Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.
 All Data Structures Functions Variables Pages
LeadsRegularUserWalkthroughTest.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
48  {
49  public static function setUpBeforeClass()
50  {
51  parent::setUpBeforeClass();
52  $super = Yii::app()->user->userModel;
53  //Setup test data owned by the super user.
54  LeadTestHelper::createLeadbyNameForOwner ('superLead', $super);
55  LeadTestHelper::createLeadbyNameForOwner ('superLead2', $super);
56  LeadTestHelper::createLeadbyNameForOwner ('superLead3', $super);
57  LeadTestHelper::createLeadbyNameForOwner ('superLead4', $super);
58  //Setup default dashboard.
59  Dashboard::getByLayoutIdAndUser (Dashboard::DEFAULT_USER_LAYOUT_ID, $super);
61  }
62 
63  public function testRegularUserAllControllerActions()
64  {
65  //Now test all portlet controller actions
66 
67  //Now test peon with elevated rights to tabs /other available rights
68  //such as convert lead
69 
70  //Now test peon with elevated permissions to models.
71  }
72 
73  public function testRegularUserAllControllerActionsNoElevation()
74  {
75  //Create lead owned by user super.
76  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
77  $lead = LeadTestHelper::createLeadByNameForOwner('Lead', $super);
78  Yii::app()->user->userModel = User::getByUsername('nobody');
79 
80  //Now test all portlet controller actions
81  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default');
82  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/index');
83  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/list');
84  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/create');
85  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
86  $this->setGetArray(array('id' => $lead->id));
87  $this->resetPostArray();
88  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
89  $this->setGetArray(array('selectedIds' => '4,5,6,7,8', 'selectAll' => '')); // Not Coding Standard
90  $this->resetPostArray();
91  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/massEdit');
92  $this->setGetArray(array('selectAll' => '1', 'Lead_page' => 2));
93  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/massEditProgressSave');
94 
95  //Autocomplete for lead should fail
96  $this->setGetArray(array('term' => 'super'));
97  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/autoComplete');
98 
99  //actionModalList should fail
100  $this->setGetArray(array(
101  'modalTransferInformation' => array('sourceIdFieldId' => 'x', 'sourceNameFieldId' => 'y', 'modalId' => 'z')
102  ));
103  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/modalList');
104 
105  //actionAuditEventsModalList should fail
106  $this->setGetArray(array('id' => $lead->id));
107  $this->resetPostArray();
108  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/auditEventsModalList');
109 
110  //actionDelete should fail.
111  $this->setGetArray(array('id' => $lead->id));
112  $this->resetPostArray();
113  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
114  }
115 
120  {
121  //Now test peon with elevated rights to tabs /other available rights
122  $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
123 
124  //Now test peon with elevated rights to leads
125  $nobody->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
126  $nobody->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS);
127  $nobody->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS);
128  $this->assertTrue($nobody->save());
129 
130  //Test nobody with elevated rights.
131  Yii::app()->user->userModel = User::getByUsername('nobody');
132  $content = $this->runControllerWithNoExceptionsAndGetContent('leads/default/list');
133  $this->assertContains('Thomas Paine', $content);
134  $this->runControllerWithNoExceptionsAndGetContent('leads/default/create');
135 
136  //Test nobody can view an existing lead he owns.
137  $lead = LeadTestHelper::createLeadByNameForOwner('leadOwnedByNobody', $nobody);
138 
139  //At this point the listview for leads should show the search/list and not the helper screen.
140  $content = $this->runControllerWithNoExceptionsAndGetContent('leads/default/list');
141  $this->assertNotContains('Thomas Paine', $content);
142 
143  $this->setGetArray(array('id' => $lead->id));
144  $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
145 
146  //Test nobody can delete an existing lead he owns and it redirects to index.
147  $this->setGetArray(array('id' => $lead->id));
148  $this->resetPostArray();
149  $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete',
150  Yii::app()->createUrl('leads/default/index'));
151 
152  //Autocomplete for Lead should not fail.
153  $this->setGetArray(array('term' => 'super'));
154  $this->runControllerWithNoExceptionsAndGetContent('leads/default/autoComplete');
155 
156  //actionModalList for Lead should not fail.
157  $this->setGetArray(array(
158  'modalTransferInformation' => array('sourceIdFieldId' => 'x', 'sourceNameFieldId' => 'y', 'modalId' => 'z')
159  ));
160  $this->runControllerWithNoExceptionsAndGetContent('leads/default/modalList');
161  }
162 
167  {
168  //Create lead owned by user super.
169  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
170  $lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super);
171 
172  //Test nobody, access to edit, details and delete should fail.
173  $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
174  $this->setGetArray(array('id' => $lead->id));
175  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
176  $this->setGetArray(array('id' => $lead->id));
177  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
178  $this->setGetArray(array('id' => $lead->id));
179  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
180 
181  //give nobody access to read
182  Yii::app()->user->userModel = $super;
183  $lead->addPermissions($nobody, Permission::READ);
184  $this->assertTrue($lead->save());
186 
187  //Now the nobody user can access the details view.
188  Yii::app()->user->userModel = $nobody;
189  $this->setGetArray(array('id' => $lead->id));
190  $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
191 
192  //Test nobody, access to edit and delete should fail.
193  $this->setGetArray(array('id' => $lead->id));
194  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
195  $this->setGetArray(array('id' => $lead->id));
196  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
197 
198  //give nobody access to read and write
199  Yii::app()->user->userModel = $super;
200  $lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
201  $this->assertTrue($lead->save());
204 
205  //Now the nobody user should be able to access the edit view and still the details view
206  Yii::app()->user->userModel = $nobody;
207  $this->setGetArray(array('id' => $lead->id));
208  $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
209  $this->setGetArray(array('id' => $lead->id));
210  $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
211 
212  //Test nobody, access to delete should fail.
213  $this->setGetArray(array('id' => $lead->id));
214  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
215 
216  //revoke nobody access to read
217  Yii::app()->user->userModel = $super;
218  $lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
219  $this->assertTrue($lead->save());
221 
222  //Test nobody, access to detail, edit and delete should fail.
223  Yii::app()->user->userModel = $nobody;
224  $this->setGetArray(array('id' => $lead->id));
225  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
226  $this->setGetArray(array('id' => $lead->id));
227  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
228  $this->setGetArray(array('id' => $lead->id));
229  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
230 
231  //give nobody access to read, write and delete
232  Yii::app()->user->userModel = $super;
233  $lead->addPermissions($nobody, Permission::READ_WRITE_DELETE);
234  $this->assertTrue($lead->save());
236 
237  //now nobody should be able to delete a lead
238  Yii::app()->user->userModel = $nobody;
239  $this->setGetArray(array('id' => $lead->id));
240  $this->resetPostArray();
241  $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete',
242  Yii::app()->createUrl('leads/default/index'));
243 
244  //create some roles
245  Yii::app()->user->userModel = $super;
246  $parentRole = new Role();
247  $parentRole->name = 'AAA';
248  $this->assertTrue($parentRole->save());
249 
250  $childRole = new Role();
251  $childRole->name = 'BBB';
252  $this->assertTrue($childRole->save());
253 
254  $userInParentRole = User::getByUsername('confused');
255  $userInChildRole = User::getByUsername('nobody');
256 
257  $childRole->users->add($userInChildRole);
258  $this->assertTrue($childRole->save());
259  $parentRole->users->add($userInParentRole);
260  $parentRole->roles->add($childRole);
261  $this->assertTrue($parentRole->save());
262  $userInChildRole->forget();
263  $userInChildRole = User::getByUsername('nobody');
264  $userInParentRole->forget();
265  $userInParentRole = User::getByUsername('confused');
266  $parentRoleId = $parentRole->id;
267  $parentRole->forget();
268  $parentRole = Role::getById($parentRoleId);
269  $childRoleId = $childRole->id;
270  $childRole->forget();
271  $childRole = Role::getById($childRoleId);
272 
273  //create lead owned by super
274  $lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super);
275 
276  //Test userInChildRole, access to details, edit and delete should fail.
277  Yii::app()->user->userModel = $userInChildRole;
278  $this->setGetArray(array('id' => $lead2->id));
279  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
280  $this->setGetArray(array('id' => $lead2->id));
281  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
282  $this->setGetArray(array('id' => $lead2->id));
283  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
284 
285  //Test userInParentRole, access to details, edit and delete should fail.
286  Yii::app()->user->userModel = $userInParentRole;
287  $this->setGetArray(array('id' => $lead2->id));
288  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
289  $this->setGetArray(array('id' => $lead2->id));
290  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
291  $this->setGetArray(array('id' => $lead2->id));
292  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
293 
294  //give userInChildRole access to READ
295  Yii::app()->user->userModel = $super;
296  $lead2->addPermissions($userInChildRole, Permission::READ);
297  $this->assertTrue($lead2->save());
299 
300  //Test userInChildRole, access to details should not fail.
301  Yii::app()->user->userModel = $userInChildRole;
302  $this->setGetArray(array('id' => $lead2->id));
303  $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
304 
305  //Test userInChildRole, access to edit and delete should fail.
306  $this->setGetArray(array('id' => $lead2->id));
307  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
308  $this->setGetArray(array('id' => $lead2->id));
309  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
310 
311  //Test userInParentRole, access to details should not fail.
312  Yii::app()->user->userModel = $userInParentRole;
313  $this->setGetArray(array('id' => $lead2->id));
314  $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
315 
316  //Test userInParentRole, access to edit and delete should fail.
317  $this->setGetArray(array('id' => $lead2->id));
318  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
319  $this->setGetArray(array('id' => $lead2->id));
320  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
321 
322  //give userInChildRole access to read and write
323  Yii::app()->user->userModel = $super;
324  $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
325  $this->assertTrue($lead2->save());
328 
329  //Test userInChildRole, access to edit and delete should not fail and also detaisl view must be accessible.
330  Yii::app()->user->userModel = $userInChildRole;
331  $this->setGetArray(array('id' => $lead2->id));
332  $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
333 
334  //Test userInChildRole, access to delete should fail.
335  $this->setGetArray(array('id' => $lead2->id));
336  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
337 
338  //Test userInParentRole, access to edit should not fail.
339  $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInParentRole->username);
340  $this->setGetArray(array('id' => $lead2->id));
341  $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
342 
343  //Test userInParentRole, access to delete should fail.
344  $this->setGetArray(array('id' => $lead2->id));
345  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
346 
347  //revoke userInChildRole access to read and write
348  Yii::app()->user->userModel = $super;
349  $lead2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
350  $this->assertTrue($lead2->save());
352 
353  //Test userInChildRole, access to detail, edit and delete should fail.
354  Yii::app()->user->userModel = $userInChildRole;
355  $this->setGetArray(array('id' => $lead2->id));
356  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
357  $this->setGetArray(array('id' => $lead2->id));
358  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
359  $this->setGetArray(array('id' => $lead2->id));
360  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
361 
362  //Test userInParentRole, access to detail, edit and delete should fail.
363  Yii::app()->user->userModel = $userInParentRole;
364  $this->setGetArray(array('id' => $lead2->id));
365  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
366  $this->setGetArray(array('id' => $lead2->id));
367  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
368  $this->setGetArray(array('id' => $lead2->id));
369  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
370 
371  //give userInChildRole access to read, write and delete
372  Yii::app()->user->userModel = $super;
373  $lead2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
374  $this->assertTrue($lead2->save());
376 
377  //Test userInParentRole, access to delete should not fail.
378  Yii::app()->user->userModel = $userInParentRole;
379  $this->setGetArray(array('id' => $lead2->id));
380  $this->resetPostArray();
381  $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete',
382  Yii::app()->createUrl('leads/default/index'));
383 
384  //clear up the role relationships between users so not to effect next assertions
385  $parentRole->users->remove($userInParentRole);
386  $parentRole->roles->remove($childRole);
387  $this->assertTrue($parentRole->save());
388  $childRole->users->remove($userInChildRole);
389  $this->assertTrue($childRole->save());
390 
391  //create some groups and assign users to groups
392  Yii::app()->user->userModel = $super;
393  $parentGroup = new Group();
394  $parentGroup->name = 'AAA';
395  $this->assertTrue($parentGroup->save());
396 
397  $childGroup = new Group();
398  $childGroup->name = 'BBB';
399  $this->assertTrue($childGroup->save());
400 
401  $userInChildGroup = User::getByUsername('confused');
402  $userInParentGroup = User::getByUsername('nobody');
403 
404  $childGroup->users->add($userInChildGroup);
405  $this->assertTrue($childGroup->save());
406  $parentGroup->users->add($userInParentGroup);
407  $parentGroup->groups->add($childGroup);
408  $this->assertTrue($parentGroup->save());
409  $parentGroup->forget();
410  $childGroup->forget();
411  $parentGroup = Group::getByName('AAA');
412  $childGroup = Group::getByName('BBB');
413 
414  //Add access for the confused user to leads and creation of leads.
415  $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
416  $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS);
417  $userInChildGroup->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS);
418  $this->assertTrue($userInChildGroup->save());
419 
420  //create lead owned by super
421  $lead3 = LeadTestHelper::createLeadByNameForOwner('leadsParentGroupPermission', $super);
422 
423  //Test userInParentGroup, access to details, edit and delete should fail.
424  Yii::app()->user->userModel = $userInParentGroup;
425  $this->setGetArray(array('id' => $lead3->id));
426  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
427  $this->setGetArray(array('id' => $lead3->id));
428  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
429  $this->setGetArray(array('id' => $lead3->id));
430  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
431 
432  //Test userInChildGroup, access to details, edit and delete should fail.
433  Yii::app()->user->userModel = $userInChildGroup;
434  $this->setGetArray(array('id' => $lead3->id));
435  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
436  $this->setGetArray(array('id' => $lead3->id));
437  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
438  $this->setGetArray(array('id' => $lead3->id));
439  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
440 
441  //give parentGroup access to READ
442  Yii::app()->user->userModel = $super;
443  $lead3->addPermissions($parentGroup, Permission::READ);
444  $this->assertTrue($lead3->save());
446 
447  //Test userInParentGroup, access to details should not fail.
448  Yii::app()->user->userModel = $userInParentGroup;
449  $this->setGetArray(array('id' => $lead3->id));
450  $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
451 
452  //Test userInParentGroup, access to delete should fail.
453  $this->setGetArray(array('id' => $lead3->id));
454  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
455  $this->setGetArray(array('id' => $lead3->id));
456  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
457 
458  //Test userInChildGroup, access to edit and details should not fail.
459  Yii::app()->user->userModel = $userInChildGroup;
460  $this->setGetArray(array('id' => $lead3->id));
461  $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
462 
463  //Test userInChildGroup, access to edit and delete should fail.
464  $this->setGetArray(array('id' => $lead3->id));
465  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
466  $this->setGetArray(array('id' => $lead3->id));
467  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
468 
469  //give parentGroup access to read and write
470  Yii::app()->user->userModel = $super;
471  $lead3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
472  $this->assertTrue($lead3->save());
475 
476  //Test userInParentGroup, access to edit should not fail.
477  Yii::app()->user->userModel = $userInParentGroup;
478  $this->setGetArray(array('id' => $lead3->id));
479  $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
480 
481  //Test userInParentGroup, access to delete should fail.
482  $this->setGetArray(array('id' => $lead3->id));
483  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
484 
485  //Test userInChildGroup, access to edit should not fail.
486  Yii::app()->user->userModel = $userInChildGroup;
487  $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
488  $this->setGetArray(array('id' => $lead3->id));
489  $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
490 
491  //Test userInChildGroup, access to delete should fail.
492  $this->setGetArray(array('id' => $lead3->id));
493  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
494 
495  //revoke parentGroup access to read and write
496  Yii::app()->user->userModel = $super;
497  $lead3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
498  $this->assertTrue($lead3->save());
500 
501  //Test userInChildGroup, access to detail, edit and delete should fail.
502  Yii::app()->user->userModel = $userInChildGroup;
503  $this->setGetArray(array('id' => $lead3->id));
504  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
505  $this->setGetArray(array('id' => $lead3->id));
506  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
507  $this->setGetArray(array('id' => $lead3->id));
508  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
509 
510  //Test userInParentGroup, access to detail, edit and delete should fail.
511  Yii::app()->user->userModel = $userInParentGroup;
512  $this->setGetArray(array('id' => $lead3->id));
513  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
514  $this->setGetArray(array('id' => $lead3->id));
515  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
516  $this->setGetArray(array('id' => $lead3->id));
517  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
518 
519  //give parentGroup access to read, write and delete
520  Yii::app()->user->userModel = $super;
521  $lead3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
522  $this->assertTrue($lead3->save());
524 
525  //Test userInChildGroup, access to delete should not fail.
526  Yii::app()->user->userModel = $userInChildGroup;
527  $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
528  $this->setGetArray(array('id' => $lead3->id));
529  $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete',
530  Yii::app()->createUrl('leads/default/index'));
531 
532  //clear up the role relationships between users so not to effect next assertions
533  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
534  $userInParentGroup->forget();
535  $userInChildGroup->forget();
536  $childGroup->forget();
537  $parentGroup->forget();
538  $userInParentGroup = User::getByUsername('nobody');
539  $userInChildGroup = User::getByUsername('confused');
540  $childGroup = Group::getByName('BBB');
541  $parentGroup = Group::getByName('AAA');
542 
543  $parentGroup->users->remove($userInParentGroup);
544  $parentGroup->groups->remove($childGroup);
545  $this->assertTrue($parentGroup->save());
546  $childGroup->users->remove($userInChildGroup);
547  $this->assertTrue($childGroup->save());
548  }
549  //todo: test lead conversion.
550 
551  public function testUserHasNoAccessToAccountsAndTriesToConvertWhenAccountIsOptional()
552  {
553  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
554  $belina = UserTestHelper::createBasicUser('belina');
555  $lead = LeadTestHelper::createLeadbyNameForOwner('BelinaLead1', $belina);
556  $belina->setRight ('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS, Right::ALLOW);
557  $belina->setRight ('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS, Right::ALLOW);
558  $belina->setRight ('ContactsModule', ContactsModule::RIGHT_CREATE_CONTACTS, Right::ALLOW);
559  $belina->setRight ('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS, Right::ALLOW);
560  $this->assertTrue($belina->save());
561  $this->assertEquals(Right::DENY, $belina->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS));
562  $this->assertEquals(Right::DENY, $belina->getEffectiveRight('OpportunitiesModule', OpportunitiesModule::RIGHT_ACCESS_OPPORTUNITIES));
563  $belina = $this->logoutCurrentUserLoginNewUserAndGetByUsername('belina');
564 
565  //Now check that when belina tries to convert a lead, it will automatically make it an account.
566  $convertToAccountSetting = LeadsModule::getConvertToAccountSetting();
567  $this->assertTrue($convertToAccountSetting == LeadsModule::CONVERT_NO_ACCOUNT ||
568  $convertToAccountSetting == LeadsModule::CONVERT_ACCOUNT_NOT_REQUIRED);
569  $convertToOpportunitySetting = LeadsModule::getConvertToOpportunitySetting();
570  $this->assertTrue($convertToOpportunitySetting == LeadsModule::CONVERT_NO_OPPORTUNITY ||
571  $convertToOpportunitySetting == LeadsModule::CONVERT_OPPORTUNITY_NOT_REQUIRED);
572 
573  $oldStateValue = $lead->state->name;
574  $this->setGetArray (array('id' => $lead->id));
575  $this->runControllerWithRedirectExceptionAndGetContent('leads/default/convert');
576  $this->setGetArray (array('id' => $lead->id));
577  $this->runControllerWithRedirectExceptionAndGetContent('leads/default/convertFinal');
578 
579  $contact = Contact::getById($lead->id);
580  $this->assertNotEquals($oldStateValue, $contact->state->name);
581  }
582 
587  {
588  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
589  $belina = User::getByUserName('belina');
590  $lead = LeadTestHelper::createLeadbyNameForOwner('BelinaLead1', $belina);
591  $belina->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS, Right::ALLOW);
592  $this->assertTrue($belina->save());
593  $belina = $this->logoutCurrentUserLoginNewUserAndGetByUsername('belina');
594  $convertToAccountSetting = LeadsModule::getConvertToAccountSetting();
595  $this->assertEquals(Right::DENY, $belina->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_CREATE_ACCOUNTS));
596 
597  //The convert view should load up normally, except the option to create an account will not be pressent.
598  //This tests that the view does in fact come up.
599  $this->setGetArray (array('id' => $lead->id));
600  $this->runControllerWithNoExceptionsAndGetContent('leads/default/convert');
601  }
602 
607  {
608  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
609 
610  $bubby = UserTestHelper::createBasicUser('bubby');
611  $lead = LeadTestHelper::createLeadbyNameForOwner('BelinaLead1', $bubby);
612  $bubby->setRight ('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS, Right::ALLOW);
613  $bubby->setRight ('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS, Right::ALLOW);
614  $this->assertTrue($bubby->save());
615 
616  //Scenario #1 - User does not have access to contacts
617  $this->assertEquals(Right::DENY, $bubby->getEffectiveRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS));
618  $bubby = $this->logoutCurrentUserLoginNewUserAndGetByUsername('bubby');
619  //View will not show up properly.
620  $this->setGetArray (array('id' => $lead->id));
621  $content = $this->runControllerWithExitExceptionAndGetContent('leads/default/convert');
622  $this->assertContains('Conversion requires access to the contacts module which you do not have. Please contact your administrator.', $content);
623 
624  //Scenario #2 - User cannot access accounts and an account is required for conversion
625  $bubby->setRight ('ContactsModule', ContactsModule::RIGHT_CREATE_CONTACTS, Right::ALLOW);
626  $bubby->setRight ('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS, Right::ALLOW);
627  $this->assertTrue($bubby->save());
628  $metadata = LeadsModule::getMetadata();
629  $metadata['global']['convertToAccountSetting'] = LeadsModule::CONVERT_ACCOUNT_REQUIRED;
630  LeadsModule::setMetadata($metadata);
631 
632  //At this point because the account is required, the view will not come up properly.
633  $this->setGetArray (array('id' => $lead->id));
634  $content = $this->runControllerWithExitExceptionAndGetContent('leads/default/convert');
635  $this->assertContains('Conversion is set to require an account. Currently you do not have access to the accounts module.', $content);
636 
637  //Scenario #3 - User cannot access opportunities and an opportunity is required for conversion
638  $metadata = LeadsModule::getMetadata();
639  $metadata['global']['convertToAccountSetting'] = LeadsModule::CONVERT_ACCOUNT_NOT_REQUIRED;
640  $metadata['global']['convertToOpportunitySetting'] = LeadsModule::CONVERT_OPPORTUNITY_REQUIRED;
641  LeadsModule::setMetadata($metadata);
642 
643  //At this point because the opportunity is required, the view will not come up properly.
644  $this->setGetArray (array('id' => $lead->id));
645  $this->runControllerWithRedirectExceptionAndGetContent('leads/default/convert');
646  $this->setGetArray (array('id' => $lead->id));
647  $content = $this->runControllerWithExitExceptionAndGetContent('leads/default/convertFinal');
648  $this->assertContains('Conversion is set to require an opportunity. Currently you do not have access to the opportunities module.', $content);
649  }
650 
655  {
656  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
657  $confused = User::getByUsername('confused');
658  $nobody = User::getByUsername('nobody');
659  $this->assertEquals(Right::DENY, $confused->getEffectiveRight('ZurmoModule', ZurmoModule::RIGHT_BULK_DELETE));
660  $confused->setRight('ZurmoModule', ZurmoModule::RIGHT_BULK_DELETE);
661  //Load MassDelete view for the 3 leads.
662  $leads = Contact::getAll();
663  $this->assertEquals(8, count($leads));
664 
665  $lead1 = LeadTestHelper::createLeadbyNameForOwner('leadDelete1', $confused);
666  $lead2 = LeadTestHelper::createLeadbyNameForOwner('leadDelete2', $confused);
667  $lead3 = LeadTestHelper::createLeadbyNameForOwner('leadDelete3', $nobody);
668  $lead4 = LeadTestHelper::createLeadbyNameForOwner('leadDelete4', $confused);
669  $lead5 = LeadTestHelper::createLeadbyNameForOwner('leadDelete5', $confused);
670  $lead6 = LeadTestHelper::createLeadbyNameForOwner('leadDelete6', $nobody);
671 
672  $selectedIds = $lead1->id . ',' . $lead2->id . ',' . $lead3->id ; // Not Coding Standard
673  $this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => '')); // Not Coding Standard
674  $this->resetPostArray();
675  $content = $this->runControllerWithNoExceptionsAndGetContent('leads/default/massDelete');
676  $this->assertContains('<strong>3</strong>&#160;Leads selected for removal', $content);
677 
678  //calculating leads after adding 4 new records
679  $leads = Contact::getAll();
680  $this->assertEquals(14, count($leads));
681  //Deleting 6 leads for pagination scenario
682  //Run Mass Delete using progress save for page1
683  $selectedIds = $lead1->id . ',' . $lead2->id . ',' . // Not Coding Standard
684  $lead3->id . ',' . $lead4->id . ',' . // Not Coding Standard
685  $lead5->id . ',' . $lead6->id; // Not Coding Standard
686  $this->setGetArray(array(
687  'selectedIds' => $selectedIds,
688  'selectAll' => '',
689  'Contact_page' => 1));
690  $this->setPostArray(array('selectedRecordCount' => 6));
691  $content = $this->runControllerWithExitExceptionAndGetContent('leads/default/massDelete');
692  $leads = Contact::getAll();
693  $this->assertEquals(9, count($leads));
694 
695  //Run Mass Delete using progress save for page2
696  $selectedIds = $lead1->id . ',' . $lead2->id . ',' . // Not Coding Standard
697  $lead3->id . ',' . $lead4->id . ',' . // Not Coding Standard
698  $lead5->id . ',' . $lead6->id; // Not Coding Standard
699  $this->setGetArray(array(
700  'selectedIds' => $selectedIds,
701  'selectAll' => '',
702  'Contact_page' => 2));
703  $this->setPostArray(array('selectedRecordCount' => 6));
704  $content = $this->runControllerWithNoExceptionsAndGetContent('leads/default/massDeleteProgress');
705  $leads = Contact::getAll();
706  $this->assertEquals(8, count($leads));
707  }
708 
713  {
714  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
715  $confused = User::getByUsername('confused');
716  $nobody = User::getByUsername('nobody');
717 
718  //Load MassDelete view for the 8 leads.
719  $leads = Contact::getAll();
720  $this->assertEquals(8, count($leads));
721  //Deleting all leads
722 
723  //mass Delete pagination scenario
724  //Run Mass Delete using progress save for page1
725  $this->setGetArray(array(
726  'selectAll' => '1',
727  'Contact_page' => 1));
728  $this->setPostArray(array('selectedRecordCount' => 8));
729  $pageSize = Yii::app()->pagination->getForCurrentUserByType('massDeleteProgressPageSize');
730  $this->assertEquals(5, $pageSize);
731  $content = $this->runControllerWithExitExceptionAndGetContent('leads/default/massDelete');
732  $leads = Contact::getAll();
733  $this->assertEquals(3, count($leads));
734 
735  //Run Mass Delete using progress save for page2
736  $this->setGetArray(array(
737  'selectAll' => '1',
738  'Contact_page' => 2));
739  $this->setPostArray(array('selectedRecordCount' => 8));
740  $pageSize = Yii::app()->pagination->getForCurrentUserByType('massDeleteProgressPageSize');
741  $this->assertEquals(5, $pageSize);
742  $content = $this->runControllerWithNoExceptionsAndGetContent('leads/default/massDeleteProgress');
743 
744  $leads = Contact::getAll();
745  //BelinaLead1 was converted to a contact, so she is not removed
746  $this->assertContains('BelinaLead1', serialize($leads));
747  $this->assertEquals(1, count($leads));
748  }
749 
750  public function testInlineCreateCommentFromAjax()
751  {
752  UserTestHelper::createBasicUser('sally');
753  $sally = $this->logoutCurrentUserLoginNewUserAndGetByUsername('sally');
754 
755  $lead = LeadTestHelper::createLeadbyNameForOwner('testContact2', $sally);
756  $this->setGetArray(array('id' => $lead->id, 'uniquePageId' => 'CommentInlineEditForModelView'));
757  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/inlineCreateCommentFromAjax');
758 
759  //Now test peon with elevated rights to accounts
760  $sally->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
761  $sally->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS);
762  $sally->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS);
763  $this->assertTrue($sally->save());
764  $lead->addPermissions($sally, Permission::READ_WRITE_CHANGE_PERMISSIONS);
765  $this->assertTrue($lead->save());
767 
768  $this->setGetArray(array('id' => $lead->id, 'uniquePageId' => 'CommentInlineEditForModelView'));
769  $this->runControllerWithNoExceptionsAndGetContent('leads/default/inlineCreateCommentFromAjax');
770  }
771 
772  public function testAddAndRemoveSubscriberViaAjaxWithNormalUser()
773  {
774  $super = User::getByUsername('super');
775  $billy = $this->logoutCurrentUserLoginNewUserAndGetByUsername('billy');
776  $lead = LeadTestHelper::createLeadbyNameForOwner('testLead3', $billy);
777 
778  $this->setGetArray(array('id' => $lead->id));
779  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/removeSubscriber');
780  $this->setGetArray(array('id' => $lead->id));
781  $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/addSubscriber');
782 
783  //Now test peon with elevated rights to accounts
784  $billy->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
785  $billy->setRight('LeadsModule', LeadsModule::RIGHT_CREATE_LEADS);
786  $billy->setRight('LeadsModule', LeadsModule::RIGHT_DELETE_LEADS);
787  $this->assertTrue($billy->save());
788  $lead->addPermissions($billy, Permission::READ_WRITE_CHANGE_PERMISSIONS);
789  $this->assertTrue($lead->save());
791 
792  //Test nobody with elevated rights.
793  Yii::app()->user->userModel = User::getByUsername('billy');
794 
795  $this->setGetArray(array('id' => $lead->id));
796  $content = $this->runControllerWithNoExceptionsAndGetContent('leads/default/removeSubscriber', false);
797  $this->assertContains($billy->getFullName(), $content);
798  $this->assertEquals(1, $lead->notificationSubscribers->count());
799 
800  //Now super user would be added as a subscriber as he becomes the owner
801  $lead->owner = $super;
802  $this->assertTrue($lead->save());
803 
804  $content = $this->runControllerWithNoExceptionsAndGetContent('leads/default/removeSubscriber', false);
805  $this->assertNotContains($billy->getFullName(), $content);
806  $this->assertEquals(1, $lead->notificationSubscribers->count());
807 
808  $this->assertFalse($this->checkIfUserFoundInSubscribersList($lead, $billy->id));
809 
810  $content = $this->runControllerWithNoExceptionsAndGetContent('leads/default/addSubscriber', false);
811  $this->assertContains($billy->getFullName(), $content);
812  $this->assertEquals(2, $lead->notificationSubscribers->count());
813 
814  $this->assertTrue($this->checkIfUserFoundInSubscribersList($lead, $billy->id));
815  }
816 
817  private function checkIfUserFoundInSubscribersList($contact, $compareId)
818  {
819  $isUserFound = false;
820  $modelDerivationPathToItem = RuntimeUtil::getModelDerivationPathToItem('User');
821  foreach ($contact->notificationSubscribers as $subscriber)
822  {
823  $user = $subscriber->person->castDown(array($modelDerivationPathToItem));
824  if ($user->id == $compareId)
825  {
826  $isUserFound = true;
827  }
828  }
829  return $isUserFound;
830  }
831  }
832 ?>
static securableItemLostPermissionsForUser(SecurableItem $securableItem, User $user)
static securableItemGivenPermissionsForUser(SecurableItem $securableItem, User $user)
static getMetadata(User $user=null)
Definition: Module.php:502
static getByLayoutIdAndUser($layoutId, $user)
Definition: Dashboard.php:46
static securableItemLostReadPermissionsForUser(SecurableItem $securableItem, User $user)
Definition: Role.php:37
static rebuild($overwriteExistingTables=true, $forcePhp=false, $messageStreamer=null)
static getByUsername($username)
Definition: User.php:49
runControllerWithRedirectExceptionAndGetContent($route, $compareUrl=null, $compareUrlContains=false)
static securableItemLostReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
Definition: Group.php:37
static securableItemLostPermissionsForGroup(SecurableItem $securableItem, Group $group)
static getByName($name)
Definition: Group.php:57
static securableItemGivenReadPermissionsForUser(SecurableItem $securableItem, User $user)
static getModelDerivationPathToItem($modelClassName)
Definition: RuntimeUtil.php:79
static getById($id, $modelClassName=null)
static setMetadata(array $metadata, User $user=null)
Definition: Module.php:533
logoutCurrentUserLoginNewUserAndGetByUsername($username)
runControllerWithNoExceptionsAndGetContent($route, $empty=false)
static getAll($orderBy=null, $sortDescending=false, $modelClassName=null)
static securableItemGivenReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
static securableItemGivenPermissionsForGroup(SecurableItem $securableItem, Group $group)
Generated on Sun Nov 29 2020 07:10:26
Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.