Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.
 All Data Structures Functions Variables Pages
ContactWebFormsRegularUserWalkthroughTest.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
48  {
49  public static function setUpBeforeClass()
50  {
51  parent::setUpBeforeClass();
52  $super = Yii::app()->user->userModel;
53 
54  //Setup test data owned by the super user.
55  ContactWebFormTestHelper::createContactWebFormByName("Web Form 1");
56  ContactWebFormTestHelper::createContactWebFormByName("Web Form 2");
57  ContactWebFormTestHelper::createContactWebFormByName("Web Form 3");
58  ContactWebFormTestHelper::createContactWebFormByName("Web Form 4");
59  //Setup default dashboard.
60  Dashboard::getByLayoutIdAndUser(Dashboard::DEFAULT_USER_LAYOUT_ID, $super);
62  }
63 
64  public function testRegularUserAllControllerActionsNoElevation()
65  {
66  //Create contact web form owned by user super.
67  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
68  $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('Web Form 5');
69  Yii::app()->user->userModel = User::getByUsername('nobody');
70 
71  //Now test all controller actions
72  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default');
73  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/index');
74  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/list');
75  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/create');
76  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
77  $this->setGetArray(array('id' => $contactWebForm->id));
78  $this->resetPostArray();
79  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
80  }
81 
86  {
87  //Now test peon with elevated rights to tabs /other available rights
88  $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
89 
90  //Now test peon with elevated rights to contact web forms
91  $nobody->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS);
92  $nobody->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS);
93  $nobody->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_DELETE_CONTACT_WEB_FORMS);
94  $this->assertTrue($nobody->save());
95 
96  //Test nobody with elevated rights.
97  Yii::app()->user->userModel = $nobody;
98  $content = $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/list');
99 
100  $this->assertContains('Billy Corgan', $content);
101  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/create');
102  //Test nobody can view an existing web forms he owns.
103  $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('webFormOwnedByNobody', $nobody);
104 
105  //At this point the listview for web forms should show the search/list and not the helper screen.
106  $content = $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/list');
107  $this->assertNotContains('Billy Corgan', $content);
108 
109  $this->setGetArray(array('id' => $contactWebForm->id));
110  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
111  }
112 
117  {
118  //Create contact web form owned by user super.
119  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
120  $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super);
121 
122  //Test nobody, access to edit and details should fail.
123  $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
124  $this->setGetArray(array('id' => $contactWebForm->id));
125  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
126  $this->setGetArray(array('id' => $contactWebForm->id));
127  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
128 
129  //give nobody access to read
130  Yii::app()->user->userModel = $super;
131  $contactWebForm->addPermissions($nobody, Permission::READ);
132  $this->assertTrue($contactWebForm->save());
134 
135  //Now the nobody user can access the details view.
136  Yii::app()->user->userModel = $nobody;
137  $this->setGetArray(array('id' => $contactWebForm->id));
138  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
139 
140  //Test nobody, access to edit should fail.
141  $this->setGetArray(array('id' => $contactWebForm->id));
142  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
143 
144  $contactWebFormId = $contactWebForm->id;
145  $contactWebForm->forget();
146  $contactWebForm = ContactWebForm::getById($contactWebFormId);
147  //give nobody access to read and write
148  Yii::app()->user->userModel = $super;
149  $contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
150  $this->assertTrue($contactWebForm->save());
153 
154  //Now the nobody user should be able to access the edit view and still the details view.
155  Yii::app()->user->userModel = $nobody;
156  $this->setGetArray(array('id' => $contactWebForm->id));
157  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
158  $this->setGetArray(array('id' => $contactWebForm->id));
159  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
160 
161  $contactWebFormId = $contactWebForm->id;
162  $contactWebForm->forget();
163  $contactWebForm = ContactWebForm::getById($contactWebFormId);
164  //revoke nobody access to read
165  Yii::app()->user->userModel = $super;
166  $contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
167  $this->assertTrue($contactWebForm->save());
169 
170  //Test nobody, access to detail should fail.
171  Yii::app()->user->userModel = $nobody;
172  $this->setGetArray(array('id' => $contactWebForm->id));
173  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
174  $this->setGetArray(array('id' => $contactWebForm->id));
175  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
176 
177  //create some roles
178  Yii::app()->user->userModel = $super;
179  $parentRole = new Role();
180  $parentRole->name = 'AAA';
181  $this->assertTrue($parentRole->save());
182 
183  $childRole = new Role();
184  $childRole->name = 'BBB';
185  $this->assertTrue($childRole->save());
186 
187  $userInParentRole = User::getByUsername('confused');
188  $userInChildRole = User::getByUsername('nobody');
189 
190  $childRole->users->add($userInChildRole);
191  $this->assertTrue($childRole->save());
192  $parentRole->users->add($userInParentRole);
193  $parentRole->roles->add($childRole);
194  $this->assertTrue($parentRole->save());
195  $userInChildRole->forget();
196  $userInChildRole = User::getByUsername('nobody');
197  $userInParentRole->forget();
198  $userInParentRole = User::getByUsername('confused');
199  $parentRoleId = $parentRole->id;
200  $parentRole->forget();
201  $parentRole = Role::getById($parentRoleId);
202  $childRoleId = $childRole->id;
203  $childRole->forget();
204  $childRole = Role::getById($childRoleId);
205  //create web form owned by super
206 
207  $contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super);
208 
209  //Test userInParentRole, access to details and edit should fail.
210  Yii::app()->user->userModel = $userInParentRole;
211  $this->setGetArray(array('id' => $contactWebForm2->id));
212  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
213  $this->setGetArray(array('id' => $contactWebForm2->id));
214  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
215 
216  //give userInChildRole access to READ
217  Yii::app()->user->userModel = $super;
218  $contactWebForm2->addPermissions($userInChildRole, Permission::READ);
219  $this->assertTrue($contactWebForm2->save());
221 
222  //Test userInChildRole, access to details should not fail.
223  Yii::app()->user->userModel = $userInChildRole;
224  $this->setGetArray(array('id' => $contactWebForm2->id));
225  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
226 
227  //Test userInParentRole, access to details should not fail.
228  Yii::app()->user->userModel = $userInParentRole;
229  $this->setGetArray(array('id' => $contactWebForm2->id));
230  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
231 
232  $contactWebFormId = $contactWebForm2->id;
233  $contactWebForm2->forget();
234  $contactWebForm2 = ContactWebForm::getById($contactWebFormId);
235 
236  //give userInChildRole access to read and write
237  Yii::app()->user->userModel = $super;
238  $contactWebForm2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
239  $this->assertTrue($contactWebForm2->save());
242 
243  //Test userInChildRole, access to edit should not fail.
244  Yii::app()->user->userModel = $userInChildRole;
245  $this->setGetArray(array('id' => $contactWebForm2->id));
246  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
247 
248  //Test userInParentRole, access to edit should not fail.
249  $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
250  $this->setGetArray(array('id' => $contactWebForm2->id));
251  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
252 
253  $contactWebFormId = $contactWebForm2->id;
254  $contactWebForm2->forget();
255  $contactWebForm2 = ContactWebForm::getById($contactWebFormId);
256  //revoke userInChildRole access to read and write
257  Yii::app()->user->userModel = $super;
258  $contactWebForm2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
259  $this->assertTrue($contactWebForm2->save());
261 
262  //Test userInChildRole, access to detail should fail.
263  Yii::app()->user->userModel = $userInChildRole;
264  $this->setGetArray(array('id' => $contactWebForm2->id));
265  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
266  $this->setGetArray(array('id' => $contactWebForm2->id));
267  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
268 
269  //Test userInParentRole, access to detail should fail.
270  Yii::app()->user->userModel = $userInParentRole;
271  $this->setGetArray(array('id' => $contactWebForm2->id));
272  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
273  $this->setGetArray(array('id' => $contactWebForm2->id));
274  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
275 
276  //clear up the role relationships between users so not to effect next assertions
277  $parentRole->users->remove($userInParentRole);
278  $parentRole->roles->remove($childRole);
279  $this->assertTrue($parentRole->save());
280  $childRole->users->remove($userInChildRole);
281  $this->assertTrue($childRole->save());
282 
283  //create some groups and assign users to groups
284  Yii::app()->user->userModel = $super;
285  $parentGroup = new Group();
286  $parentGroup->name = 'AAA';
287  $this->assertTrue($parentGroup->save());
288 
289  $childGroup = new Group();
290  $childGroup->name = 'BBB';
291  $this->assertTrue($childGroup->save());
292 
293  $userInChildGroup = User::getByUsername('confused');
294  $userInParentGroup = User::getByUsername('nobody');
295 
296  $childGroup->users->add($userInChildGroup);
297  $this->assertTrue($childGroup->save());
298  $parentGroup->users->add($userInParentGroup);
299  $parentGroup->groups->add($childGroup);
300  $this->assertTrue($parentGroup->save());
301  $parentGroup->forget();
302  $childGroup->forget();
303  $parentGroup = Group::getByName('AAA');
304  $childGroup = Group::getByName('BBB');
305 
306  //Add access for the confused user to ContactWebForms and creation of ContactWebForms.
307  $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS);
308  $userInChildGroup->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_CREATE_CONTACT_WEB_FORMS);
309  $this->assertTrue($userInChildGroup->save());
310 
311  //create web form owned by super
312  $contactWebForm3 = ContactWebFormTestHelper::createContactWebFormByName('testingParentGroupPermission', $super);
313 
314  //Test userInParentGroup, access to details and edit should fail.
315  Yii::app()->user->userModel = $userInParentGroup;
316  $this->setGetArray(array('id' => $contactWebForm3->id));
317  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
318  $this->setGetArray(array('id' => $contactWebForm3->id));
319  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
320 
321  //Test userInChildGroup, access to details and edit should fail.
322  Yii::app()->user->userModel = $userInChildGroup;
323  $this->setGetArray(array('id' => $contactWebForm3->id));
324  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
325  $this->setGetArray(array('id' => $contactWebForm3->id));
326  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
327 
328  //give parentGroup access to READ
329  Yii::app()->user->userModel = $super;
330  $contactWebForm3->addPermissions($parentGroup, Permission::READ);
331  $this->assertTrue($contactWebForm3->save());
333 
334  //Test userInParentGroup, access to details should not fail.
335  Yii::app()->user->userModel = $userInParentGroup;
336  $this->setGetArray(array('id' => $contactWebForm3->id));
337  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
338 
339  //Test userInChildGroup, access to details should not fail.
340  Yii::app()->user->userModel = $userInChildGroup;
341  $this->setGetArray(array('id' => $contactWebForm3->id));
342  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
343 
344  $contactWebFormId = $contactWebForm3->id;
345  $contactWebForm3->forget();
346  $contactWebForm3 = ContactWebForm::getById($contactWebFormId);
347  //give parentGroup access to read and write
348  Yii::app()->user->userModel = $super;
349  $contactWebForm3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
350  $this->assertTrue($contactWebForm3->save());
353 
354  //Test userInParentGroup, access to edit should not fail.
355  Yii::app()->user->userModel = $userInParentGroup;
356  $this->setGetArray(array('id' => $contactWebForm3->id));
357  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
358 
359  //Test userInChildGroup, access to edit should not fail.
360  Yii::app()->user->userModel = $userInChildGroup;
361  $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
362  $this->setGetArray(array('id' => $contactWebForm3->id));
363  $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
364 
365  $contactWebFormId = $contactWebForm3->id;
366  $contactWebForm3->forget();
367  $contactWebForm3 = ContactWebForm::getById($contactWebFormId);
368  //revoke parentGroup access to read and write
369  Yii::app()->user->userModel = $super;
370  $contactWebForm3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
371  $this->assertTrue($contactWebForm3->save());
373 
374  //Test userInChildGroup, access to detail should fail.
375  Yii::app()->user->userModel = $userInChildGroup;
376  $this->setGetArray(array('id' => $contactWebForm3->id));
377  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
378  $this->setGetArray(array('id' => $contactWebForm3->id));
379  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
380 
381  //Test userInParentGroup, access to detail should fail.
382  Yii::app()->user->userModel = $userInParentGroup;
383  $this->setGetArray(array('id' => $contactWebForm3->id));
384  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
385  $this->setGetArray(array('id' => $contactWebForm3->id));
386  $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
387 
388  //clear up the role relationships between users so not to effect next assertions
389  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
390  $userInParentGroup->forget();
391  $userInChildGroup->forget();
392  $childGroup->forget();
393  $parentGroup->forget();
394  $userInParentGroup = User::getByUsername('nobody');
395  $userInChildGroup = User::getByUsername('confused');
396  $childGroup = Group::getByName('BBB');
397  $parentGroup = Group::getByName('AAA');
398 
399  //clear up the role relationships between users so not to effect next assertions
400  $parentGroup->users->remove($userInParentGroup);
401  $parentGroup->groups->remove($childGroup);
402  $this->assertTrue($parentGroup->save());
403  $childGroup->users->remove($userInChildGroup);
404  $this->assertTrue($childGroup->save());
405  }
406 
411  {
412  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
413  $aUser = UserTestHelper::createBasicUser('aUser');
414  $aUser->setRight('ContactWebFormsModule', ContactWebFormsModule::RIGHT_ACCESS_CONTACT_WEB_FORMS);
415  $this->assertTrue($aUser->save());
416  $aUser = User::getByUsername('aUser');
417  $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormOwnedByaUser', $aUser);
418  $id = $contactWebForm->id;
419  $contactWebForm->forget();
420  unset($contactWebForm);
422  $content = $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default');
423  $this->assertNotContains('Fatal error: Method ContactWebForm::__toString() must not throw an exception', $content);
424  }
425  }
426 ?>
static securableItemLostPermissionsForUser(SecurableItem $securableItem, User $user)
static securableItemGivenPermissionsForUser(SecurableItem $securableItem, User $user)
static getByLayoutIdAndUser($layoutId, $user)
Definition: Dashboard.php:46
static securableItemLostReadPermissionsForUser(SecurableItem $securableItem, User $user)
Definition: Role.php:37
static rebuild($overwriteExistingTables=true, $forcePhp=false, $messageStreamer=null)
static getByUsername($username)
Definition: User.php:49
static securableItemLostReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
Definition: Group.php:37
static securableItemLostPermissionsForGroup(SecurableItem $securableItem, Group $group)
static getByName($name)
Definition: Group.php:57
static securableItemGivenReadPermissionsForUser(SecurableItem $securableItem, User $user)
static getById($id, $modelClassName=null)
logoutCurrentUserLoginNewUserAndGetByUsername($username)
runControllerWithNoExceptionsAndGetContent($route, $empty=false)
static securableItemGivenReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
static securableItemGivenPermissionsForGroup(SecurableItem $securableItem, Group $group)
Generated on Sat Aug 15 2020 07:10:29
Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.