All Data Structures Functions Variables Pages
ContactsRegularUserWalkthroughTest.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
49  {
50  public static function setUpBeforeClass()
51  {
52  parent::setUpBeforeClass();
53 
54  //Setup test data owned by the super user.
55  $super = Yii::app()->user->userModel;
56  $account = AccountTestHelper::createAccountByNameForOwner('superAccount', $super);
57  AccountTestHelper::createAccountByNameForOwner ('superAccount2', $super);
58  ContactTestHelper::createContactWithAccountByNameForOwner('superContact', $super, $account);
59  ContactTestHelper::createContactWithAccountByNameForOwner('superContact2', $super, $account);
60  ContactTestHelper::createContactWithAccountByNameForOwner('superContact3', $super, $account);
61  ContactTestHelper::createContactWithAccountByNameForOwner('superContact4', $super, $account);
62  OpportunityTestHelper::createOpportunityStagesIfDoesNotExist ();
63  OpportunityTestHelper::createOpportunityWithAccountByNameForOwner('superOpp', $super, $account);
64  //Setup default dashboard.
65  Dashboard::getByLayoutIdAndUser (Dashboard::DEFAULT_USER_LAYOUT_ID, $super);
66  //Make contact DetailsAndRelations portlets
68  }
69 
70  public function testRegularUserAllControllerActionsNoElevation()
71  {
72  //todo: look at account regular user walkthrough for idea.
73  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
74  Yii::app()->user->userModel = $super;
75  $superAccountId = self::getModelIdByModelNameAndName ('Account', 'superAccount');
76  $contact = ContactTestHelper::createContactByNameForOwner('Switcheroo', $super);
77  Yii::app()->user->userModel = User::getByUsername('nobody');
78 
79  //Now test all portlet controller actions
80  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default');
81  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/index');
82  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/list');
83  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/create');
84  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
85 
86  $this->setGetArray(array('id' => $contact->id));
87  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
88  $this->setGetArray(array('selectedIds' => '4,5,6,7,8', 'selectAll' => '')); // Not Coding Standard
89  $this->resetPostArray();
90  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/massEdit');
91  $this->setGetArray(array('selectAll' => '1', 'Contact_page' => 2));
92  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/massEditProgressSave');
93 
94  //Autocomplete for Contact should fail.
95  $this->setGetArray(array('term' => 'super'));
96  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/autoComplete');
97 
98  //actionModalList should fail.
99  $this->setGetArray(array(
100  'modalTransferInformation' => array('sourceIdFieldId' => 'x', 'sourceNameFieldId' => 'y', 'modalId' => 'z')
101  ));
102  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/modalList');
103 
104  //actionDelete should fail.
105  $this->setGetArray(array('id' => $contact->id));
106  $this->resetPostArray();
107  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
108  }
109 
114  {
115  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
116  $superAccountId = self::getModelIdByModelNameAndName ('Account', 'superAccount');
117  Yii::app()->user->userModel = User::getByUsername('nobody');
118 
119  //Now test peon with elevated rights to contacts
120  $nobody = User::getByUsername('nobody');
121  $nobody->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS);
122  $nobody->setRight('ContactsModule', ContactsModule::RIGHT_CREATE_CONTACTS);
123  $nobody->setRight('ContactsModule', ContactsModule::RIGHT_DELETE_CONTACTS);
124  $this->assertTrue($nobody->save());
125 
126  //Test nobody with elevated rights.
127  Yii::app()->user->userModel = User::getByUsername('nobody');
128  $content = $this->runControllerWithNoExceptionsAndGetContent('contacts/default/list');
129  $this->assertContains('Arthur Conan', $content);
130  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/create');
131 
132  //Test nobody can view an existing contact he owns.
133  $contact = ContactTestHelper::createContactByNameForOwner('Switcheroo', $nobody);
134 
135  //At this point the listview for leads should show the search/list and not the helper screen.
136  $content = $this->runControllerWithNoExceptionsAndGetContent('contacts/default/list');
137  $this->assertNotContains('Arthur Conan', $content);
138  //Go to the a ccount editview.
139  $this->setGetArray(array('id' => $contact->id));
140  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/edit');
141 
142  //Test nobody can delete an existing contact he owns and it redirects to index.
143  $this->setGetArray(array('id' => $contact->id));
144  $this->resetPostArray();
145  $this->runControllerWithRedirectExceptionAndGetContent('contacts/default/delete',
146  Yii::app()->createUrl('contacts/default/index'));
147 
148  //Autocomplete for Contact should not fail.
149  $this->setGetArray(array('term' => 'super'));
150  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/autoComplete');
151 
152  //actionModalList for Contact should not fail.
153  $this->setGetArray(array(
154  'modalTransferInformation' => array('sourceIdFieldId' => 'x', 'sourceNameFieldId' => 'y', 'modalId' => 'z')
155  ));
156  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/modalList');
157 
158  //todo: more.
159  }
160 
165  {
166  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
167  $nobody = User::getByUsername('nobody');
168 
169  //Created contact owned by user super.
170  $contact = ContactTestHelper::createContactByNameForOwner('testingElavationToModel', $super);
171 
172  //Test nobody, access to edit, details and delete should fail.
173  Yii::app()->user->userModel = $nobody;
174  $this->setGetArray(array('id' => $contact->id));
175  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
176  $this->setGetArray(array('id' => $contact->id));
177  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
178  $this->setGetArray(array('id' => $contact->id));
179  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
180 
181  //give nobody access to read
182  Yii::app()->user->userModel = $super;
183  $contact->addPermissions($nobody, Permission::READ);
184  $this->assertTrue($contact->save());
186 
187  //Now the nobody user can access the details view.
188  Yii::app()->user->userModel = $nobody;
189  $this->setGetArray(array('id' => $contact->id));
190  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/details');
191 
192  //Test nobody, access to edit and delete should fail.
193  $this->setGetArray(array('id' => $contact->id));
194  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
195  $this->setGetArray(array('id' => $contact->id));
196  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
197 
198  //give nobody access to read and write
199  Yii::app()->user->userModel = $super;
200  $contact->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
201  $this->assertTrue($contact->save());
204 
205  //Now the nobody user should be able to access the edit view and still the details view.
206  Yii::app()->user->userModel = $nobody;
207  $this->setGetArray(array('id' => $contact->id));
208  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/details');
209  $this->setGetArray(array('id' => $contact->id));
210  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/edit');
211 
212  //Test nobody, access to delete should fail.
213  $this->setGetArray(array('id' => $contact->id));
214  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
215 
216  //revoke nobody access to read
217  Yii::app()->user->userModel = $super;
218  $contact->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
219  $this->assertTrue($contact->save());
221 
222  //Test nobody, access to detail, edit and delete should fail.
223  Yii::app()->user->userModel = $nobody;
224  $this->setGetArray(array('id' => $contact->id));
225  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
226  $this->setGetArray(array('id' => $contact->id));
227  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
228  $this->setGetArray(array('id' => $contact->id));
229  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
230 
231  //give nobody access to read, write and delete
232  Yii::app()->user->userModel = $super;
233  $contact->addPermissions($nobody, Permission::READ_WRITE_DELETE);
234  $this->assertTrue($contact->save());
236 
237  //Test nobody, access to delete should not fail.
238  Yii::app()->user->userModel = $nobody;
239  $this->setGetArray(array('id' => $contact->id));
240  $this->resetPostArray();
241  $this->runControllerWithRedirectExceptionAndGetContent('contacts/default/delete',
242  Yii::app()->createUrl('contacts/default/index'));
243 
244  Yii::app()->user->userModel = $super;
245  //create some roles
246  $parentRole = new Role();
247  $parentRole->name = 'AAA';
248  $this->assertTrue($parentRole->save());
249 
250  $childRole = new Role();
251  $childRole->name = 'BBB';
252  $this->assertTrue($childRole->save());
253 
254  $userInParentRole = User::getByUsername('confused');
255  $userInChildRole = User::getByUsername('nobody');
256 
257  $childRole->users->add($userInChildRole);
258  $this->assertTrue($childRole->save());
259  $parentRole->users->add($userInParentRole);
260  $parentRole->roles->add($childRole);
261  $this->assertTrue($parentRole->save());
262  $userInChildRole->forget();
263  $userInChildRole = User::getByUsername('nobody');
264  $userInParentRole->forget();
265  $userInParentRole = User::getByUsername('confused');
266  $parentRoleId = $parentRole->id;
267  $parentRole->forget();
268  $parentRole = Role::getById($parentRoleId);
269  $childRoleId = $childRole->id;
270  $childRole->forget();
271  $childRole = Role::getById($childRoleId);
272 
273  $contact2 = ContactTestHelper::createContactByNameForOwner('testingParentRolePermission', $super);
274 
275  //Test userInChildRole, access to details, edit and delete should fail.
276  Yii::app()->user->userModel = $userInChildRole;
277  $this->setGetArray(array('id' => $contact2->id));
278  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
279  $this->setGetArray(array('id' => $contact2->id));
280  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
281  $this->setGetArray(array('id' => $contact2->id));
282  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
283 
284  //Test userInParentRole, access to details, edit and delete should fail.
285  Yii::app()->user->userModel = $userInParentRole;
286  $this->setGetArray(array('id' => $contact2->id));
287  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
288  $this->setGetArray(array('id' => $contact2->id));
289  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
290  $this->setGetArray(array('id' => $contact2->id));
291  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
292 
293  //give userInChildRole access to READ
294  Yii::app()->user->userModel = $super;
295  $contact2->addPermissions($userInChildRole, Permission::READ);
296  $this->assertTrue($contact2->save());
298 
299  //Test userInChildRole, access to details should not fail.
300  Yii::app()->user->userModel = $userInChildRole;
301  $this->setGetArray(array('id' => $contact2->id));
302  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/details');
303 
304  //Test userInChildRole, access to edit and delete should fail.
305  $this->setGetArray(array('id' => $contact2->id));
306  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
307  $this->setGetArray(array('id' => $contact2->id));
308  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
309 
310  //Test userInParentRole, access to details should not fail.
311  Yii::app()->user->userModel = $userInParentRole;
312  $this->setGetArray(array('id' => $contact2->id));
313  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/details');
314 
315  //Test userInParentRole, access to edit and delete should fail.
316  $this->setGetArray(array('id' => $contact2->id));
317  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
318  $this->setGetArray(array('id' => $contact2->id));
319  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
320 
321  //give userInChildRole access to read and write
322  Yii::app()->user->userModel = $super;
323  $contact2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
324  $this->assertTrue($contact2->save());
327 
328  //Test userInChildRole, access to edit should not fail.
329  Yii::app()->user->userModel = $userInChildRole;
330  $this->setGetArray(array('id' => $contact2->id));
331  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/edit');
332 
333  //Test userInChildRole, access to delete should fail.
334  $this->setGetArray(array('id' => $contact2->id));
335  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
336 
337  //Test userInParentRole, access to edit should not fail.
338  $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
339  $this->setGetArray(array('id' => $contact2->id));
340  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/edit');
341 
342  //Test userInParentRole, access to delete should fail.
343  $this->setGetArray(array('id' => $contact2->id));
344  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
345 
346  //revoke userInChildRole access to read and write
347  Yii::app()->user->userModel = $super;
348  $contact2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
349  $this->assertTrue($contact2->save());
351 
352  //Test userInChildRole, access to detail, edit and delete should fail.
353  Yii::app()->user->userModel = $userInChildRole;
354  $this->setGetArray(array('id' => $contact2->id));
355  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
356  $this->setGetArray(array('id' => $contact2->id));
357  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
358  $this->setGetArray(array('id' => $contact2->id));
359  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
360 
361  //Test userInParentRole, access to detail, edit and delete should fail.
362  Yii::app()->user->userModel = $userInParentRole;
363  $this->setGetArray(array('id' => $contact2->id));
364  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
365  $this->setGetArray(array('id' => $contact2->id));
366  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
367  $this->setGetArray(array('id' => $contact2->id));
368  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
369 
370  //give userInChildRole access to read and write
371  Yii::app()->user->userModel = $super;
372  $contact2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
373  $this->assertTrue($contact2->save());
375 
376  //Test userInParentRole, access to delete should not fail.
377  Yii::app()->user->userModel = $userInParentRole;
378  $this->setGetArray(array('id' => $contact2->id));
379  $this->resetPostArray();
380  $this->runControllerWithRedirectExceptionAndGetContent('contacts/default/delete',
381  Yii::app()->createUrl('contacts/default/index'));
382 
383  $parentRole->users->remove($userInParentRole);
384  $parentRole->roles->remove($childRole);
385  $this->assertTrue($parentRole->save());
386  $childRole->users->remove($userInChildRole);
387  $this->assertTrue($childRole->save());
388 
389  Yii::app()->user->userModel = $super;
390  //create some groups and assign users to groups
391  $parentGroup = new Group();
392  $parentGroup->name = 'AAA';
393  $this->assertTrue($parentGroup->save());
394 
395  $childGroup = new Group();
396  $childGroup->name = 'BBB';
397  $this->assertTrue($childGroup->save());
398 
399  $userInChildGroup = User::getByUsername('confused');
400  $userInParentGroup = User::getByUsername('nobody');
401 
402  $childGroup->users->add($userInChildGroup);
403  $this->assertTrue($childGroup->save());
404  $parentGroup->users->add($userInParentGroup);
405  $parentGroup->groups->add($childGroup);
406  $this->assertTrue($parentGroup->save());
407  $parentGroup->forget();
408  $childGroup->forget();
409  $parentGroup = Group::getByName('AAA');
410  $childGroup = Group::getByName('BBB');
411 
412  //Add access for the confused user to contacts and creation of contacts.
413  $userInChildGroup->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS);
414  $userInChildGroup->setRight('ContactsModule', ContactsModule::RIGHT_CREATE_CONTACTS);
415  $userInChildGroup->setRight('ContactsModule', ContactsModule::RIGHT_DELETE_CONTACTS);
416  $this->assertTrue($userInChildGroup->save());
417 
418  $contact3 = ContactTestHelper::createContactByNameForOwner('testingParentGroupPermission', $super);
419 
420  //Test userInParentGroup, access to details, edit and delete should fail.
421  Yii::app()->user->userModel = $userInParentGroup;
422  $this->setGetArray(array('id' => $contact3->id));
423  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
424  $this->setGetArray(array('id' => $contact3->id));
425  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
426  $this->setGetArray(array('id' => $contact3->id));
427  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
428 
429  //Test userInChildGroup, access to details, edit and delete should fail.
430  Yii::app()->user->userModel = $userInChildGroup;
431  $this->setGetArray(array('id' => $contact3->id));
432  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
433  $this->setGetArray(array('id' => $contact3->id));
434  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
435  $this->setGetArray(array('id' => $contact3->id));
436  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
437 
438  //give parentGroup access to READ
439  Yii::app()->user->userModel = $super;
440  $contact3->addPermissions($parentGroup, Permission::READ);
441  $this->assertTrue($contact3->save());
443 
444  //Test userInParentGroup, access to details should not fail.
445  Yii::app()->user->userModel = $userInParentGroup;
446  $this->setGetArray(array('id' => $contact3->id));
447  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/details');
448 
449  //Test userInParentGroup, access to edit and delete should fail.
450  $this->setGetArray(array('id' => $contact3->id));
451  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
452  $this->setGetArray(array('id' => $contact3->id));
453  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
454 
455  //Test userInChildGroup, access to details should not fail.
456  Yii::app()->user->userModel = $userInChildGroup;
457  $this->setGetArray(array('id' => $contact3->id));
458  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/details');
459 
460  //Test userInChildGroup, access to edit and delete should fail.
461  $this->setGetArray(array('id' => $contact3->id));
462  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
463  $this->setGetArray(array('id' => $contact3->id));
464  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
465 
466  //give parentGroup access to read and write
467  Yii::app()->user->userModel = $super;
468  $contact3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
469  $this->assertTrue($contact3->save());
472 
473  //Test userInParentGroup, access to edit should not fail.
474  Yii::app()->user->userModel = $userInParentGroup;
475  $this->setGetArray(array('id' => $contact3->id));
476  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/edit');
477 
478  //Test userInParentGroup, access to delete should fail.
479  $this->setGetArray(array('id' => $contact3->id));
480  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
481 
482  //Test userInChildGroup, access to edit should not fail.
483  Yii::app()->user->userModel = $userInChildGroup;
484  $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
485  $this->setGetArray(array('id' => $contact3->id));
486  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/edit');
487 
488  //Test userInChildGroup, access to delete should fail.
489  $this->setGetArray(array('id' => $contact3->id));
490  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
491 
492  //revoke parentGroup access to read and write
493  Yii::app()->user->userModel = $super;
494  $contact3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
495  $this->assertTrue($contact3->save());
497 
498  //Test userInChildGroup, access to detail, edit and delete should fail.
499  Yii::app()->user->userModel = $userInChildGroup;
500  $this->setGetArray(array('id' => $contact3->id));
501  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
502  $this->setGetArray(array('id' => $contact3->id));
503  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
504  $this->setGetArray(array('id' => $contact3->id));
505  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
506 
507  //Test userInParentGroup, access to detail, edit and delete should fail.
508  Yii::app()->user->userModel = $userInParentGroup;
509  $this->setGetArray(array('id' => $contact3->id));
510  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/details');
511  $this->setGetArray(array('id' => $contact3->id));
512  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/edit');
513  $this->setGetArray(array('id' => $contact3->id));
514  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/delete');
515 
516  //give parentGroup access to read and write
517  Yii::app()->user->userModel = $super;
518  $contact3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
519  $this->assertTrue($contact3->save());
521 
522  //Test userInChildGroup, access to delete should not fail.
523  Yii::app()->user->userModel = $userInChildGroup;
524  $this->setGetArray(array('id' => $contact3->id));
525  $this->resetPostArray();
526  $this->runControllerWithRedirectExceptionAndGetContent('contacts/default/delete',
527  Yii::app()->createUrl('contacts/default/index'));
528 
529  //clear up the role relationships between users so not to effect next assertions
530  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
531  $userInParentGroup->forget();
532  $userInChildGroup->forget();
533  $childGroup->forget();
534  $parentGroup->forget();
535  $userInParentGroup = User::getByUsername('nobody');
536  $userInChildGroup = User::getByUsername('confused');
537  $childGroup = Group::getByName('BBB');
538  $parentGroup = Group::getByName('AAA');
539 
540  $parentGroup->users->remove($userInParentGroup);
541  $parentGroup->groups->remove($childGroup);
542  $this->assertTrue($parentGroup->save());
543  $childGroup->users->remove($userInChildGroup);
544  $this->assertTrue($childGroup->save());
545  }
546 
551  {
552  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
553  $confused = User::getByUsername('confused');
554  $nobody = User::getByUsername('nobody');
555  $this->assertEquals(Right::DENY, $confused->getEffectiveRight('ZurmoModule', ZurmoModule::RIGHT_BULK_DELETE));
556  $confused->setRight('ZurmoModule', ZurmoModule::RIGHT_BULK_DELETE);
557  //Load MassDelete view for the 3 contacts.
558  $contacts = Contact::getAll();
559  $this->assertEquals(5, count($contacts));
560  $contact1 = ContactTestHelper::createContactByNameForOwner('contactDelete1', $confused);
561  $contact2 = ContactTestHelper::createContactByNameForOwner('contactDelete2', $confused);
562  $contact3 = ContactTestHelper::createContactByNameForOwner('contactDelete3', $nobody);
563  $contact4 = ContactTestHelper::createContactByNameForOwner('contactDelete4', $confused);
564  $contact5 = ContactTestHelper::createContactByNameForOwner('contactDelete5', $confused);
565  $contact6 = ContactTestHelper::createContactByNameForOwner('contactDelete6', $nobody);
566  $contact7 = ContactTestHelper::createContactByNameForOwner('contactDelete7', $confused);
567  $contact8 = ContactTestHelper::createContactByNameForOwner('contactDelete8', $confused);
568  $contact9 = ContactTestHelper::createContactByNameForOwner('contactDelete9', $nobody);
569  $pageSize = Yii::app()->pagination->getForCurrentUserByType('massDeleteProgressPageSize');
570  $this->assertEquals(5, $pageSize);
571  $selectedIds = $contact1->id . ',' . $contact2->id . ',' . $contact3->id ; // Not Coding Standard
572  $this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => '')); // Not Coding Standard
573  $this->resetPostArray();
574  $content = $this->runControllerWithNoExceptionsAndGetContent('contacts/default/massDelete');
575  $this->assertContains('<strong>3</strong>&#160;Contacts selected for removal', $content);
576 
577  //calculating contacts after adding 9 new records
578  $contacts = Contact::getAll();
579  $this->assertEquals(14, count($contacts));
580  //Deleting 6 contacts for pagination scenario
581  //Run Mass Delete using progress save for page1
582  $selectedIds = $contact1->id . ',' . $contact2->id . ',' . // Not Coding Standard
583  $contact3->id . ',' . $contact4->id . ',' . // Not Coding Standard
584  $contact5->id . ',' . $contact6->id; // Not Coding Standard
585  $this->setGetArray(array(
586  'selectedIds' => $selectedIds, // Not Coding Standard
587  'selectAll' => '',
588  'Contact_page' => 1));
589  $this->setPostArray(array('selectedRecordCount' => 6));
590  $content = $this->runControllerWithExitExceptionAndGetContent('contacts/default/massDelete');
591  $contacts = Contact::getAll();
592  $this->assertEquals(9, count($contacts));
593 
594  //Run Mass Delete using progress save for page2
595  $selectedIds = $contact1->id . ',' . $contact2->id . ',' . // Not Coding Standard
596  $contact3->id . ',' . $contact4->id . ',' . // Not Coding Standard
597  $contact5->id . ',' . $contact6->id; // Not Coding Standard
598  $this->setGetArray(array(
599  'selectedIds' => $selectedIds, // Not Coding Standard
600  'selectAll' => '',
601  'Contact_page' => 2));
602  $this->setPostArray(array('selectedRecordCount' => 6));
603  $content = $this->runControllerWithNoExceptionsAndGetContent('contacts/default/massDeleteProgress');
604  $contacts = Contact::getAll();
605  $this->assertEquals(8, count($contacts));
606  }
607 
612  {
613  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
614  $confused = User::getByUsername('confused');
615  $billy = User::getByUsername('billy');
616 
617  //Load MassDelete view for the 8 contacts.
618  $contacts = Contact::getAll();
619  $this->assertEquals(8, count($contacts));
620  //Deleting all contacts
621 
622  //mass Delete pagination scenario
623  //Run Mass Delete using progress save for page1
624  $this->setGetArray(array(
625  'selectAll' => '1',
626  'Contact_page' => 1));
627  $this->setPostArray(array('selectedRecordCount' => 8));
628  $pageSize = Yii::app()->pagination->getForCurrentUserByType('massDeleteProgressPageSize');
629  $this->assertEquals(5, $pageSize);
630  $content = $this->runControllerWithExitExceptionAndGetContent('contacts/default/massDelete');
631  $contacts = Contact::getAll();
632  $this->assertEquals(3, count($contacts));
633 
634  //Run Mass Delete using progress save for page2
635  $this->setGetArray(array(
636  'selectAll' => '1',
637  'Contact_page' => 2));
638  $this->setPostArray(array('selectedRecordCount' => 8));
639  $pageSize = Yii::app()->pagination->getForCurrentUserByType('massDeleteProgressPageSize');
640  $this->assertEquals(5, $pageSize);
641  $content = $this->runControllerWithNoExceptionsAndGetContent('contacts/default/massDeleteProgress');
642  $contacts = Contact::getAll();
643  $this->assertEquals(0, count($contacts));
644  }
645 
646  public function testInlineCreateCommentFromAjax()
647  {
648  UserTestHelper::createBasicUser('sally');
649  $sally = $this->logoutCurrentUserLoginNewUserAndGetByUsername('sally');
650 
651  $contact = ContactTestHelper::createContactByNameForOwner('testContact2', $sally);
652  $this->setGetArray(array('id' => $contact->id, 'uniquePageId' => 'CommentInlineEditForModelView'));
653  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/inlineCreateCommentFromAjax');
654 
655  //Now test peon with elevated rights to accounts
656  $sally->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS);
657  $sally->setRight('ContactsModule', ContactsModule::RIGHT_CREATE_CONTACTS);
658  $sally->setRight('ContactsModule', ContactsModule::RIGHT_DELETE_CONTACTS);
659  $this->assertTrue($sally->save());
660  $contact->addPermissions($sally, Permission::READ_WRITE_CHANGE_PERMISSIONS);
661  $this->assertTrue($contact->save());
663 
664  $this->setGetArray(array('id' => $contact->id, 'uniquePageId' => 'CommentInlineEditForModelView'));
665  $this->runControllerWithNoExceptionsAndGetContent('contacts/default/inlineCreateCommentFromAjax');
666  }
667 
668  public function testAddAndRemoveSubscriberViaAjaxWithNormalUser()
669  {
670  $super = User::getByUsername('super');
671  $billy = $this->logoutCurrentUserLoginNewUserAndGetByUsername('billy');
672  $contact = ContactTestHelper::createContactByNameForOwner('testContact3', $billy);
673 
674  $this->setGetArray(array('id' => $contact->id));
675  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/removeSubscriber');
676  $this->setGetArray(array('id' => $contact->id));
677  $this->runControllerShouldResultInAccessFailureAndGetContent('contacts/default/addSubscriber');
678 
679  //Now test peon with elevated rights to accounts
680  $billy->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS);
681  $billy->setRight('ContactsModule', ContactsModule::RIGHT_CREATE_CONTACTS);
682  $billy->setRight('ContactsModule', ContactsModule::RIGHT_DELETE_CONTACTS);
683  $this->assertTrue($billy->save());
684  $contact->addPermissions($billy, Permission::READ_WRITE_CHANGE_PERMISSIONS);
685  $this->assertTrue($contact->save());
687 
688  //Test nobody with elevated rights.
689  Yii::app()->user->userModel = User::getByUsername('billy');
690 
691  $this->setGetArray(array('id' => $contact->id));
692  $content = $this->runControllerWithNoExceptionsAndGetContent('contacts/default/removeSubscriber', false);
693  $this->assertContains($billy->getFullName(), $content);
694  $this->assertEquals(1, $contact->notificationSubscribers->count());
695 
696  //Now super user would be added as a subscriber as he becomes the owner
697  $contact->owner = $super;
698  $this->assertTrue($contact->save());
699 
700  $content = $this->runControllerWithNoExceptionsAndGetContent('contacts/default/removeSubscriber', false);
701  $this->assertNotContains($billy->getFullName(), $content);
702  $this->assertEquals(1, $contact->notificationSubscribers->count());
703 
704  $this->assertFalse($this->checkIfUserFoundInSubscribersList($contact, $billy->id));
705 
706  $content = $this->runControllerWithNoExceptionsAndGetContent('contacts/default/addSubscriber', false);
707  $this->assertContains($billy->getFullName(), $content);
708  $this->assertEquals(2, $contact->notificationSubscribers->count());
709 
710  $this->assertTrue($this->checkIfUserFoundInSubscribersList($contact, $billy->id));
711  }
712 
713  private function checkIfUserFoundInSubscribersList($contact, $compareId)
714  {
715  $isUserFound = false;
716  $modelDerivationPathToItem = RuntimeUtil::getModelDerivationPathToItem('User');
717  foreach ($contact->notificationSubscribers as $subscriber)
718  {
719  $user = $subscriber->person->castDown(array($modelDerivationPathToItem));
720  if ($user->id == $compareId)
721  {
722  $isUserFound = true;
723  }
724  }
725  return $isUserFound;
726  }
727  }
728 ?>
static securableItemLostPermissionsForUser(SecurableItem $securableItem, User $user)
static securableItemGivenPermissionsForUser(SecurableItem $securableItem, User $user)
static getByLayoutIdAndUser($layoutId, $user)
Definition: Dashboard.php:46
static securableItemLostReadPermissionsForUser(SecurableItem $securableItem, User $user)
Definition: Role.php:37
static rebuild($overwriteExistingTables=true, $forcePhp=false, $messageStreamer=null)
static getByUsername($username)
Definition: User.php:49
runControllerWithRedirectExceptionAndGetContent($route, $compareUrl=null, $compareUrlContains=false)
static securableItemLostReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
Definition: Group.php:37
static securableItemLostPermissionsForGroup(SecurableItem $securableItem, Group $group)
static getByName($name)
Definition: Group.php:57
static securableItemGivenReadPermissionsForUser(SecurableItem $securableItem, User $user)
static getModelDerivationPathToItem($modelClassName)
Definition: RuntimeUtil.php:79
static getById($id, $modelClassName=null)
logoutCurrentUserLoginNewUserAndGetByUsername($username)
runControllerWithNoExceptionsAndGetContent($route, $empty=false)
static getAll($orderBy=null, $sortDescending=false, $modelClassName=null)
static securableItemGivenReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
static securableItemGivenPermissionsForGroup(SecurableItem $securableItem, Group $group)
Generated on Sat Feb 22 2020 07:10:29