Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.
 All Data Structures Functions Variables Pages
NotesRegularUserWalkthroughTest.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
41  {
42  public static function setUpBeforeClass()
43  {
44  parent::setUpBeforeClass();
45  $super = Yii::app()->user->userModel;
46 
47  //Setup test data owned by the super user.
48  $account = AccountTestHelper::createAccountByNameForOwner('superAccount', $super);
49  AccountTestHelper::createAccountByNameForOwner('superAccount2', $super);
50  ContactTestHelper::createContactWithAccountByNameForOwner('superContact', $super, $account);
51  }
52 
53  public function testRegularUserAllControllerActions()
54  {
55  //Now test all portlet controller actions
56 
57  //Now test peon with elevated rights to tabs /other available rights
58  //such as convert lead
59 
60  //Now test peon with elevated permissions to models.
61  }
62 
63  public function testRegularUserAllControllerActionsNoElevation()
64  {
65  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
66  $superAccount = AccountTestHelper::createAccountByNameForOwner('accountOwnedBySuper', $super);
67  $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount);
68  Yii::app()->user->userModel = User::getByUsername('nobody');
69 
70  //Now test account details portlet controller actions
71  $this->setGetArray(array('id' => $superAccount->id));
72  $this->resetPostArray();
73  $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
74 
75  //Now test all notes portlet controller actions
76  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/createFromRelation');
77  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
78  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/inlineCreateSave');
79  $this->setGetArray(array('id' => $note->id));
80  $this->resetPostArray();
81  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
82 
83  //actionDelete should fail.
84  $this->setGetArray(array('id' => $note->id));
85  $this->resetPostArray();
86  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
87  }
88 
93  {
94  $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
95 
96  //Now test peon with elevated rights to accounts
97  $nobody->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
98  $this->assertTrue($nobody->save());
99 
100  //create the account as nobody user as the owner
101  $account = AccountTestHelper::createAccountByNameForOwner('accountOwnedByNobody', $nobody);
102 
103  //Test whether the nobody user is able to view the account that he created
104  $this->setGetArray(array('id' => $account->id));
105  $this->resetPostArray();
106  $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
107 
108  //Now test peon with elevated rights to notes
109  $nobody->setRight('NotesModule', NotesModule::RIGHT_ACCESS_NOTES);
110  $nobody->setRight('NotesModule', NotesModule::RIGHT_CREATE_NOTES);
111  $nobody->setRight('NotesModule', NotesModule::RIGHT_DELETE_NOTES);
112  $this->assertTrue($nobody->save());
113 
114  //Test nobody with elevated rights.
115  Yii::app()->user->userModel = User::getByUsername('nobody');
116  $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedByNobody', $nobody, $account);
117 
118  //Test whether the nobody user is able to view the note details and edit that he created
119  $this->setGetArray(array('id' => $note->id));
120  $this->resetPostArray();
121  $this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
122  $this->setGetArray(array('id' => $note->id));
123  $this->resetPostArray();
124  $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
125 
126  //Test validating an existing note via the inline edit validation (Success)
127  $activityItemPostData = array('Account' => array('id' => $account->id));
128  $this->setPostArray(array('ActivityItemForm' => $activityItemPostData,
129  'ajax' => 'inline-edit-form',
130  'Note' => array('description' => 'a Valid Name of a Note')));
131  $this->setGetArray(array('id' => $note->id, 'redirectUrl' => 'someRedirect'));
132  $content = $this->runControllerWithExitExceptionAndGetContent('notes/default/inlineCreateSave');
133  $this->assertEquals('[]', $content);
134 
135  //add related note for account using createFromRelation action
136  $activityItemPostData = array('account' => array('id' => $account->id));
137  $this->setGetArray(array('relationAttributeName' => 'Account', 'relationModelId' => $account->id,
138  'relationModuleId' => 'accounts', 'redirectUrl' => 'someRedirect'));
139  $this->setPostArray(array('ActivityItemForm' => $activityItemPostData, 'Note' => array('description' => 'myNote')));
140  $this->runControllerWithRedirectExceptionAndGetContent('notes/default/createFromRelation');
141 
142  //Test nobody can delete an existing note he created and it redirects to index.
143  $this->setGetArray(array('id' => $note->id));
144  $this->resetPostArray();
145  $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
146  }
147 
152  {
153  //Create superAccount owned by user super.
154  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
155  $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
156 
157  //Test nobody, access to edit and details of superAccount should fail.
158  $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
159  $this->setGetArray(array('id' => $superAccount->id));
160  $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
161 
162  //give nobody access to read
163  Yii::app()->user->userModel = $super;
164  $superAccount->addPermissions($nobody, Permission::READ);
165  $this->assertTrue($superAccount->save());
167 
168  //Now the nobody user can access the details view.
169  Yii::app()->user->userModel = $nobody;
170  $this->setGetArray(array('id' => $superAccount->id));
171  $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
172 
173  //create note for an superAccount using the super user
174  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
175  $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount);
176 
177  //Test nobody, access to edit and details of notes should fail.
178  Yii::app()->user->userModel = $nobody;
179  $this->setGetArray(array('id' => $note->id));
180  $this->resetPostArray();
181  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
182  $this->setGetArray(array('id' => $note->id));
183  $this->resetPostArray();
184  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
185  $this->setGetArray(array('id' => $note->id));
186  $this->resetPostArray();
187  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
188 
189  //give nobody access to details view only
190  Yii::app()->user->userModel = $super;
191  $note->addPermissions($nobody, Permission::READ);
192  $this->assertTrue($note->save());
194 
195  //Now access to notes view by Nobody should not fail.
196  Yii::app()->user->userModel = $nobody;
197  $this->setGetArray(array('id' => $note->id));
198  $this->resetPostArray();
199  $this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
200 
201  //Now access to notes edit and delete by Nobody should fail
202  $this->setGetArray(array('id' => $note->id));
203  $this->resetPostArray();
204  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
205  $this->setGetArray(array('id' => $note->id));
206  $this->resetPostArray();
207  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
208 
209  //give nobody access to both details and edit view
210  Yii::app()->user->userModel = $super;
211  $note->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
212  $this->assertTrue($note->save());
215 
216  //Now access to notes view and edit by Nobody should not fail.
217  Yii::app()->user->userModel = $nobody;
218  $this->setGetArray(array('id' => $note->id));
219  $this->resetPostArray();
220  $this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
221  $this->setGetArray(array('id' => $note->id));
222  $this->resetPostArray();
223  $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
224 
225  //Now access to notes delete by Nobody should fail
226  $this->setGetArray(array('id' => $note->id));
227  $this->resetPostArray();
228  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
229 
230  //revoke the permission from the nobody user to access the note
231  Yii::app()->user->userModel = $super;
232  $note->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
233  $this->assertTrue($note->save());
235 
236  //Now nobodys, access to edit, details and delete of notes should fail.
237  Yii::app()->user->userModel = $nobody;
238  $this->setGetArray(array('id' => $note->id));
239  $this->resetPostArray();
240  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
241  $this->setGetArray(array('id' => $note->id));
242  $this->resetPostArray();
243  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
244  $this->setGetArray(array('id' => $note->id));
245  $this->resetPostArray();
246  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
247 
248  //give nobody access to details, edit and delete view
249  Yii::app()->user->userModel = $super;
250  $note->addPermissions($nobody, Permission::READ_WRITE_DELETE);
251  $this->assertTrue($note->save());
253 
254  //Now nobodys, access to delete of notes should not fail.
255  Yii::app()->user->userModel = $nobody;
256  $this->setGetArray(array('id' => $note->id));
257  $this->resetPostArray();
258  $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
259 
260  //create some roles
261  Yii::app()->user->userModel = $super;
262  $parentRole = new Role();
263  $parentRole->name = 'AAA';
264  $this->assertTrue($parentRole->save());
265 
266  $childRole = new Role();
267  $childRole->name = 'BBB';
268  $this->assertTrue($childRole->save());
269 
270  $userInParentRole = User::getByUsername('confused');
271  $userInChildRole = User::getByUsername('nobody');
272 
273  $childRole->users->add($userInChildRole);
274  $this->assertTrue($childRole->save());
275  $parentRole->users->add($userInParentRole);
276  $parentRole->roles->add($childRole);
277  $this->assertTrue($parentRole->save());
278  $userInChildRole->forget();
279  $userInChildRole = User::getByUsername('nobody');
280  $userInParentRole->forget();
281  $userInParentRole = User::getByUsername('confused');
282  $parentRoleId = $parentRole->id;
283  $parentRole->forget();
284  $parentRole = Role::getById($parentRoleId);
285  $childRoleId = $childRole->id;
286  $childRole->forget();
287  $childRole = Role::getById($childRoleId);
288 
289  //create account owned by super
290  $account2 = AccountTestHelper::createAccountByNameForOwner('AccountsParentRolePermission', $super);
291 
292  //Test userInParentRole, access to details and edit should fail.
293  Yii::app()->user->userModel = $userInParentRole;
294  $this->setGetArray(array('id' => $account2->id));
295  $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
296 
297  //give userInChildRole access to READ
298  Yii::app()->user->userModel = $super;
299  $account2->addPermissions($userInChildRole, Permission::READ);
300  $this->assertTrue($account2->save());
302 
303  //Test userInChildRole, access to details should not fail.
304  Yii::app()->user->userModel = $userInChildRole;
305  $this->setGetArray(array('id' => $account2->id));
306  $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
307 
308  //Test userInParentRole, access to details should not fail.
309  Yii::app()->user->userModel = $userInParentRole;
310  $this->setGetArray(array('id' => $account2->id));
311  $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
312 
313  //create a note owned by super
314  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
315  $note2 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForRole', $super, $account2);
316 
317  //Test userInChildRole, access to notes details, edit and delete should fail.
318  Yii::app()->user->userModel = $userInChildRole;
319  $this->setGetArray(array('id' => $note2->id));
320  $this->resetPostArray();
321  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
322  $this->setGetArray(array('id' => $note2->id));
323  $this->resetPostArray();
324  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
325  $this->setGetArray(array('id' => $note2->id));
326  $this->resetPostArray();
327  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
328 
329  //Test userInParentRole, access to notes details, edit and delete should fail.
330  Yii::app()->user->userModel = $userInParentRole;
331  $this->setGetArray(array('id' => $note2->id));
332  $this->resetPostArray();
333  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
334  $this->setGetArray(array('id' => $note2->id));
335  $this->resetPostArray();
336  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
337  $this->setGetArray(array('id' => $note2->id));
338  $this->resetPostArray();
339  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
340 
341  //give userInChildRole access to READ permision for notes
342  Yii::app()->user->userModel = $super;
343  $note2->addPermissions($userInChildRole, Permission::READ);
344  $this->assertTrue($note2->save());
346 
347  //Test userInChildRole, access to notes details should not fail.
348  Yii::app()->user->userModel = $userInChildRole;
349  $this->setGetArray(array('id' => $note2->id));
350  $this->resetPostArray();
351  $this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
352 
353  //Test userInChildRole, access to notes edit and delete should fail.
354  $this->setGetArray(array('id' => $note2->id));
355  $this->resetPostArray();
356  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
357  $this->setGetArray(array('id' => $note2->id));
358  $this->resetPostArray();
359  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
360 
361  //Test userInParentRole, access to notes details should not fail.
362  Yii::app()->user->userModel = $userInParentRole;
363  $this->setGetArray(array('id' => $note2->id));
364  $this->resetPostArray();
365  $this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
366 
367  //Test userInParentRole, access to notes edit and delete should fail.
368  $this->setGetArray(array('id' => $note2->id));
369  $this->resetPostArray();
370  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
371  $this->setGetArray(array('id' => $note2->id));
372  $this->resetPostArray();
373  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
374 
375  //give userInChildRole access to read and write for the notes
376  Yii::app()->user->userModel = $super;
377  $note2->addPermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
378  $this->assertTrue($note2->save());
381 
382  //Test userInChildRole, access to notes edit should not fail.
383  Yii::app()->user->userModel = $userInChildRole;
384  $this->setGetArray(array('id' => $note2->id));
385  $this->resetPostArray();
386  $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
387 
388  //Test userInChildRole, access to notes delete should fail.
389  $this->setGetArray(array('id' => $note2->id));
390  $this->resetPostArray();
391  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
392 
393  //Test userInParentRole, access to notes edit should not fail.
394  Yii::app()->user->userModel = $userInParentRole;
395  $this->setGetArray(array('id' => $note2->id));
396  $this->resetPostArray();
397  $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
398 
399  //Test userInParentRole, access to notes delete should fail.
400  $this->setGetArray(array('id' => $note2->id));
401  $this->resetPostArray();
402  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
403 
404  //revoke userInChildRole access to read and write notes
405  Yii::app()->user->userModel = $super;
406  $note2->removePermissions($userInChildRole, Permission::READ_WRITE_CHANGE_PERMISSIONS);
407  $this->assertTrue($note2->save());
409 
410  //Test userInChildRole, access to detail, edit and delete should fail.
411  Yii::app()->user->userModel = $userInChildRole;
412  $this->setGetArray(array('id' => $note2->id));
413  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
414  $this->setGetArray(array('id' => $note2->id));
415  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
416  $this->setGetArray(array('id' => $note2->id));
417  $this->resetPostArray();
418  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
419 
420  //Test userInParentRole, access to detail, edit and delete should fail.
421  Yii::app()->user->userModel = $userInParentRole;
422  $this->setGetArray(array('id' => $note2->id));
423  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
424  $this->setGetArray(array('id' => $note2->id));
425  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
426  $this->setGetArray(array('id' => $note2->id));
427  $this->resetPostArray();
428  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
429 
430  //give userInChildRole access to read, write and delete for the notes
431  Yii::app()->user->userModel = $super;
432  $note2->addPermissions($userInChildRole, Permission::READ_WRITE_DELETE);
433  $this->assertTrue($note2->save());
435 
436  //Test userInParentRole, access to delete should not fail.
437  Yii::app()->user->userModel = $userInParentRole;
438  $this->setGetArray(array('id' => $note2->id));
439  $this->resetPostArray();
440  $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
441 
442  //clear up the role relationships between users so not to effect next assertions
443  $parentRole->users->remove($userInParentRole);
444  $parentRole->roles->remove($childRole);
445  $this->assertTrue($parentRole->save());
446  $childRole->users->remove($userInChildRole);
447  $this->assertTrue($childRole->save());
448 
449  //create some groups and assign users to groups
450  Yii::app()->user->userModel = $super;
451  $parentGroup = new Group();
452  $parentGroup->name = 'AAA';
453  $this->assertTrue($parentGroup->save());
454 
455  $childGroup = new Group();
456  $childGroup->name = 'BBB';
457  $this->assertTrue($childGroup->save());
458 
459  $userInChildGroup = User::getByUsername('confused');
460  $userInParentGroup = User::getByUsername('nobody');
461 
462  $childGroup->users->add($userInChildGroup);
463  $this->assertTrue($childGroup->save());
464  $parentGroup->users->add($userInParentGroup);
465  $parentGroup->groups->add($childGroup);
466  $this->assertTrue($parentGroup->save());
467  $parentGroup->forget();
468  $childGroup->forget();
469  $parentGroup = Group::getByName('AAA');
470  $childGroup = Group::getByName('BBB');
471 
472  //Add access for the confused user to accounts and creation of accounts.
473  $userInChildGroup->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
474  $this->assertTrue($userInChildGroup->save());
475 
476  //create account owned by super
477  $account3 = AccountTestHelper::createAccountByNameForOwner('testingAccountsParentGroupPermission', $super);
478 
479  //Test userInParentGroup, access to details should fail.
480  Yii::app()->user->userModel = $userInParentGroup;
481  $this->setGetArray(array('id' => $account3->id));
482  $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
483 
484  //Test userInChildGroup, access to details should fail.
485  Yii::app()->user->userModel = $userInChildGroup;
486  $this->setGetArray(array('id' => $account3->id));
487  $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
488 
489  //give parentGroup access to READ
490  Yii::app()->user->userModel = $super;
491  $account3->addPermissions($parentGroup, Permission::READ);
492  $this->assertTrue($account3->save());
494 
495  //Test userInParentGroup, access to details should not fail.
496  Yii::app()->user->userModel = $userInParentGroup;
497  $this->setGetArray(array('id' => $account3->id));
498  $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
499 
500  //Test userInChildGroup, access to details should not fail.
501  Yii::app()->user->userModel = $userInChildGroup;
502  $this->setGetArray(array('id' => $account3->id));
503  $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
504 
505  //create a note owned by super
506  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
507  $note3 = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuperForGroup', $super, $account3);
508 
509  //Add access for the confused user to accounts and creation of accounts.
510  $userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_ACCESS_NOTES);
511  $userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_CREATE_NOTES);
512  $userInChildGroup->setRight('NotesModule', NotesModule::RIGHT_DELETE_NOTES);
513  $this->assertTrue($userInChildGroup->save());
514 
515  //Test userInParentGroup, access to notes details, edit and delete should fail.
516  Yii::app()->user->userModel = $userInParentGroup;
517  $this->setGetArray(array('id' => $note3->id));
518  $this->resetPostArray();
519  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
520  $this->setGetArray(array('id' => $note3->id));
521  $this->resetPostArray();
522  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
523  $this->setGetArray(array('id' => $note3->id));
524  $this->resetPostArray();
525  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
526 
527  //Test userInChildGroup, access to notes details, edit and delete should fail.
528  Yii::app()->user->userModel = $userInChildGroup;
529  $this->setGetArray(array('id' => $note3->id));
530  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
531  $this->setGetArray(array('id' => $note3->id));
532  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
533  $this->setGetArray(array('id' => $note3->id));
534  $this->resetPostArray();
535  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
536 
537  //give parentGroup access to READ
538  Yii::app()->user->userModel = $super;
539  $note3->addPermissions($parentGroup, Permission::READ);
540  $this->assertTrue($note3->save());
542 
543  //Test userInParentGroup, access to notes details should not fail.
544  Yii::app()->user->userModel = $userInParentGroup;
545  $this->setGetArray(array('id' => $note3->id));
546  $this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
547 
548  //Test userInParentGroup, access to notes edit and delete should fail.
549  $this->setGetArray(array('id' => $note3->id));
550  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
551  $this->setGetArray(array('id' => $note3->id));
552  $this->resetPostArray();
553  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
554 
555  //Test userInChildGroup, access to notes details should not fail.
556  Yii::app()->user->userModel = $userInChildGroup;
557  $this->setGetArray(array('id' => $note3->id));
558  $this->runControllerWithNoExceptionsAndGetContent('notes/default/details');
559 
560  //Test userInChildGroup, access to notes edit and delete should fail.
561  $this->setGetArray(array('id' => $note3->id));
562  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
563  $this->setGetArray(array('id' => $note3->id));
564  $this->resetPostArray();
565  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
566 
567  //give parentGroup access to read and write
568  Yii::app()->user->userModel = $super;
569  $note3->addPermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
570  $this->assertTrue($note3->save());
573 
574  //Test userInParentGroup, access to edit notes should not fail.
575  Yii::app()->user->userModel = $userInParentGroup;
576  $this->setGetArray(array('id' => $note3->id));
577  $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
578 
579  //Test userInParentGroup, access to notes delete should fail.
580  $this->setGetArray(array('id' => $note3->id));
581  $this->resetPostArray();
582  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
583 
584  //Test userInChildGroup, access to edit notes should not fail.
585  Yii::app()->user->userModel = $userInChildGroup;
586  $this->logoutCurrentUserLoginNewUserAndGetByUsername($userInChildGroup->username);
587  $this->setGetArray(array('id' => $note3->id));
588  $this->runControllerWithNoExceptionsAndGetContent('notes/default/edit');
589 
590  //Test userInChildGroup, access to notes delete should fail.
591  $this->setGetArray(array('id' => $note3->id));
592  $this->resetPostArray();
593  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
594 
595  //revoke parentGroup access to notes read and write
596  Yii::app()->user->userModel = $super;
597  $note3->removePermissions($parentGroup, Permission::READ_WRITE_CHANGE_PERMISSIONS);
598  $this->assertTrue($note3->save());
600 
601  //Test userInChildGroup, access to notes detail, edit and delete should fail.
602  Yii::app()->user->userModel = $userInChildGroup;
603  $this->setGetArray(array('id' => $note3->id));
604  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
605  $this->setGetArray(array('id' => $note3->id));
606  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
607  $this->setGetArray(array('id' => $note3->id));
608  $this->resetPostArray();
609  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
610 
611  //Test userInParentGroup, access to notes detail, edit and delete should fail.
612  Yii::app()->user->userModel = $userInParentGroup;
613  $this->setGetArray(array('id' => $note3->id));
614  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/details');
615  $this->setGetArray(array('id' => $note3->id));
616  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/edit');
617  $this->setGetArray(array('id' => $note3->id));
618  $this->resetPostArray();
619  $this->runControllerShouldResultInAccessFailureAndGetContent('notes/default/delete');
620 
621  //give parentGroup access to read, write and delete
622  Yii::app()->user->userModel = $super;
623  $note3->addPermissions($parentGroup, Permission::READ_WRITE_DELETE);
624  $this->assertTrue($note3->save());
626 
627  //Test userInChildGroup, access to notes delete should not fail.
628  Yii::app()->user->userModel = $userInChildGroup;
629  $this->setGetArray(array('id' => $note3->id));
630  $this->resetPostArray();
631  $this->runControllerWithRedirectExceptionAndGetContent('notes/default/delete');
632 
633  //clear up the role relationships between users so not to effect next assertions
634  $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
635  $userInParentGroup->forget();
636  $userInChildGroup->forget();
637  $childGroup->forget();
638  $parentGroup->forget();
639  $userInParentGroup = User::getByUsername('nobody');
640  $userInChildGroup = User::getByUsername('confused');
641  $childGroup = Group::getByName('BBB');
642  $parentGroup = Group::getByName('AAA');
643 
644  $parentGroup->users->remove($userInParentGroup);
645  $parentGroup->groups->remove($childGroup);
646  $this->assertTrue($parentGroup->save());
647  $childGroup->users->remove($userInChildGroup);
648  $this->assertTrue($childGroup->save());
649  }
650  }
651 ?>
static securableItemLostPermissionsForUser(SecurableItem $securableItem, User $user)
static securableItemGivenPermissionsForUser(SecurableItem $securableItem, User $user)
static securableItemLostReadPermissionsForUser(SecurableItem $securableItem, User $user)
Definition: Role.php:37
static getByUsername($username)
Definition: User.php:49
runControllerWithRedirectExceptionAndGetContent($route, $compareUrl=null, $compareUrlContains=false)
static securableItemLostReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
Definition: Group.php:37
static securableItemLostPermissionsForGroup(SecurableItem $securableItem, Group $group)
static getByName($name)
Definition: Group.php:57
static securableItemGivenReadPermissionsForUser(SecurableItem $securableItem, User $user)
static getById($id, $modelClassName=null)
logoutCurrentUserLoginNewUserAndGetByUsername($username)
runControllerWithNoExceptionsAndGetContent($route, $empty=false)
static securableItemGivenReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
static securableItemGivenPermissionsForGroup(SecurableItem $securableItem, Group $group)
Generated on Mon Jul 6 2020 07:10:35
Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.