当前位置: 首页>>代码示例>>PHP>>正文


PHP AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser方法代码示例

本文整理汇总了PHP中AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser方法的典型用法代码示例。如果您正苦于以下问题:PHP AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser方法的具体用法?PHP AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser怎么用?PHP AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在AllPermissionsOptimizationUtil的用法示例。


在下文中一共展示了AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: setUpBeforeClass

 public static function setUpBeforeClass()
 {
     parent::setUpBeforeClass();
     SecurityTestHelper::createSuperAdmin();
     $super = User::getByUsername('super');
     Yii::app()->user->userModel = $super;
     AllPermissionsOptimizationUtil::rebuild();
     //Add the nobody user to an account, but only read only.
     $nobody = User::getByUsername('nobody');
     $account = AccountTestHelper::createAccountByNameForOwner('superAccountReadableByNobody', Yii::app()->user->userModel);
     $account->addPermissions($nobody, Permission::READ, Permission::ALLOW);
     assert($account->save());
     // Not Coding Standard
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $nobody);
     //Give the nobody user rights to the accounts module.
     $nobody->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
     $nobody->setRight('AccountsModule', AccountsModule::RIGHT_CREATE_ACCOUNTS);
     assert($nobody->save());
     // Not Coding Standard
     $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME);
     assert($everyoneGroup->save());
     // Not Coding Standard
     $group1 = new Group();
     $group1->name = 'Group1';
     assert($group1->save());
     // Not Coding Standard
 }
开发者ID:RamaKavanan,项目名称:InitialVersion,代码行数:27,代码来源:AccountPermissionsRegularUserWalkthroughTest.php

示例2: setUpBeforeClass

 public static function setUpBeforeClass()
 {
     parent::setUpBeforeClass();
     SecurityTestHelper::createSuperAdmin();
     Yii::app()->user->userModel = User::getByUsername('super');
     AllPermissionsOptimizationUtil::rebuild();
     SecurityTestHelper::createUsers();
     $billy = User::getByUsername('billy');
     EmailMessageTestHelper::createEmailAccount($billy);
     $billy->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS);
     $billy->setRight('ContactsModule', ContactsModule::RIGHT_CREATE_CONTACTS);
     $billy->setRight('ContactsModule', ContactsModule::RIGHT_DELETE_CONTACTS);
     assert($billy->save());
     // Not Coding Standard
     $contact = ContactTestHelper::createContactByNameForOwner('sally', Yii::app()->user->userModel);
     $contact->primaryEmail = new Email();
     $contact->primaryEmail->emailAddress = 'sally@zurmoland.com';
     $contact->secondaryEmail->emailAddress = 'toMakeSureNoFreeze@works.com';
     $contact->addPermissions($billy, Permission::READ);
     $contact->addPermissions($billy, Permission::WRITE);
     $contact->save();
     $molly = ContactTestHelper::createContactByNameForOwner('molly', User::getByUsername('bobby'));
     $molly->primaryEmail = new Email();
     $molly->primaryEmail->emailAddress = 'molly@zurmoland.com';
     $molly->secondaryEmail->emailAddress = 'toMakeSureNoFreeze@works.zur';
     $molly->save();
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contact, $billy);
 }
开发者ID:maruthisivaprasad,项目名称:zurmo,代码行数:28,代码来源:EmailMessageUtilTest.php

示例3: testRegularUserControllerActionsWithElevationToModels

 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create superAccount owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
     //Test nobody, access to details of superAccount should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $superAccount->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $superAccount->addPermissions($nobody, Permission::READ);
     $this->assertTrue($superAccount->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $superAccount->id));
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
     //create meeting for an superAccount using the super user
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount);
     //Test nobody, access to edit, details and delete of meeting should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to details view only
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody);
     //Now access to meetings view by Nobody should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     //Now access to meetings edit and delete by Nobody should fail
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to both details and edit view
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
     //Now access to meetings view and edit by Nobody should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
     //Now access to meetings delete by Nobody should fail
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //revoke the permission from the nobody user to access the meeting
     Yii::app()->user->userModel = $super;
     $meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody);
     //Now nobodys, access to edit, details and delete of meetings should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
     //give nobody access to both details and edit view
     Yii::app()->user->userModel = $super;
     $meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE);
     $this->assertTrue($meeting->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
     //Now nobodys, access to delete of meetings should not fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $meeting->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
//.........这里部分代码省略.........
开发者ID:maruthisivaprasad,项目名称:zurmo,代码行数:101,代码来源:MeetingsRegularUserWalkthroughTest.php

示例4: testRegularUserControllerActionsWithElevationToModels

 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create project owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super);
     //Test nobody, access to edit and details should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ);
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     //Test nobody, access to edit should fail.
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
     $projectId = $project->id;
     $project->forget();
     $project = Project::getById($projectId);
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     //TODO :Its wierd that giving opportunity errors
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
     $projectId = $project->id;
     $project->forget();
     $project = Project::getById($projectId);
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
     $this->assertTrue($project->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody);
     //Test nobody, access to detail should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create project owned by super
     $project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
     $this->setGetArray(array('id' => $project2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $project2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($project2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
//.........这里部分代码省略.........
开发者ID:maruthisivaprasad,项目名称:zurmo,代码行数:101,代码来源:ProjectsRegularUserWalkthroughTest.php

示例5: testRegularUserControllerActionsWithElevationToModels

 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create contact web form owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super);
     //Test nobody, access to edit and details should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $contactWebForm->addPermissions($nobody, Permission::READ);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test nobody, access to edit should fail.
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm->id;
     $contactWebForm->forget();
     $contactWebForm = ContactWebForm::getById($contactWebFormId);
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
     $contactWebFormId = $contactWebForm->id;
     $contactWebForm->forget();
     $contactWebForm = ContactWebForm::getById($contactWebFormId);
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($contactWebForm->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
     //Test nobody, access to detail should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create web form owned by super
     $contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super);
     //Test userInParentRole, access to details and edit should fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
     //give userInChildRole access to READ
     Yii::app()->user->userModel = $super;
     $contactWebForm2->addPermissions($userInChildRole, Permission::READ);
     $this->assertTrue($contactWebForm2->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole);
     //Test userInChildRole, access to details should not fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
     $this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
     //Test userInParentRole, access to details should not fail.
     Yii::app()->user->userModel = $userInParentRole;
     $this->setGetArray(array('id' => $contactWebForm2->id));
//.........这里部分代码省略.........
开发者ID:maruthisivaprasad,项目名称:zurmo,代码行数:101,代码来源:ContactWebFormsRegularUserWalkthroughTest.php

示例6: testResolveElementForNonEditableRender

 /**
  * @depends testResolveElementForEditableRender
  */
 public function testResolveElementForNonEditableRender()
 {
     $betty = User::getByUsername('betty');
     $billy = User::getByUsername('billy');
     $contactForBetty = ContactTestHelper::createContactByNameForOwner("betty's contact2", $betty);
     $contactForBetty->account = AccountTestHelper::createAccountByNameForOwner('BillyCompany', $billy);
     $this->assertTrue($contactForBetty->save());
     $accountId = $contactForBetty->account->id;
     $nullElementInformation = array('attributeName' => null, 'type' => 'Null');
     //test non ModelElement, should pass through without modification.
     $elementInformation = array('attributeName' => 'something', 'type' => 'Text');
     $referenceElementInformation = $elementInformation;
     FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
     $this->assertEquals($elementInformation, $referenceElementInformation);
     //test Acc ModelElement
     //Betty will see a nullified Element because Betty cannot access read the related account
     $elementInformation = array('attributeName' => 'account', 'type' => 'Account');
     $noLinkElementInformation = array('attributeName' => 'account', 'type' => 'Account', 'noLink' => true);
     $referenceElementInformation = $elementInformation;
     FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
     $this->assertEquals($nullElementInformation, $referenceElementInformation);
     $this->assertEquals(Right::ALLOW, $betty->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS));
     //Betty can see the account with a link, because she has been added for Permission::READ on the account.
     //and she has access to the accounts tab.
     $account = Account::getById($accountId);
     $account->addPermissions($betty, Permission::READ);
     $this->assertTrue($account->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $betty);
     $referenceElementInformation = $elementInformation;
     FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
     $this->assertEquals($elementInformation, $referenceElementInformation);
     //Removing Betty's access to the accounts tab means she will see the element, but without a link
     $betty->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS, Right::DENY);
     $this->assertTrue($betty->save());
     $referenceElementInformation = $elementInformation;
     FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
     $this->assertEquals($noLinkElementInformation, $referenceElementInformation);
     //Testing UserElement
     $elementInformation = array('attributeName' => 'owner', 'type' => 'User');
     $noLinkElementInformation = array('attributeName' => 'owner', 'type' => 'User', 'noLink' => true);
     //Super can see related user picker link without a problem.
     $referenceElementInformation = $elementInformation;
     FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, User::getByUsername('super'));
     $this->assertEquals($elementInformation, $referenceElementInformation);
     //Betty can also see related user name, but not a link.
     $referenceElementInformation = $elementInformation;
     $this->assertEquals(Right::DENY, $betty->getEffectiveRight('UsersModule', UsersModule::RIGHT_ACCESS_USERS));
     FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
     $this->assertEquals($noLinkElementInformation, $referenceElementInformation);
 }
开发者ID:RamaKavanan,项目名称:InitialVersion,代码行数:53,代码来源:FormLayoutSecurityUtilTest.php

示例7: testResolveContactAndMetricsSummary

 public function testResolveContactAndMetricsSummary()
 {
     //Test with super
     $content = CampaignItemSummaryListViewColumnAdapter::resolveContactAndMetricsSummary($this->campaignItem);
     $this->assertContains('test testson', $content);
     //Betty dont have access to contact
     $betty = User::getByUsername('betty');
     Yii::app()->user->userModel = $betty;
     $content = CampaignItemSummaryListViewColumnAdapter::resolveContactAndMetricsSummary($this->campaignItem);
     $this->assertContains('You cannot see this contact due to limited access', $content);
     //Giving betty access to contact
     Yii::app()->user->userModel = User::getByUsername('super');
     $this->contact->addPermissions($betty, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
     $this->assertTrue($this->contact->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($this->contact, $betty);
     //Forgetting campaignItem is needed because of commit - aeedffa06467
     //Not entirely sure why this is the case though. It only affects tests when securityOptimization is false
     $this->campaignItem->forgetAll();
     $campaigns = Campaign::getAll();
     $this->campaignItem = $campaigns[0]->campaignItems[0];
     //Betty has now access to contact but not the emailMessage
     Yii::app()->user->userModel = $betty;
     $content = CampaignItemSummaryListViewColumnAdapter::resolveContactAndMetricsSummary($this->campaignItem);
     $this->assertContains('You cannot see the performance metrics due to limited access', $content);
     //Giving betty access to emailMessage
     Yii::app()->user->userModel = User::getByUsername('super');
     $emailMessage = $this->campaignItem->emailMessage;
     $emailMessage->addPermissions($betty, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
     $this->assertTrue($emailMessage->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($emailMessage, $betty);
     //Betty has now access to contact and emailMessage
     Yii::app()->user->userModel = $betty;
     $content = CampaignItemSummaryListViewColumnAdapter::resolveContactAndMetricsSummary($this->campaignItem);
     $this->assertContains('test testson', $content);
 }
开发者ID:RamaKavanan,项目名称:InitialVersion,代码行数:35,代码来源:CampaignItemSummaryListViewColumnAdapterTest.php

示例8: testRegularUserControllerActionsWithElevationToModels

 /**
  * @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
  */
 public function testRegularUserControllerActionsWithElevationToModels()
 {
     //Create lead owned by user super.
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super);
     //Test nobody, access to edit, details and delete should fail.
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody);
     //Now the nobody user can access the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     //Test nobody, access to edit and delete should fail.
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody);
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
     //Now the nobody user should be able to access the edit view and still the details view
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
     //Test nobody, access to delete should fail.
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //revoke nobody access to read
     Yii::app()->user->userModel = $super;
     $lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody);
     //Test nobody, access to detail, edit and delete should fail.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
     $this->setGetArray(array('id' => $lead->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
     //give nobody access to read, write and delete
     Yii::app()->user->userModel = $super;
     $lead->addPermissions($nobody, Permission::READ_WRITE_DELETE);
     $this->assertTrue($lead->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
     //now nobody should be able to delete a lead
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('id' => $lead->id));
     $this->resetPostArray();
     $this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
     //create some roles
     Yii::app()->user->userModel = $super;
     $parentRole = new Role();
     $parentRole->name = 'AAA';
     $this->assertTrue($parentRole->save());
     $childRole = new Role();
     $childRole->name = 'BBB';
     $this->assertTrue($childRole->save());
     $userInParentRole = User::getByUsername('confused');
     $userInChildRole = User::getByUsername('nobody');
     $childRole->users->add($userInChildRole);
     $this->assertTrue($childRole->save());
     $parentRole->users->add($userInParentRole);
     $parentRole->roles->add($childRole);
     $this->assertTrue($parentRole->save());
     $userInChildRole->forget();
     $userInChildRole = User::getByUsername('nobody');
     $userInParentRole->forget();
     $userInParentRole = User::getByUsername('confused');
     $parentRoleId = $parentRole->id;
     $parentRole->forget();
     $parentRole = Role::getById($parentRoleId);
     $childRoleId = $childRole->id;
     $childRole->forget();
     $childRole = Role::getById($childRoleId);
     //create lead owned by super
     $lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super);
     //Test userInChildRole, access to details, edit and delete should fail.
     Yii::app()->user->userModel = $userInChildRole;
     $this->setGetArray(array('id' => $lead2->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
     $this->setGetArray(array('id' => $lead2->id));
//.........这里部分代码省略.........
开发者ID:RamaKavanan,项目名称:InitialVersion,代码行数:101,代码来源:LeadsRegularUserWalkthroughTest.php

示例9: testDownloadDefaultControllerActions

 /**
  * Walkthrough test for synchronous download
  */
 public function testDownloadDefaultControllerActions()
 {
     $super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
     $accounts = array();
     for ($i = 0; $i < 2; $i++) {
         $accounts[] = AccountTestHelper::createAccountByNameForOwner('superAccount' . $i, $super);
     }
     // Check if access is denied if user doesn't have access privileges at all to export actions
     Yii::app()->user->userModel = User::getByUsername('nobody');
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     // Provide no ids and without selectALl options.
     // This should be result with error and redirect to module page.
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/list');
     $this->setGetArray(array('Account_page' => '1', 'export' => '', 'ajax' => '', 'selectAll' => '', 'selectedIds' => ''));
     $this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/export');
     // Check if user have access to module action, but not to export action
     //Now test peon with elevated rights to accounts
     $nobody->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
     $nobody->setRight('AccountsModule', AccountsModule::RIGHT_CREATE_ACCOUNTS);
     $nobody->setRight('AccountsModule', AccountsModule::RIGHT_DELETE_ACCOUNTS);
     $nobody->setRight('ExportModule', ExportModule::RIGHT_ACCESS_EXPORT);
     $this->assertTrue($nobody->save());
     // Check if access is denied if user doesn't have access privileges at all to export actions
     $nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
     Yii::app()->user->userModel = User::getByUsername('nobody');
     // Provide no ids and without selectALl options.
     // This should be result with error and redirect to module page.
     $this->runControllerWithNoExceptionsAndGetContent('accounts/default/list');
     $this->setGetArray(array('Account_page' => '1', 'export' => '', 'ajax' => '', 'selectAll' => '', 'selectedIds' => ''));
     $response = $this->runControllerWithRedirectExceptionAndGetUrl('accounts/default/export');
     $this->assertTrue(strstr($response, 'accounts/default/index') !== false);
     $this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => 'superAccount', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'selectAll' => '1', 'selectedIds' => '', 'Account_page' => '1', 'export' => '', 'ajax' => ''));
     $response = $this->runControllerWithRedirectExceptionAndGetUrl('accounts/default/export');
     $this->assertTrue(strstr($response, 'accounts/default/index') !== false);
     $this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => '', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'selectAll' => '', 'selectedIds' => "{$accounts[0]->id}, {$accounts[1]->id}", 'Account_page' => '1', 'export' => '', 'ajax' => ''));
     $response = $this->runControllerWithRedirectExceptionAndGetUrl('accounts/default/export');
     $this->assertTrue(strstr($response, 'accounts/default/index') !== false);
     $this->assertContains('There is no data to export.', Yii::app()->user->getFlash('notification'));
     //give nobody access to read and write
     Yii::app()->user->userModel = $super;
     foreach ($accounts as $account) {
         $account->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
         AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $nobody);
         $this->assertTrue($account->save());
     }
     //Now the nobody user should be able to access the edit view and still the details view.
     Yii::app()->user->userModel = $nobody;
     $this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => '', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'selectAll' => '1', 'selectedIds' => '', 'Account_page' => '1', 'export' => '', 'ajax' => ''));
     $response = $this->runControllerWithExitExceptionAndGetContent('accounts/default/export');
     $this->assertEquals('Testing download.', $response);
     $this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => '', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'selectAll' => '', 'selectedIds' => "{$accounts[0]->id}, {$accounts[1]->id}", 'Account_page' => '1', 'export' => '', 'ajax' => ''));
     $response = $this->runControllerWithExitExceptionAndGetContent('accounts/default/export');
     $this->assertEquals('Testing download.', $response);
     // No matches
     $this->setGetArray(array('AccountsSearchForm' => array('anyMixedAttributesScope' => array(0 => 'All'), 'anyMixedAttributes' => '', 'name' => 'missingName', 'officePhone' => ''), 'multiselect_AccountsSearchForm_anyMixedAttributesScope' => 'All', 'Account_page' => '1', 'selectAll' => '1', 'selectedIds' => '', 'export' => '', 'ajax' => ''));
     $response = $this->runControllerWithRedirectExceptionAndGetUrl('accounts/default/export');
     $this->assertTrue(strstr($response, 'accounts/default/index') !== false);
 }
开发者ID:maruthisivaprasad,项目名称:zurmo,代码行数:61,代码来源:AccountsRegularUserExportWalkthroughTest.php

示例10: testGetGlobalSearchResultsByPartialTermWithRegularUserAndElevationStepsForRegularUser

 /**
  * @depends testGetGlobalSearchResultsByPartialTermUsingScope
  */
 public function testGetGlobalSearchResultsByPartialTermWithRegularUserAndElevationStepsForRegularUser()
 {
     $super = User::getByUsername('super');
     $jimmy = User::getByUsername('jimmy');
     Yii::app()->user->userModel = $super;
     //Jimmy does not have read access, so he should not be able to see any results.
     $this->assertEquals(Right::DENY, $jimmy->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS));
     $this->assertEquals(Right::DENY, $jimmy->getEffectiveRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS));
     $this->assertEquals(Right::DENY, $jimmy->getEffectiveRight('OpportunitiesModule', OpportunitiesModule::RIGHT_ACCESS_OPPORTUNITIES));
     Yii::app()->user->userModel = $jimmy;
     $data = ModelAutoCompleteUtil::getGlobalSearchResultsByPartialTerm('animal', 5, Yii::app()->user->userModel);
     $this->assertEquals(array(array('href' => '', 'label' => 'No Results Found', 'iconClass' => '')), $data);
     //Give Jimmy access to the module, he still will not be able to see results.
     Yii::app()->user->userModel = $super;
     $jimmy->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
     $jimmy->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS);
     $jimmy->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
     $jimmy->setRight('OpportunitiesModule', OpportunitiesModule::RIGHT_ACCESS_OPPORTUNITIES);
     $this->assertTrue($jimmy->save());
     Yii::app()->user->userModel = $jimmy;
     $data = ModelAutoCompleteUtil::getGlobalSearchResultsByPartialTerm('animal', 5, Yii::app()->user->userModel);
     $this->assertEquals(array(array('href' => '', 'label' => 'No Results Found', 'iconClass' => '')), $data);
     //Give Jimmy read on 1 model.  The search then should pick up this model.
     Yii::app()->user->userModel = $super;
     $accounts = Account::getByName('The Zoo');
     $this->assertEquals(1, count($accounts));
     $account = $accounts[0];
     $this->assertEquals(Permission::NONE, $account->getEffectivePermissions($jimmy));
     $account->addPermissions($jimmy, Permission::READ);
     $this->assertTrue($account->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $jimmy);
     Yii::app()->user->userModel = $jimmy;
     $data = ModelAutoCompleteUtil::getGlobalSearchResultsByPartialTerm('animal', 5, Yii::app()->user->userModel);
     $this->assertEquals(1, count($data));
     $this->assertEquals('The Zoo', $data[0]['label']);
     //Give Jimmy read on 2 more models.  The search then should pick up these models.
     Yii::app()->user->userModel = $super;
     $contacts = Contact::getByName('Big Elephant');
     $this->assertEquals(1, count($contacts));
     $contact = $contacts[0];
     $this->assertEquals(Permission::NONE, $contact->getEffectivePermissions($jimmy));
     $contact->addPermissions($jimmy, Permission::READ);
     $this->assertTrue($contact->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contact, $jimmy);
     $opportunities = Opportunity::getByName('Animal Crackers');
     $this->assertEquals(1, count($opportunities));
     $opportunity = $opportunities[0];
     $this->assertEquals(Permission::NONE, $opportunity->getEffectivePermissions($jimmy));
     $opportunity->addPermissions($jimmy, Permission::READ);
     $this->assertTrue($opportunity->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($opportunity, $jimmy);
     Yii::app()->user->userModel = $jimmy;
     $data = ModelAutoCompleteUtil::getGlobalSearchResultsByPartialTerm('animal', 5, Yii::app()->user->userModel);
     $this->assertEquals(3, count($data));
     $this->assertEquals('The Zoo', $data[0]['label']);
     $this->assertEquals('Big Elephant', $data[1]['label']);
     $this->assertEquals('Animal Crackers', $data[2]['label']);
 }
开发者ID:RamaKavanan,项目名称:InitialVersion,代码行数:61,代码来源:ModelAutoCompleteUtilTest.php

示例11: testAddAndRemoveKanbanSubscriberViaAjaxWithNormalUser

 public function testAddAndRemoveKanbanSubscriberViaAjaxWithNormalUser()
 {
     //Adk Jason as why permission error is coming up here
     $myuser = $this->logoutCurrentUserLoginNewUserAndGetByUsername('myuser');
     $task = new Task();
     $task->name = 'NewKanbanSubscriberTask';
     $task->owner = $myuser;
     $task->requestedByUser = self::$sally;
     $this->assertTrue($task->save());
     $this->setGetArray(array('id' => $task->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/removeKanbanSubscriber');
     $this->setGetArray(array('id' => $task->id));
     $this->runControllerShouldResultInAccessFailureAndGetContent('tasks/default/addKanbanSubscriber');
     //Now test peon with elevated rights to accounts
     $myuser->setRight('TasksModule', TasksModule::RIGHT_ACCESS_TASKS);
     $myuser->setRight('TasksModule', TasksModule::RIGHT_CREATE_TASKS);
     $myuser->setRight('TasksModule', TasksModule::RIGHT_DELETE_TASKS);
     $this->assertTrue($myuser->save());
     $task->addPermissions($myuser, Permission::READ_WRITE_CHANGE_PERMISSIONS);
     $this->assertTrue($task->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($task, $myuser);
     //Test nobody with elevated rights.
     Yii::app()->user->userModel = User::getByUsername('myuser');
     $this->setGetArray(array('id' => $task->id));
     $content = $this->runControllerWithNoExceptionsAndGetContent('tasks/default/removeKanbanSubscriber', false);
     $this->assertContains($myuser->getFullName(), $content);
     $this->assertEquals(2, $task->notificationSubscribers->count());
     //Now super user would be added as a subscriber as he becomes the owner
     $task->owner = self::$super;
     $this->assertTrue($task->save());
     $content = $this->runControllerWithNoExceptionsAndGetContent('tasks/default/removeKanbanSubscriber', false);
     $this->assertNotContains($myuser->getFullName(), $content);
     $this->assertEquals(2, $task->notificationSubscribers->count());
     $isMyUserFound = $this->checkIfUserFoundInSubscribersList($task, $myuser->id);
     $this->assertFalse($isMyUserFound);
     $content = $this->runControllerWithNoExceptionsAndGetContent('tasks/default/addKanbanSubscriber', false);
     $this->assertContains($myuser->getFullName(), $content);
     $this->assertEquals(3, $task->notificationSubscribers->count());
     $isMyUserFound = $this->checkIfUserFoundInSubscribersList($task, $myuser->id);
     $this->assertTrue($isMyUserFound);
 }
开发者ID:RamaKavanan,项目名称:InitialVersion,代码行数:41,代码来源:TaskAjaxSuperUserWalkthroughTest.php

示例12: resolveExplicitReadWriteModelPermissions

 /**
  * Given a SecurableItem, add and remove permissions
  * based on what the provided ExplicitReadWriteModelPermissions indicates should be done.
  * Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user
  * can effectively add permissions even if the current user is no longer the owner.
  * @param SecurableItem $securableItem
  * @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions
  * @param bool $validate
  * @return bool|void
  * @throws NotSupportedException
  */
 public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate = false)
 {
     assert('$securableItem->id > 0');
     $optimizeReadPermissions = $securableItem::hasReadPermissionsOptimization();
     $securableItem->setTreatCurrentUserAsOwnerForPermissions(true);
     $saveSecurableItem = false;
     if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) {
             if ($securableItem->addPermissions($permitable, Permission::READ) && $optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) {
             if ($securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER) && $optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) {
             $securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW);
             if ($optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) {
         $saveSecurableItem = true;
         foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) {
             $securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW);
             if ($optimizeReadPermissions) {
                 if ($permitable instanceof Group) {
                     AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
                 } elseif ($permitable instanceof User) {
                     AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable);
                     ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
                 } else {
                     throw new NotSupportedException();
                 }
             }
         }
     }
     if ($saveSecurableItem) {
         $setBackToProcess = false;
         if ($securableItem->shouldProcessWorkflowOnSave()) {
             $securableItem->setDoNotProcessWorkflowOnSave();
             $setBackToProcess = true;
         }
         $saved = $securableItem->save($validate);
         if ($setBackToProcess) {
             $securableItem->setProcessWorkflowOnSave();
         }
         $securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
         return $saved;
     }
     $securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
     return true;
 }
开发者ID:RamaKavanan,项目名称:InitialVersion,代码行数:99,代码来源:ExplicitReadWriteModelPermissionsUtil.php

示例13: testAUserCanDeleteANoteNotOwnedButHasExplicitDeletePermission

 /**
  * @depends testNobodyCanReadWriteDeleteAndStrValOfNoteFunctionsCorrectly
  */
 public function testAUserCanDeleteANoteNotOwnedButHasExplicitDeletePermission()
 {
     //Create superAccount owned by user super.
     $super = User::getByUsername('super');
     Yii::app()->user->userModel = $super;
     $superAccount = AccountTestHelper::createAccountByNameForOwner('AccountTest', $super);
     //create a nobody user
     $nobody = User::getByUsername('nobody');
     //create note for an superAccount using the super user
     $note = NoteTestHelper::createNoteWithOwnerAndRelatedAccount('noteCreatedBySuper', $super, $superAccount);
     //give nobody access to both details, edit and delete view in order to check the delete of a note
     Yii::app()->user->userModel = User::getByUsername('super');
     $nobody->forget();
     $nobody = User::getByUsername('nobody');
     $note->addPermissions($nobody, Permission::READ_WRITE_DELETE);
     $this->assertTrue($note->save());
     AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($note, $nobody);
     Yii::app()->user->userModel = User::getByUsername('nobody');
     $noteId = $note->id;
     $note->forget();
     $note = Note::getById($noteId);
     $note->delete();
 }
开发者ID:maruthisivaprasad,项目名称:zurmo,代码行数:26,代码来源:NoteTest.php

示例14: testSecurityExceptions

 public function testSecurityExceptions()
 {
     try {
         $superAdmin = User::getByUsername('super');
         $originalOwner = User::getByUsername('betty');
         $buddy = User::getByUsername('bernice');
         $pleb = User::getByUsername('brian');
         Yii::app()->user->userModel = $superAdmin;
         $account = new Account();
         $account->name = 'Dooble & Co';
         $account->owner = $originalOwner;
         $this->assertTrue($account->save());
         // READ - owner can read, pleb can't.
         Yii::app()->user->userModel = $originalOwner;
         $this->assertEquals(Permission::ALL, $account->getEffectivePermissions());
         $this->assertEquals('Dooble & Co', $account->name);
         Yii::app()->user->userModel = $pleb;
         try {
             $this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
             $name = $account->name;
             $this->fail();
         } catch (AccessDeniedSecurityException $e) {
             $this->assertTrue($e->user->isSame($pleb));
             $this->assertEquals(Permission::READ, $e->requiredPermissions);
             $this->assertEquals(Permission::NONE, $e->effectivePermissions);
         }
         // WRITE - owner can write, pleb can't.
         Yii::app()->user->userModel = $originalOwner;
         $this->assertEquals(Permission::ALL, $account->getEffectivePermissions());
         $account->name = 'Booble & Sons';
         $this->assertTrue($account->save());
         $this->assertEquals('Booble & Sons', $account->name);
         Yii::app()->user->userModel = $pleb;
         try {
             $this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
             $account->name = 'Google & Mums';
             $this->fail();
         } catch (AccessDeniedSecurityException $e) {
             $this->assertTrue($e->user->isSame($pleb));
             $this->assertEquals(Permission::WRITE, $e->requiredPermissions);
             $this->assertEquals(Permission::NONE, $e->effectivePermissions);
         }
         // PERMISSIONS - owner can give permissions to and remove
         // permissions from buddy, pleb can't change permissions.
         Yii::app()->user->userModel = $originalOwner;
         $this->assertEquals(Permission::ALL, $account->getEffectivePermissions());
         $account->addPermissions($buddy, Permission::READ);
         AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($account, $buddy);
         $this->assertTrue($account->save());
         Yii::app()->user->userModel = $buddy;
         $this->assertEquals(Permission::READ, $account->getEffectivePermissions());
         $this->assertEquals('Booble & Sons', $account->name);
         Yii::app()->user->userModel = $pleb;
         try {
             $this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
             $account->addPermissions($pleb, Permission::ALL);
             $this->fail();
         } catch (AccessDeniedSecurityException $e) {
             $this->assertTrue($e->user->isSame($pleb));
             $this->assertEquals(Permission::CHANGE_PERMISSIONS, $e->requiredPermissions);
             $this->assertEquals(Permission::NONE, $e->effectivePermissions);
         }
         Yii::app()->user->userModel = $originalOwner;
         $account->removePermissions($buddy, Permission::READ, Permission::ALLOW_DENY);
         $this->assertTrue($account->save());
         // CHANGE_OWNER - owner gives the account to his buddy,
         // pleb can't change the owner.
         Yii::app()->user->userModel = $originalOwner;
         $this->assertEquals(Permission::ALL, $account->getEffectivePermissions());
         $account->owner = $buddy;
         $this->assertTrue($account->save());
         Yii::app()->user->userModel = $pleb;
         try {
             $this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
             $account->owner = $pleb;
             $this->fail();
         } catch (AccessDeniedSecurityException $e) {
             $this->assertTrue($e->user->isSame($pleb));
             $this->assertEquals(Permission::CHANGE_OWNER, $e->requiredPermissions);
             $this->assertEquals(Permission::NONE, $e->effectivePermissions);
         }
         // DELETE - pleb can't delete, the original
         // owner can't either, the new owner deletes it.
         Yii::app()->user->userModel = $pleb;
         try {
             $this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
             $account->delete();
             $this->fail();
         } catch (AccessDeniedSecurityException $e) {
             $this->assertTrue($e->user->isSame($pleb));
             $this->assertEquals(Permission::DELETE, $e->requiredPermissions);
             $this->assertEquals(Permission::NONE, $e->effectivePermissions);
         }
         Yii::app()->user->userModel = $originalOwner;
         try {
             $this->assertEquals(Permission::NONE, $account->getEffectivePermissions());
             $account->delete();
             $this->fail();
         } catch (AccessDeniedSecurityException $e) {
             $this->assertTrue($e->user->isSame($originalOwner));
//.........这里部分代码省略.........
开发者ID:maruthisivaprasad,项目名称:zurmo,代码行数:101,代码来源:PermissionsTest.php


注:本文中的AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。