffer
         $this->endAndGetOutputBuffer();
     }
 }
 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create project owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super);
     //Test nobody, access to edit and details should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ);
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test nobody, access to edit should fail.
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
     $projectId = $project->id;
     $project->forget();
     $project = Project::getById($projectId);
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     //TODO :Its wierd that giving opportunity errors
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project->id;
     $project->forget();
     $project = Project::getById($projectId);
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody);
     //Test nobody, access to detail should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create project owned by super
     $project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $projectId = $project2->id;
     $project2->forget();
     $project2 = Project::getById($projectId);
     //give userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     //Test userInParentRole, access to edit should not fail.
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project2->id;
     $project2->forget();
     $project2 = Project::getById($projectId);
     //revoke userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to detail should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //Test userInParentRole, access to detail should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to Products and creation of Products.
     $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_ACCESS_PROJECTS);
     $userInChildGroup->setRight('ProjectsModule', ProjectsModule::RIGHT_CREATE_PROJECTS);
     $this->assertTrue($userInChildGroup->save());
     //create project owned by super
     $project3 = ProjectTestHelper::createProjectByNameForOwner('testingParentGroupPermission', $super);
     //Test userInParentGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //Test userInChildGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $project3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($project3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($project3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test userInChildGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $projectId = $project3->id;
     $project3->forget();
     $project3 = Project::getById($projectId);
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($project3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($project3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($project3, $parentGroup);
     //Test userInParentGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     //Test userInChildGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project3->id;
     $project3->forget();
     $project3 = Project::getById($projectId);
     //revoke parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $project3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($project3, $parentGroup);
     //Test userInChildGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //Test userInParentGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     //clear up the role relationships between users so not to effect next assertions
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }
 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create contact web form owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super);
     //Test nobody, access to edit and details should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $contactWebForm->addPermissions($nobody, Permission::READ);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test nobody, access to edit should fail.
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm->id;
     $contactWebForm->forget();
     $contactWebForm = ContactWebForm::getById($contactWebFormId);
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm->id;
     $contactWebForm->forget();
     $contactWebForm = ContactWebForm::getById($contactWebFormId);
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
     //Test nobody, access to detail should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create web form owned by super
     $contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $contactWebForm2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $contactWebFormId = $contactWebForm2->id;
     $contactWebForm2->forget();
     $contactWebForm2 = ContactWebForm::getById($contactWebFormId);
     //give userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     //Test userInParentRole, access to edit should not fail.
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm2->id;
     $contactWebForm2->forget();
     $contactWebForm2 = ContactWebForm::getById($contactWebFormId);
     //revoke userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to detail should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //Test userInParentRole, access to detail should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to ContactWebForms and creation of ContactWebForms.
     $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS);
     $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS);
     $this->assertTrue($userInChildGroup->save());
     //create web form owned by super
     $contactWebForm3 = ContactWebFormTestHelper::createContactWebFormByName('testingParentGroupPermission', $super);
     //Test userInParentGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //Test userInChildGroup, access to details and edit should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $contactWebForm3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($contactWebForm3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($contactWebForm3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test userInChildGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $contactWebFormId = $contactWebForm3->id;
     $contactWebForm3->forget();
     $contactWebForm3 = ContactWebForm::getById($contactWebFormId);
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($contactWebForm3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm3, $parentGroup);
     //Test userInParentGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     //Test userInChildGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm3->id;
     $contactWebForm3->forget();
     $contactWebForm3 = ContactWebForm::getById($contactWebFormId);
     //revoke parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($contactWebForm3, $parentGroup);
     //Test userInChildGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //Test userInParentGroup, access to detail should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     //clear up the role relationships between users so not to effect next assertions
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }
示例#11
0
 protected function beforeSave()
 {
     if (parent::beforeSave()) {
         if (isset($this->originalAttributeValues['role']) && $this->originalAttributeValues['role'][1] > 0) {
             //copy to new object, so we can populate the old parent role as the related role.
             //otherwise it gets passed by reference. We need the old $this->role information to properly
             //utilize the roleParentBeingRemoved method.
             $role = unserialize(serialize($this));
             $role->role = Role::getById($this->originalAttributeValues['role'][1]);
             AllPermissionsOptimizationUtil::roleParentBeingRemoved($role);
             ReadPermissionsSubscriptionUtil::roleParentBeingRemoved();
             assert('$this->originalAttributeValues["role"][1] != $this->role->id');
         }
         return true;
     } else {
         return false;
     }
 }
 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create lead owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super);
     //Test nobody, access to edit, details and delete should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test nobody, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test nobody, access to delete should fail.
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody);
     //Test nobody, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
     //now nobody should be able to delete a lead
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create lead owned by super
     $lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super);
     //Test userInChildRole, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $lead2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInChildRole, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInParentRole, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead2, $userInChildRole);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
     //Test userInChildRole, access to edit and delete should not fail and also detaisl view must be accessible.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInChildRole, access to delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to edit should not fail.
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInParentRole, access to delete should fail.
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke userInChildRole access to read and write
     Yii::app()->user->userModel = $super;
     $lead2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead2, $userInChildRole);
     //Test userInChildRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentRole, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give userInChildRole access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead2->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead2, $userInChildRole);
     //Test userInParentRole, access to delete should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //clear up the role relationships between users so not to effect next assertions
     $parentRole->users->remove($userInParentRole);
     $parentRole->roles->remove($childRole);
     $this->assertTrue($parentRole->save());
     $childRole->users->remove($userInChildRole);
     $this->assertTrue($childRole->save());
     //create some groups and assign users to groups
     Yii::app()->user->userModel = $super;
     $parentGroup = new Group();
     $parentGroup->name = 'AAA';
     $this->assertTrue($parentGroup->save());
     $childGroup = new Group();
     $childGroup->name = 'BBB';
     $this->assertTrue($childGroup->save());
     $userInChildGroup = User::getByUsername('confused');
     $userInParentGroup = User::getByUsername('nobody');
     $childGroup->users->add($userInChildGroup);
     $this->assertTrue($childGroup->save());
     $parentGroup->users->add($userInParentGroup);
     $parentGroup->groups->add($childGroup);
     $this->assertTrue($parentGroup->save());
     $parentGroup->forget();
     $childGroup->forget();
     $parentGroup = Group::getByName('AAA');
     $childGroup = Group::getByName('BBB');
     //Add access for the confused user to leads and creation of leads.
     $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
     $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS);
     $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS);
     $this->assertTrue($userInChildGroup->save());
     //create lead owned by super
     $lead3 = LeadTestHelper::createLeadByNameForOwner('leadsParentGroupPermission', $super);
     //Test userInParentGroup, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInChildGroup, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give parentGroup access to READ
     Yii::app()->user->userModel = $super;
     $lead3->addPermissions($parentGroup, Permission::READ);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($lead3, $parentGroup);
     //Test userInParentGroup, access to details should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInParentGroup, access to delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInChildGroup, access to edit and details should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test userInChildGroup, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $lead3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($lead3, $parentGroup);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
     //Test userInParentGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInParentGroup, access to delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInChildGroup, access to edit should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test userInChildGroup, access to delete should fail.
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke parentGroup access to read and write
     Yii::app()->user->userModel = $super;
     $lead3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($lead3, $parentGroup);
     //Test userInChildGroup, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //Test userInParentGroup, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $userInParentGroup;
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give parentGroup access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead3->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($lead3, $parentGroup);
     //Test userInChildGroup, access to delete should not fail.
     Yii::app()->user->userModel = $userInChildGroup;
     $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
     $this->setGetArray(array('id' => $lead3->id));
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //clear up the role relationships between users so not to effect next assertions
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $userInParentGroup->forget();
     $userInChildGroup->forget();
     $childGroup->forget();
     $parentGroup->forget();
     $userInParentGroup = User::getByUsername('nobody');
     $userInChildGroup = User::getByUsername('confused');
     $childGroup = Group::getByName('BBB');
     $parentGroup = Group::getByName('AAA');
     $parentGroup->users->remove($userInParentGroup);
     $parentGroup->groups->remove($childGroup);
     $this->assertTrue($parentGroup->save());
     $childGroup->users->remove($userInChildGroup);
     $this->assertTrue($childGroup->save());
 }
示例#13
0
 public function actionUsersInRoleModalList($id)
 {
     $model = Role::getById((int) $id);
     ControllerSecurityUtil::resolveAccessCanCurrentUserReadModel($model);
     $searchAttributeData = UsersByRoleModalListControllerUtil::makeModalSearchAttributeDataByRoleModel($model);
     $dataProvider = UsersByRoleModalListControllerUtil::makeDataProviderBySearchAttributeData($searchAttributeData);
     Yii::app()->getClientScript()->setToAjaxMode();
     echo UsersByRoleModalListControllerUtil::renderList($this, $dataProvider);
 }
示例#14
0
 /**
  * @param DemoDataHelper $demoDataHelper
  */
 public function makeAll(&$demoDataHelper)
 {
     assert('$demoDataHelper instanceof DemoDataHelper');
     assert('$demoDataHelper->isSetRange("Group")');
     assert('$demoDataHelper->isSetRange("Role")');
     $super = User::getByUsername('super');
     $email = new Email();
     $email->emailAddress = static::resolveDemoEmailAddress('Super.test');
     $super->primaryEmail = $email;
     $saved = $super->save();
     assert('$saved');
     UserConfigurationFormAdapter::setValue($super, true, 'turnOffEmailNotifications');
     $userAvatarForm = new UserAvatarForm($super);
     $userAvatarForm->avatarType = User::AVATAR_TYPE_PRIMARY_EMAIL;
     $saved = $userAvatarForm->save();
     assert('$saved');
     $user = new User();
     $this->populateModel($user);
     $user->username = '******';
     $user->title->value = 'Sir';
     $user->firstName = 'Jason';
     $user->lastName = 'Blue';
     $user->lastLoginDateTime = DateTimeUtil::convertTimestampToDbFormatDateTime(time());
     $email = new Email();
     $email->emailAddress = static::resolveDemoEmailAddress('Jason.Blue');
     $user->primaryEmail = $email;
     $user->setPassword($user->username);
     $saved = $user->save();
     assert('$saved');
     UserConfigurationFormAdapter::setValue($user, true, 'turnOffEmailNotifications');
     $userAvatarForm = new UserAvatarForm($user);
     $userAvatarForm->avatarType = User::AVATAR_TYPE_PRIMARY_EMAIL;
     $saved = $userAvatarForm->save();
     assert('$saved');
     $userStartId = $user->id;
     $roleIdRange = $demoDataHelper->getRangeByModelName('Role');
     $role = Role::getById($roleIdRange['startId']);
     assert('$role instanceof Role');
     $role->users->add($user);
     $saved = $role->save();
     assert('$saved');
     foreach (array('jim' => 'Mr.', 'john' => 'Mr.', 'sally' => 'Dr.', 'mary' => 'Mrs.', 'katie' => 'Ms.', 'jill' => 'Ms.', 'sam' => 'Mr.') as $username => $title) {
         $user = new User();
         $this->populateModel($user);
         $user->username = $username;
         $user->setPassword($user->username);
         $user->title->value = $title;
         $user->firstName = ucfirst($username);
         $user->lastName = 'Smith';
         $email = new Email();
         $email->emailAddress = static::resolveDemoEmailAddress($user->firstName);
         $user->primaryEmail = $email;
         $user->lastLoginDateTime = DateTimeUtil::convertTimestampToDbFormatDateTime(time());
         $saved = $user->save();
         assert('$saved');
         UserConfigurationFormAdapter::setValue($user, true, 'turnOffEmailNotifications');
         $userAvatarForm = new UserAvatarForm($user);
         $userAvatarForm->avatarType = User::AVATAR_TYPE_PRIMARY_EMAIL;
         $saved = $userAvatarForm->save();
         assert('$saved');
         $roleIdRange = $demoDataHelper->getRangeByModelName('Role');
         $role = Role::getById($roleIdRange['startId'] + 1);
         assert('$role instanceof Role');
         $role->users->add($user);
         $saved = $role->save();
         assert('$saved');
     }
     $demoDataHelper->setRangeByModelName('User', $userStartId, $user->id);
 }
示例#15
0
 /**
  * If a user is removed from a role, raise two events signaling a potential change in
  * Rights/Policies for this user.
  * @see Item::beforeSave()
  */
 protected function beforeSave()
 {
     if (parent::beforeSave()) {
         if (isset($this->originalAttributeValues['role']) && $this->originalAttributeValues['role'][1] > 0) {
             AllPermissionsOptimizationUtil::userBeingRemovedFromRole($this, Role::getById($this->originalAttributeValues['role'][1]));
             $this->onChangeRights();
             $this->onChangePolicies();
         }
         return true;
     } else {
         return false;
     }
 }
示例#16
0
 /**
  * @depends testAddingUserToRoleWithNoParentsAndNoUsers
  */
 public function testAddingUserToRoleWithNoParentsAndOneUser()
 {
     // create a role with no parents
     $role = $this->createRole('twoUsers');
     // create 2 users
     $users = UserTestHelper::generateBasicUsers(2);
     foreach ($users as $user) {
         $this->addUserToRole($user, $role);
     }
     // ensure we have got the user part of the role.
     $roleId = $role->id;
     $role->forgetAll();
     unset($role);
     $role = Role::getById($roleId);
     $this->assertEquals(count($users), $role->users->count());
     foreach ($users as $i => $user) {
         $this->assertTrue($role->users[$i]->isSame($user));
     }
     $this->roleWithTwoUsers = $role;
 }