本文整理汇总了PHP中AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser方法的典型用法代码示例。如果您正苦于以下问题:PHP AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser方法的具体用法?PHP AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser怎么用?PHP AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AllPermissionsOptimizationUtil
的用法示例。
在下文中一共展示了AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: setUpBeforeClass
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
SecurityTestHelper::createSuperAdmin();
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
AllPermissionsOptimizationUtil::rebuild();
//Add the nobody user to an account, but only read only.
$nobody = User::getByUsername('nobody');
$account = AccountTestHelper::createAccountByNameForOwner('superAccountReadableByNobody', Yii::app()->user->userModel);
$account->addPermissions($nobody, Permission::READ, Permission::ALLOW);
assert($account->save());
// Not Coding Standard
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $nobody);
//Give the nobody user rights to the accounts module.
$nobody->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$nobody->setRight('AccountsModule', AccountsModule::RIGHT_CREATE_ACCOUNTS);
assert($nobody->save());
// Not Coding Standard
$everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
assert($everyoneGroup->save());
// Not Coding Standard
$group1 = new Group();
$group1->name = 'Group1';
assert($group1->save());
// Not Coding Standard
}
示例2: setUpBeforeClass
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
SecurityTestHelper::createSuperAdmin();
Yii::app()->user->userModel = User::getByUsername('super');
AllPermissionsOptimizationUtil::rebuild();
SecurityTestHelper::createUsers();
$billy = User::getByUsername('billy');
EmailMessageTestHelper::createEmailAccount($billy);
$billy->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS);
$billy->setRight('ContactsModule', ContactsModule::RIGHT_CREATE_CONTACTS);
$billy->setRight('ContactsModule', ContactsModule::RIGHT_DELETE_CONTACTS);
assert($billy->save());
// Not Coding Standard
$contact = ContactTestHelper::createContactByNameForOwner('sally', Yii::app()->user->userModel);
$contact->primaryEmail = new Email();
$contact->primaryEmail->emailAddress = 'sally@zurmoland.com';
$contact->secondaryEmail->emailAddress = 'toMakeSureNoFreeze@works.com';
$contact->addPermissions($billy, Permission::READ);
$contact->addPermissions($billy, Permission::WRITE);
$contact->save();
$molly = ContactTestHelper::createContactByNameForOwner('molly', User::getByUsername('bobby'));
$molly->primaryEmail = new Email();
$molly->primaryEmail->emailAddress = 'molly@zurmoland.com';
$molly->secondaryEmail->emailAddress = 'toMakeSureNoFreeze@works.zur';
$molly->save();
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contact, $billy);
}
示例3: testRegularUserControllerActionsWithElevationToModels
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create superAccount owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
//Test nobody, access to details of superAccount should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$superAccount->addPermissions($nobody, Permission::READ);
$this->assertTrue($superAccount->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create meeting for an superAccount using the super user
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount);
//Test nobody, access to edit, details and delete of meeting should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to details view only
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody);
//Now access to meetings view by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Now access to meetings edit and delete by Nobody should fail
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
//Now access to meetings view and edit by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Now access to meetings delete by Nobody should fail
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//revoke the permission from the nobody user to access the meeting
Yii::app()->user->userModel = $super;
$meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody);
//Now nobodys, access to edit, details and delete of meetings should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
//Now nobodys, access to delete of meetings should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
//.........这里部分代码省略.........
示例4: testRegularUserControllerActionsWithElevationToModels
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create project owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super);
//Test nobody, access to edit and details should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
//give nobody access to read
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ);
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
//Test nobody, access to edit should fail.
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
$projectId = $project->id;
$project->forget();
$project = Project::getById($projectId);
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
//TODO :Its wierd that giving opportunity errors
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody);
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
$projectId = $project->id;
$project->forget();
$project = Project::getById($projectId);
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody);
//Test nobody, access to detail should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create project owned by super
$project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$project2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($project2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
//.........这里部分代码省略.........
示例5: testRegularUserControllerActionsWithElevationToModels
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create contact web form owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super);
//Test nobody, access to edit and details should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$contactWebForm->addPermissions($nobody, Permission::READ);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test nobody, access to edit should fail.
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm->id;
$contactWebForm->forget();
$contactWebForm = ContactWebForm::getById($contactWebFormId);
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody);
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm->id;
$contactWebForm->forget();
$contactWebForm = ContactWebForm::getById($contactWebFormId);
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
//Test nobody, access to detail should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create web form owned by super
$contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$contactWebForm2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($contactWebForm2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
//.........这里部分代码省略.........
示例6: testResolveElementForNonEditableRender
/**
* @depends testResolveElementForEditableRender
*/
public function testResolveElementForNonEditableRender()
{
$betty = User::getByUsername('betty');
$billy = User::getByUsername('billy');
$contactForBetty = ContactTestHelper::createContactByNameForOwner("betty's contact2", $betty);
$contactForBetty->account = AccountTestHelper::createAccountByNameForOwner('BillyCompany', $billy);
$this->assertTrue($contactForBetty->save());
$accountId = $contactForBetty->account->id;
$nullElementInformation = array('attributeName' => null, 'type' => 'Null');
//test non ModelElement, should pass through without modification.
$elementInformation = array('attributeName' => 'something', 'type' => 'Text');
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($elementInformation, $referenceElementInformation);
//test Acc ModelElement
//Betty will see a nullified Element because Betty cannot access read the related account
$elementInformation = array('attributeName' => 'account', 'type' => 'Account');
$noLinkElementInformation = array('attributeName' => 'account', 'type' => 'Account', 'noLink' => true);
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($nullElementInformation, $referenceElementInformation);
$this->assertEquals(Right::ALLOW, $betty->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS));
//Betty can see the account with a link, because she has been added for Permission::READ on the account.
//and she has access to the accounts tab.
$account = Account::getById($accountId);
$account->addPermissions($betty, Permission::READ);
$this->assertTrue($account->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $betty);
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($elementInformation, $referenceElementInformation);
//Removing Betty's access to the accounts tab means she will see the element, but without a link
$betty->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS, Right::DENY);
$this->assertTrue($betty->save());
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($noLinkElementInformation, $referenceElementInformation);
//Testing UserElement
$elementInformation = array('attributeName' => 'owner', 'type' => 'User');
$noLinkElementInformation = array('attributeName' => 'owner', 'type' => 'User', 'noLink' => true);
//Super can see related user picker link without a problem.
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, User::getByUsername('super'));
$this->assertEquals($elementInformation, $referenceElementInformation);
//Betty can also see related user name, but not a link.
$referenceElementInformation = $elementInformation;
$this->assertEquals(Right::DENY, $betty->getEffectiveRight('UsersModule', UsersModule::RIGHT_ACCESS_USERS));
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($noLinkElementInformation, $referenceElementInformation);
}
示例7: testResolveContactAndMetricsSummary
public function testResolveContactAndMetricsSummary()
{
//Test with super
$content = CampaignItemSummaryListViewColumnAdapter::resolveContactAndMetricsSummary($this->campaignItem);
$this->assertContains('test testson', $content);
//Betty dont have access to contact
$betty = User::getByUsername('betty');
Yii::app()->user->userModel = $betty;
$content = CampaignItemSummaryListViewColumnAdapter::resolveContactAndMetricsSummary($this->campaignItem);
$this->assertContains('You cannot see this contact due to limited access', $content);
//Giving betty access to contact
Yii::app()->user->userModel = User::getByUsername('super');
$this->contact->addPermissions($betty, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
$this->assertTrue($this->contact->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($this->contact, $betty);
//Forgetting campaignItem is needed because of commit - aeedffa06467
//Not entirely sure why this is the case though. It only affects tests when securityOptimization is false
$this->campaignItem->forgetAll();
$campaigns = Campaign::getAll();
$this->campaignItem = $campaigns[0]->campaignItems[0];
//Betty has now access to contact but not the emailMessage
Yii::app()->user->userModel = $betty;
$content = CampaignItemSummaryListViewColumnAdapter::resolveContactAndMetricsSummary($this->campaignItem);
$this->assertContains('You cannot see the performance metrics due to limited access', $content);
//Giving betty access to emailMessage
Yii::app()->user->userModel = User::getByUsername('super');
$emailMessage = $this->campaignItem->emailMessage;
$emailMessage->addPermissions($betty, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
$this->assertTrue($emailMessage->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($emailMessage, $betty);
//Betty has now access to contact and emailMessage
Yii::app()->user->userModel = $betty;
$content = CampaignItemSummaryListViewColumnAdapter::resolveContactAndMetricsSummary($this->campaignItem);
$this->assertContains('test testson', $content);
}
示例8: testRegularUserControllerActionsWithElevationToModels
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create lead owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super);
//Test nobody, access to edit, details and delete should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test nobody, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
//Now the nobody user should be able to access the edit view and still the details view
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test nobody, access to delete should fail.
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody);
//Test nobody, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read, write and delete
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
//now nobody should be able to delete a lead
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create lead owned by super
$lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super);
//Test userInChildRole, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
//.........这里部分代码省略.........
示例9: testDownloadDefaultControllerActions
/**
* Walkthrough test for synchronous download
*/
public function testDownloadDefaultControllerActions()
{
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$accounts = array();
for ($i = 0; $i < 2; $i++) {
$accounts[] = AccountTestHelper::createAccountByNameForOwner('superAccount' . $i, $super);
}
// Check if access is denied if user doesn't have access privileges at all to export actions
Yii::app()->user->userModel = User::getByUsername('nobody');
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
// Provide no ids and without selectALl options.
// This should be result with error and redirect to module page.
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/list');
$this->setGetArray(array('Account_page' => '1', 'export' => '', 'ajax' => '', 'selectAll' => '', 'selectedIds' => ''));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/export');
// Check if user have access to module action, but not to export action
//Now test peon with elevated rights to accounts
$nobody->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$nobody->setRight('AccountsModule', AccountsModule::RIGHT_CREATE_ACCOUNTS);
$nobody->setRight('AccountsModule', AccountsModule::RIGHT_DELETE_ACCOUNTS);
$nobody->setRight('ExportModule', ExportModule::RIGHT_ACCESS_EXPORT);
$this->assertTrue($nobody->save());
// Check if access is denied if user doesn't have access privileges at all to export actions
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
Yii::app()->user->userModel = User::getByUsername('nobody');
// Provide no ids and without selectALl options.
// This should be result with error and redirect to module page.
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/list');
$this->setGetArray(array('Account_page' => '1', 'export' => '', 'ajax' => '', 'selectAll' => '', 'selectedIds' => ''));
$response = $this->runControllerWithRedirectExceptionAndGetUrl('accounts/default/export');
$this->assertTrue(strstr($response, 'accounts/default/index') !== false);
$this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => 'superAccount', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'selectAll' => '1', 'selectedIds' => '', 'Account_page' => '1', 'export' => '', 'ajax' => ''));
$response = $this->runControllerWithRedirectExceptionAndGetUrl('accounts/default/export');
$this->assertTrue(strstr($response, 'accounts/default/index') !== false);
$this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => '', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'selectAll' => '', 'selectedIds' => "{$accounts[0]->id}, {$accounts[1]->id}", 'Account_page' => '1', 'export' => '', 'ajax' => ''));
$response = $this->runControllerWithRedirectExceptionAndGetUrl('accounts/default/export');
$this->assertTrue(strstr($response, 'accounts/default/index') !== false);
$this->assertContains('There is no data to export.', Yii::app()->user->getFlash('notification'));
//give nobody access to read and write
Yii::app()->user->userModel = $super;
foreach ($accounts as $account) {
$account->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $nobody);
$this->assertTrue($account->save());
}
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => '', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'selectAll' => '1', 'selectedIds' => '', 'Account_page' => '1', 'export' => '', 'ajax' => ''));
$response = $this->runControllerWithExitExceptionAndGetContent('accounts/default/export');
$this->assertEquals('Testing download.', $response);
$this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => '', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'selectAll' => '', 'selectedIds' => "{$accounts[0]->id}, {$accounts[1]->id}", 'Account_page' => '1', 'export' => '', 'ajax' => ''));
$response = $this->runControllerWithExitExceptionAndGetContent('accounts/default/export');
$this->assertEquals('Testing download.', $response);
// No matches
$this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => 'missingName', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'Account_page' => '1', 'selectAll' => '1', 'selectedIds' => '', 'export' => '', 'ajax' => ''));
$response = $this->runControllerWithRedirectExceptionAndGetUrl('accounts/default/export');
$this->assertTrue(strstr($response, 'accounts/default/index') !== false);
}
示例10: testGetGlobalSearchResultsByPartialTermWithRegularUserAndElevationStepsForRegularUser
/**
* @depends testGetGlobalSearchResultsByPartialTermUsingScope
*/
public function testGetGlobalSearchResultsByPartialTermWithRegularUserAndElevationStepsForRegularUser()
{
$super = User::getByUsername('super');
$jimmy = User::getByUsername('jimmy');
Yii::app()->user->userModel = $super;
//Jimmy does not have read access, so he should not be able to see any results.
$this->assertEquals(Right::DENY, $jimmy->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS));
$this->assertEquals(Right::DENY, $jimmy->getEffectiveRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS));
$this->assertEquals(Right::DENY, $jimmy->getEffectiveRight('OpportunitiesModule', OpportunitiesModule::RIGHT_ACCESS_OPPORTUNITIES));
Yii::app()->user->userModel = $jimmy;
$data = ModelAutoCompleteUtil::getGlobalSearchResultsByPartialTerm('animal', 5, Yii::app()->user->userModel);
$this->assertEquals(array(array('href' => '', 'label' => 'No Results Found', 'iconClass' => '')), $data);
//Give Jimmy access to the module, he still will not be able to see results.
Yii::app()->user->userModel = $super;
$jimmy->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$jimmy->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS);
$jimmy->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
$jimmy->setRight('OpportunitiesModule', OpportunitiesModule::RIGHT_ACCESS_OPPORTUNITIES);
$this->assertTrue($jimmy->save());
Yii::app()->user->userModel = $jimmy;
$data = ModelAutoCompleteUtil::getGlobalSearchResultsByPartialTerm('animal', 5, Yii::app()->user->userModel);
$this->assertEquals(array(array('href' => '', 'label' => 'No Results Found', 'iconClass' => '')), $data);
//Give Jimmy read on 1 model. The search then should pick up this model.
Yii::app()->user->userModel = $super;
$accounts = Account::getByName('The Zoo');
$this->assertEquals(1, count($accounts));
$account = $accounts[0];
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions($jimmy));
$account->addPermissions($jimmy, Permission::READ);
$this->assertTrue($account->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $jimmy);
Yii::app()->user->userModel = $jimmy;
$data = ModelAutoCompleteUtil::getGlobalSearchResultsByPartialTerm('animal', 5, Yii::app()->user->userModel);
$this->assertEquals(1, count($data));
$this->assertEquals('The Zoo', $data[0]['label']);
//Give Jimmy read on 2 more models. The search then should pick up these models.
Yii::app()->user->userModel = $super;
$contacts = Contact::getByName('Big Elephant');
$this->assertEquals(1, count($contacts));
$contact = $contacts[0];
$this->assertEquals(Permission::NONE, $contact->getEffectivePermissions($jimmy));
$contact->addPermissions($jimmy, Permission::READ);
$this->assertTrue($contact->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contact, $jimmy);
$opportunities = Opportunity::getByName('Animal Crackers');
$this->assertEquals(1, count($opportunities));
$opportunity = $opportunities[0];
$this->assertEquals(Permission::NONE, $opportunity->getEffectivePermissions($jimmy));
$opportunity->addPermissions($jimmy, Permission::READ);
$this->assertTrue($opportunity->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($opportunity, $jimmy);
Yii::app()->user->userModel = $jimmy;
$data = ModelAutoCompleteUtil::getGlobalSearchResultsByPartialTerm('animal', 5, Yii::app()->user->userModel);
$this->assertEquals(3, count($data));
$this->assertEquals('The Zoo', $data[0]['label']);
$this->assertEquals('Big Elephant', $data[1]['label']);
$this->assertEquals('Animal Crackers', $data[2]['label']);
}
示例11: testAddAndRemoveKanbanSubscriberViaAjaxWithNormalUser
public function testAddAndRemoveKanbanSubscriberViaAjaxWithNormalUser()
{
//Adk Jason as why permission error is coming up here
$myuser = $this->logoutCurrentUserLoginNewUserAndGetByUsername('myuser');
$task = new Task();
$task->name = 'NewKanbanSubscriberTask';
$task->owner = $myuser;
$task->requestedByUser = self::$sally;
$this->assertTrue($task->save());
$this->setGetArray(array('id' => $task->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/removeKanbanSubscriber');
$this->setGetArray(array('id' => $task->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/addKanbanSubscriber');
//Now test peon with elevated rights to accounts
$myuser->setRight('TasksModule', TasksModule::RIGHT_ACCESS_TASKS);
$myuser->setRight('TasksModule', TasksModule::RIGHT_CREATE_TASKS);
$myuser->setRight('TasksModule', TasksModule::RIGHT_DELETE_TASKS);
$this->assertTrue($myuser->save());
$task->addPermissions($myuser, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($task->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($task, $myuser);
//Test nobody with elevated rights.
Yii::app()->user->userModel = User::getByUsername('myuser');
$this->setGetArray(array('id' => $task->id));
$content = $this->runControllerWithNoExceptionsAndGetContent('tasks/default/removeKanbanSubscriber', false);
$this->assertContains($myuser->getFullName(), $content);
$this->assertEquals(2, $task->notificationSubscribers->count());
//Now super user would be added as a subscriber as he becomes the owner
$task->owner = self::$super;
$this->assertTrue($task->save());
$content = $this->runControllerWithNoExceptionsAndGetContent('tasks/default/removeKanbanSubscriber', false);
$this->assertNotContains($myuser->getFullName(), $content);
$this->assertEquals(2, $task->notificationSubscribers->count());
$isMyUserFound = $this->checkIfUserFoundInSubscribersList($task, $myuser->id);
$this->assertFalse($isMyUserFound);
$content = $this->runControllerWithNoExceptionsAndGetContent('tasks/default/addKanbanSubscriber', false);
$this->assertContains($myuser->getFullName(), $content);
$this->assertEquals(3, $task->notificationSubscribers->count());
$isMyUserFound = $this->checkIfUserFoundInSubscribersList($task, $myuser->id);
$this->assertTrue($isMyUserFound);
}
示例12: resolveExplicitReadWriteModelPermissions
/**
* Given a SecurableItem, add and remove permissions
* based on what the provided ExplicitReadWriteModelPermissions indicates should be done.
* Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user
* can effectively add permissions even if the current user is no longer the owner.
* @param SecurableItem $securableItem
* @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions
* @param bool $validate
* @return bool|void
* @throws NotSupportedException
*/
public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate = false)
{
assert('$securableItem->id > 0');
$optimizeReadPermissions = $securableItem::hasReadPermissionsOptimization();
$securableItem->setTreatCurrentUserAsOwnerForPermissions(true);
$saveSecurableItem = false;
if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) {
if ($securableItem->addPermissions($permitable, Permission::READ) && $optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) {
if ($securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER) && $optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) {
$securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW);
if ($optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) {
$securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW);
if ($optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($saveSecurableItem) {
$setBackToProcess = false;
if ($securableItem->shouldProcessWorkflowOnSave()) {
$securableItem->setDoNotProcessWorkflowOnSave();
$setBackToProcess = true;
}
$saved = $securableItem->save($validate);
if ($setBackToProcess) {
$securableItem->setProcessWorkflowOnSave();
}
$securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
return $saved;
}
$securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
return true;
}
示例13: testAUserCanDeleteANoteNotOwnedButHasExplicitDeletePermission
/**
* @depends testNobodyCanReadWriteDeleteAndStrValOfNoteFunctionsCorrectly
*/
public function testAUserCanDeleteANoteNotOwnedButHasExplicitDeletePermission()
{
//Create superAccount owned by user super.
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$superAccount = AccountTestHelper::createAccountByNameForOwner('AccountTest', $super);
//create a nobody user
$nobody = User::getByUsername('nobody');
//create note for an superAccount using the super user
$note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount);
//give nobody access to both details, edit and delete view in order to check the delete of a note
Yii::app()->user->userModel = User::getByUsername('super');
$nobody->forget();
$nobody = User::getByUsername('nobody');
$note->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($note->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody);
Yii::app()->user->userModel = User::getByUsername('nobody');
$noteId = $note->id;
$note->forget();
$note = Note::getById($noteId);
$note->delete();
}
示例14: testSecurityExceptions
public function testSecurityExceptions()
{
try {
$superAdmin = User::getByUsername('super');
$originalOwner = User::getByUsername('betty');
$buddy = User::getByUsername('bernice');
$pleb = User::getByUsername('brian');
Yii::app()->user->userModel = $superAdmin;
$account = new Account();
$account->name = 'Dooble & Co';
$account->owner = $originalOwner;
$this->assertTrue($account->save());
// READ - owner can read, pleb can't.
Yii::app()->user->userModel = $originalOwner;
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions());
$this->assertEquals('Dooble & Co', $account->name);
Yii::app()->user->userModel = $pleb;
try {
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
$name = $account->name;
$this->fail();
} catch (AccessDeniedSecurityException $e) {
$this->assertTrue($e->user->isSame($pleb));
$this->assertEquals(Permission::READ, $e->requiredPermissions);
$this->assertEquals(Permission::NONE, $e->effectivePermissions);
}
// WRITE - owner can write, pleb can't.
Yii::app()->user->userModel = $originalOwner;
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions());
$account->name = 'Booble & Sons';
$this->assertTrue($account->save());
$this->assertEquals('Booble & Sons', $account->name);
Yii::app()->user->userModel = $pleb;
try {
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
$account->name = 'Google & Mums';
$this->fail();
} catch (AccessDeniedSecurityException $e) {
$this->assertTrue($e->user->isSame($pleb));
$this->assertEquals(Permission::WRITE, $e->requiredPermissions);
$this->assertEquals(Permission::NONE, $e->effectivePermissions);
}
// PERMISSIONS - owner can give permissions to and remove
// permissions from buddy, pleb can't change permissions.
Yii::app()->user->userModel = $originalOwner;
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions());
$account->addPermissions($buddy, Permission::READ);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $buddy);
$this->assertTrue($account->save());
Yii::app()->user->userModel = $buddy;
$this->assertEquals(Permission::READ, $account->getEffectivePermissions());
$this->assertEquals('Booble & Sons', $account->name);
Yii::app()->user->userModel = $pleb;
try {
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
$account->addPermissions($pleb, Permission::ALL);
$this->fail();
} catch (AccessDeniedSecurityException $e) {
$this->assertTrue($e->user->isSame($pleb));
$this->assertEquals(Permission::CHANGE_PERMISSIONS, $e->requiredPermissions);
$this->assertEquals(Permission::NONE, $e->effectivePermissions);
}
Yii::app()->user->userModel = $originalOwner;
$account->removePermissions($buddy, Permission::READ, Permission::ALLOW_DENY);
$this->assertTrue($account->save());
// CHANGE_OWNER - owner gives the account to his buddy,
// pleb can't change the owner.
Yii::app()->user->userModel = $originalOwner;
$this->assertEquals(Permission::ALL, $account->getEffectivePermissions());
$account->owner = $buddy;
$this->assertTrue($account->save());
Yii::app()->user->userModel = $pleb;
try {
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
$account->owner = $pleb;
$this->fail();
} catch (AccessDeniedSecurityException $e) {
$this->assertTrue($e->user->isSame($pleb));
$this->assertEquals(Permission::CHANGE_OWNER, $e->requiredPermissions);
$this->assertEquals(Permission::NONE, $e->effectivePermissions);
}
// DELETE - pleb can't delete, the original
// owner can't either, the new owner deletes it.
Yii::app()->user->userModel = $pleb;
try {
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
$account->delete();
$this->fail();
} catch (AccessDeniedSecurityException $e) {
$this->assertTrue($e->user->isSame($pleb));
$this->assertEquals(Permission::DELETE, $e->requiredPermissions);
$this->assertEquals(Permission::NONE, $e->effectivePermissions);
}
Yii::app()->user->userModel = $originalOwner;
try {
$this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
$account->delete();
$this->fail();
} catch (AccessDeniedSecurityException $e) {
$this->assertTrue($e->user->isSame($originalOwner));
//.........这里部分代码省略.........