All Data Structures Functions Variables Pages
ControllerSecurityUtilTest.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
38  {
39  public static function setUpBeforeClass()
40  {
41  parent::setUpBeforeClass();
42  ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures();
43  SecurityTestHelper::createSuperAdmin();
44  Yii::app()->user->userModel = User::getByUsername('super');
45  SecurityTestHelper::createUsers();
46  SecurityTestHelper::createGroups();
47  SecurityTestHelper::createAccounts();
49  }
50 
51  public function setUp()
52  {
53  parent::setUp();
54  Yii::app()->clientScript->reset();
55  }
56 
57  public function testResolveAccessCanCurrentUserWriteModule()
58  {
59  $betty = User::getByUsername('betty');
60  Yii::app()->user->userModel = $betty;
61  TestHelpers::createControllerAndModuleByRoute('accounts/default');
62  $this->startOutputBuffer();
63  try
64  {
66  $this->endPrintOutputBufferAndFail();
67  }
68  catch (ExitException $e)
69  {
70  $content = $this->endAndGetOutputBuffer();
71  $this->assertEquals('failure', $content);
72  }
73  $this->startOutputBuffer();
74  try
75  {
77  $this->endPrintOutputBufferAndFail();
78  }
79  catch (ExitException $e)
80  {
81  $compareString = 'You have tried to access a page you do not have access to';
82  $this->assertContains($compareString, $this->endAndGetOutputBuffer());
83  }
84 
85  $super = User::getByUsername('super');
86  Yii::app()->user->userModel = $super;
87  TestHelpers::createControllerAndModuleByRoute('accounts/default');
88  $this->startOutputBuffer();
89  try
90  {
93  $content = $this->endAndGetOutputBuffer();
94  $this->assertEquals(null, $content);
95  }
96  catch (ExitException $e)
97  {
98  $this->endPrintOutputBufferAndFail();
99  }
100  }
101 
102  public function testResolveAccessCanCurrentUserReadModel()
103  {
104  Yii::app()->user->userModel = User::getByUsername('super');
105  $accounts = Account::getByName('Supermart');
106  $this->assertEquals(1, count($accounts));
107  $betty = User::getByUsername('betty');
108  Yii::app()->user->userModel = $betty;
109  TestHelpers::createControllerAndModuleByRoute('accounts/default');
110  $this->startOutputBuffer();
111  try
112  {
114  $this->endPrintOutputBufferAndFail();
115  }
116  catch (ExitException $e)
117  {
118  $content = $this->endAndGetOutputBuffer();
119  $this->assertEquals('failure', $content);
120  }
121  $this->startOutputBuffer();
122  try
123  {
125  $this->endPrintOutputBufferAndFail();
126  }
127  catch (ExitException $e)
128  {
129  $compareString = 'You have tried to access a page you do not have access to';
130  $this->assertContains($compareString, $this->endAndGetOutputBuffer());
131  }
132  Yii::app()->user->userModel = User::getByUsername('super');
133  $account = AccountTestHelper::createAccountByNameForOwner('BettyInc', $betty);
134  $this->startOutputBuffer();
135  try
136  {
139  $content = $this->endAndGetOutputBuffer();
140  $this->assertEquals(null, $content);
141  }
142  catch (ExitException $e)
143  {
144  $this->endPrintOutputBufferAndFail();
145  }
146  }
147 
152  {
153  Yii::app()->user->userModel = User::getByUsername('super');
154  $accounts = Account::getByName('Supermart');
155  $this->assertEquals(1, count($accounts));
156  $betty = User::getByUsername('betty');
157  Yii::app()->user->userModel = $betty;
158 
159  $this->startOutputBuffer();
160  try
161  {
163  $this->endPrintOutputBufferAndFail();
164  }
165  catch (ExitException $e)
166  {
167  $content = $this->endAndGetOutputBuffer();
168  $this->assertEquals('failure', $content);
169  }
170  $this->startOutputBuffer();
171  try
172  {
174  $this->endPrintOutputBufferAndFail();
175  }
176  catch (ExitException $e)
177  {
178  $compareString = 'You have tried to access a page you do not have access to';
179  $this->assertContains($compareString, $this->endAndGetOutputBuffer());
180  }
181 
182  $accounts = Account::getByName('BettyInc');
183  $this->assertEquals(1, count($accounts));
184  $account = $accounts[0];
185  $this->startOutputBuffer();
186  try
187  {
190  $content = $this->endAndGetOutputBuffer();
191  $this->assertEquals(null, $content);
192  }
193  catch (ExitException $e)
194  {
195  $this->endPrintOutputBufferAndFail();
196  }
197  }
198 
203  {
204  Yii::app()->user->userModel = User::getByUsername('super');
205  $accounts = Account::getByName('Supermart');
206  $this->assertEquals(1, count($accounts));
207  $betty = User::getByUsername('betty');
208  Yii::app()->user->userModel = $betty;
209 
210  $this->startOutputBuffer();
211  try
212  {
214  $this->endPrintOutputBufferAndFail();
215  }
216  catch (ExitException $e)
217  {
218  $content = $this->endAndGetOutputBuffer();
219  $this->assertEquals('failure', $content);
220  }
221  $this->startOutputBuffer();
222  try
223  {
225  $this->endPrintOutputBufferAndFail();
226  }
227  catch (ExitException $e)
228  {
229  $compareString = 'You have tried to access a page you do not have access to';
230  $this->assertContains($compareString, $this->endAndGetOutputBuffer());
231  }
232 
233  $accounts = Account::getByName('BettyInc');
234  $this->assertEquals(1, count($accounts));
235  $account = $accounts[0];
236  $this->startOutputBuffer();
237  try
238  {
241  $content = $this->endAndGetOutputBuffer();
242  $this->assertEquals(null, $content);
243  }
244  catch (ExitException $e)
245  {
246  $this->endPrintOutputBufferAndFail();
247  }
248  }
249  }
250 ?>
static rebuild($overwriteExistingTables=true, $forcePhp=false, $messageStreamer=null)
static getByUsername($username)
Definition: User.php:49
static resolveAccessCanCurrentUserDeleteModel(RedBeanModel $model, $fromAjax=false)
static resolveAccessCanCurrentUserReadModel(RedBeanModel $model, $fromAjax=false)
static resolveAccessCanCurrentUserWriteModule($moduleClassName, $fromAjax=false)
static resolveAccessCanCurrentUserWriteModel(RedBeanModel $model, $fromAjax=false)
Generated on Fri Jun 5 2020 07:10:36