All Data Structures Functions Variables Pages
RightTest.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
37  class RightTest extends ZurmoBaseTest
38  {
39  public static function setUpBeforeClass()
40  {
41  parent::setUpBeforeClass();
42  ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures();
43  SecurityTestHelper::createSuperAdmin();
44  SecurityTestHelper::createUsers();
45  SecurityTestHelper::createGroups();
46  SecurityTestHelper::createRoles();
47  //Forget the cache, otherwise user/role/group information is not properly reflected in the cache.
49  }
50 
51  public function setUp()
52  {
53  parent::setUp();
54  Yii::app()->user->userModel = User::getByUsername('super');
55  }
56 
57  public function testStringify()
58  {
59  $right = new Right();
60  $right->moduleName = 'UsersModule';
61  $right->type = Right::ALLOW;
62  $right->name = UsersModule::RIGHT_MANAGE_USERS;
63  $this->assertEquals('Allow:Manage Users', strval($right));
64  $right->type = Right::DENY;
65  $this->assertEquals('Deny:Manage Users', strval($right));
66  }
67 
68  public function testInfiniteRecursionDoesntHappen()
69  {
70  // The problem was caused because MANY to MANY
71  // relations infinitely trying to get each others'
72  // errors.
73  $bill = User::getByUsername('billy');
74  $bill->validate(); // Ok.
75  $bill->groups;
76  $bill->validate(); // Did Boom! Not now though.
77  }
78 
79  public function testSetRights()
80  {
81  $nerd = User::getByUsername('billy');
82  $salesman = User::getByUsername('bobby');
83  $salesStaff = Group::getByName('Sales Staff');
84  $everyone = Group::getByName(Group::EVERYONE_GROUP_NAME);
85 
86  // Save everyone so that the same one will be used by
87  // the security classes - because it is cached.
88  $this->assertTrue($everyone->save());
89 
90  $this->assertEquals(Right::DENY, $nerd ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
91  $this->assertEquals(Right::DENY, $salesman ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
92  $this->assertEquals(Right::DENY, $salesStaff->getEffectiveRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
93  $this->assertEquals(Right::DENY, $everyone ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
94 
95  $this->assertEquals(Right::NONE, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
96  $this->assertEquals(Right::NONE, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
97  $this->assertEquals(Right::NONE, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
98  $salesman->setRight('UsersModule', UsersModule::RIGHT_MANAGE_USERS);
99  $this->assertTrue($salesman->save());
100  $this->assertEquals(Right::ALLOW, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
101  $this->assertEquals(Right::ALLOW, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
102  $this->assertEquals(Right::NONE, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
103 
104  $this->assertEquals(Right::DENY, $nerd ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
105  $this->assertEquals(Right::ALLOW, $salesman ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
106  $this->assertEquals(Right::DENY, $salesStaff->getEffectiveRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
107  $this->assertEquals(Right::DENY, $everyone ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_MANAGE_USERS));
108 
109  $this->assertEquals(Right::NONE, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
110  $this->assertEquals(Right::NONE, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
111  $this->assertEquals(Right::NONE, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
112  $salesStaff->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE);
113  $this->assertTrue($salesStaff->save());
114  $this->assertEquals(Right::ALLOW, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
115  $this->assertEquals(Right::NONE, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
116  $this->assertEquals(Right::ALLOW, $salesStaff->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
117  $this->assertEquals(Right::NONE, $everyone ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
118  $this->assertEquals(Right::ALLOW, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
119 
120  $this->assertEquals(Right::DENY, $nerd ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
121  $this->assertEquals(Right::ALLOW, $salesman ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
122  $this->assertEquals(Right::ALLOW, $salesStaff->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
123  $this->assertEquals(Right::DENY, $everyone ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
124 
125  $this->assertEquals(Right::ALLOW, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
126  $this->assertEquals(Right::NONE, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
127  $this->assertEquals(Right::ALLOW, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
128  $salesman->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE, Right::DENY);
129  $this->assertTrue($salesman->save());
130  $this->assertEquals(Right::DENY, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
131  $this->assertEquals(Right::DENY, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
132  $this->assertEquals(Right::ALLOW, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
133 
134  $this->assertEquals(Right::DENY, $nerd ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
135  $this->assertEquals(Right::DENY, $salesman ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
136  $this->assertEquals(Right::ALLOW, $salesStaff->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
137  $this->assertEquals(Right::DENY, $everyone ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
138 
139  $this->assertEquals(Right::NONE, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
140  $this->assertEquals(Right::NONE, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
141  $this->assertEquals(Right::NONE, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
142  $everyone->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
143  $this->assertTrue($everyone->save());
144  $this->assertEquals(Right::ALLOW, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
145  $this->assertEquals(Right::NONE, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
146  $this->assertEquals(Right::ALLOW, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
147 
148  $this->assertEquals(Right::ALLOW, $nerd ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
149  $this->assertEquals(Right::ALLOW, $salesman ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
150  $this->assertEquals(Right::ALLOW, $salesStaff->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
151  $this->assertEquals(Right::ALLOW, $everyone ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
152 
153  $this->assertEquals(Right::ALLOW, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
154  $this->assertEquals(Right::NONE, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
155  $this->assertEquals(Right::ALLOW, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
156  $salesman->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
157  $this->assertTrue($salesman->save());
158  $this->assertEquals(Right::DENY, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
159  $this->assertEquals(Right::DENY, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
160  $this->assertEquals(Right::ALLOW, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
161 
162  $this->assertEquals(Right::ALLOW, $nerd ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
163  $this->assertEquals(Right::DENY, $salesman ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
164  $this->assertEquals(Right::ALLOW, $salesStaff->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
165  $this->assertEquals(Right::ALLOW, $everyone ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
166 
167  $this->assertEquals(Right::DENY, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
168  $this->assertEquals(Right::DENY, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
169  $this->assertEquals(Right::ALLOW, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
170  $salesman->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
171  $this->assertTrue($salesman->save());
172  $this->assertEquals(Right::ALLOW, $salesman ->getActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
173  $this->assertEquals(Right::NONE, $salesman ->getExplicitActualRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
174  $this->assertEquals(Right::ALLOW, $salesman ->getInheritedActualRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
175 
176  $this->assertEquals(Right::ALLOW, $nerd ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
177  $this->assertEquals(Right::ALLOW, $salesman ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
178  $this->assertEquals(Right::ALLOW, $salesStaff->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
179  $this->assertEquals(Right::ALLOW, $everyone ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
180  }
181 
185  public function testRemoveRights()
186  {
187  $nerd = User::getByUsername('billy');
188  $salesman = User::getByUsername('bobby');
189  $salesStaff = Group::getByName('Sales Staff');
190  $everyone = Group::getByName(Group::EVERYONE_GROUP_NAME);
191 
192  $salesStaff->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE);
193  $this->assertTrue($salesStaff->save());
194  $this->assertEquals(Right::DENY, $nerd ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
195  $this->assertEquals(Right::DENY, $salesman ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
196  $this->assertEquals(Right::DENY, $salesStaff->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
197  $this->assertEquals(Right::DENY, $everyone ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE));
198 
199  $this->assertEquals(Right::ALLOW, $nerd ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
200  $this->assertEquals(Right::ALLOW, $salesman ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
201  $this->assertEquals(Right::ALLOW, $salesStaff->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
202  $this->assertEquals(Right::ALLOW, $everyone ->getEffectiveRight ('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
203 
204  $nerd ->forget();
205  $salesman ->forget();
206  $salesStaff->forget();
207  $everyone ->forget();
208  unset($nerd);
209  unset($salesman);
210  unset($salesStaff);
211  unset($everyone);
212 
214  //Clear the cache since the method above removeAll calls directly to the database.
215  RightsCache::forgetAll();
216 
217  $nerd = User::getByUsername('billy');
218  $salesman = User::getByUsername('bobby');
219  $salesStaff = Group::getByName('Sales Staff');
220  $everyone = Group::getByName(Group::EVERYONE_GROUP_NAME);
221 
222  $this->assertEquals(Right::DENY, $nerd ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
223  $this->assertEquals(Right::DENY, $salesman ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
224  $this->assertEquals(Right::DENY, $salesStaff->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
225  $this->assertEquals(Right::DENY, $everyone ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
226  }
227 
228  public function testRightsPropagationViaRoles()
229  {
230  $parentRole = Role::getByName('Sales Manager');
231  $childRole = Role::getByName('Sales Person');
232  $childChildRole = Role::getByName('Junior Sales Person');
233 
234  $userInParentRole = $parentRole ->users[0];
235  $userInChildRole = $childRole ->users[0];
236  $userInChildChildRole = $childChildRole->users[0];
237 
238  $this->assertEquals(Right::DENY, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
239  $this->assertEquals(Right::DENY, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
240  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
241 
242  $userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
243  $this->assertTrue($userInChildRole->save());
244  $this->assertEquals(Right::ALLOW, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
245  $this->assertEquals(Right::ALLOW, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
246  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
247 
248  $userInParentRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
249  $this->assertTrue($userInParentRole->save());
250  $this->assertEquals(Right::ALLOW, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
251  $this->assertEquals(Right::DENY, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
252  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
253 
254  $userInParentRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
255  $this->assertTrue($userInParentRole->save());
256  $this->assertEquals(Right::ALLOW, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
257  $this->assertEquals(Right::ALLOW, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
258  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
259 
260  $userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
261  $this->assertTrue($userInChildRole->save());
262  $this->assertEquals(Right::DENY, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
263  $this->assertEquals(Right::DENY, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
264  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
265 
266  $userInParentRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
267  $this->assertTrue($userInParentRole->save());
268  $this->assertEquals(Right::DENY, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
269  $this->assertEquals(Right::ALLOW, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
270  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
271 
272  $userInParentRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
273  $this->assertTrue($userInParentRole->save());
274  $this->assertEquals(Right::DENY, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
275  $this->assertEquals(Right::DENY, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
276  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
277 
278  $userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
279  $this->assertTrue($userInChildRole->save());
280  $this->assertEquals(Right::ALLOW, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
281  $this->assertEquals(Right::ALLOW, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
282  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
283 
284  $userInChildRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
285  $this->assertTrue($userInChildRole->save());
286  $this->assertEquals(Right::DENY, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
287  $this->assertEquals(Right::DENY, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
288  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
289 
290  $userInChildChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
291  $this->assertTrue($userInChildChildRole->save());
292  $this->assertEquals(Right::ALLOW, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
293  $this->assertEquals(Right::ALLOW, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
294  $this->assertEquals(Right::ALLOW, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
295 
297  //Clear the cache since the method above removeAll calls directly to the database.
298  RightsCache::forgetAll();
299 
300  $userInParentRoleId = $userInParentRole ->id;
301  $userInChildRoleId = $userInChildRole ->id;
302  $userInChildChildRoleId = $userInChildChildRole->id;
304  unset($userInParentRole);
305  unset($userInChildRole);
306  unset($userInChildChildRole);
307 
308  $userInParentRole = User::getById($userInParentRoleId);
309  $userInChildRole = User::getById($userInChildRoleId);
310  $userInChildChildRole = User::getById($userInChildChildRoleId);
311 
312  $this->assertEquals(Right::DENY, $userInParentRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
313  $this->assertEquals(Right::DENY, $userInChildRole ->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
314  $this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
315  }
316 
317  public function testRightsInVariousModules()
318  {
319  $nerd = User::getByUsername('billy');
320  $nerd->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS, Right::ALLOW);
321  $nerd->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS, Right::ALLOW);
322  $nerd->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS, Right::DENY);
323  $nerd->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB, Right::ALLOW);
324  $nerd->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::ALLOW);
325  $this->assertTrue($nerd->save());
326 
327  $this->assertEquals(Right::ALLOW, $nerd->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS));
328  $this->assertEquals(Right::ALLOW, $nerd->getEffectiveRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS));
329  $this->assertEquals(Right::DENY, $nerd->getEffectiveRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS));
330  $this->assertEquals(Right::ALLOW, $nerd->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
331  $this->assertEquals(Right::ALLOW, $nerd->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
332  }
333  }
334 ?>
static getByUsername($username)
Definition: User.php:49
static forgetAll()
testRemoveRights()
Definition: RightTest.php:185
static getByName($name)
Definition: Role.php:45
static getByName($name)
Definition: Group.php:57
static deleteAll()
static getById($id, $modelClassName=null)
Definition: Right.php:37
Generated on Sun Feb 16 2020 07:10:30