本文整理匯總了PHP中AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser方法的典型用法代碼示例。如果您正苦於以下問題:PHP AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser方法的具體用法?PHP AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser怎麽用?PHP AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類AllPermissionsOptimizationUtil
的用法示例。
在下文中一共展示了AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser方法的8個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: testRegularUserControllerActionsWithElevationToModels
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create superAccount owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$superAccount = AccountTestHelper::createAccountByNameForOwner('AccountsForElevationToModelTest', $super);
//Test nobody, access to details of superAccount should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('accounts/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$superAccount->addPermissions($nobody, Permission::READ);
$this->assertTrue($superAccount->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($superAccount, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $superAccount->id));
$this->runControllerWithNoExceptionsAndGetContent('accounts/default/details');
//create meeting for an superAccount using the super user
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$meeting = MeetingTestHelper::createMeetingWithOwnerAndRelatedAccount('meetingCreatedByNobody', $super, $superAccount);
//Test nobody, access to edit, details and delete of meeting should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to details view only
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($meeting, $nobody);
//Now access to meetings view by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
//Now access to meetings edit and delete by Nobody should fail
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($meeting, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
//Now access to meetings view and edit by Nobody should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithNoExceptionsAndGetContent('meetings/default/edit');
//Now access to meetings delete by Nobody should fail
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//revoke the permission from the nobody user to access the meeting
Yii::app()->user->userModel = $super;
$meeting->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($meeting, $nobody);
//Now nobodys, access to edit, details and delete of meetings should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/edit');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/details');
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerShouldResultInAccessFailureAndGetContent('meetings/default/delete');
//give nobody access to both details and edit view
Yii::app()->user->userModel = $super;
$meeting->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($meeting->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($meeting, $nobody);
//Now nobodys, access to delete of meetings should not fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $meeting->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('meetings/default/delete');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
//.........這裏部分代碼省略.........
示例2: testRegularUserControllerActionsWithElevationToModels
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create contact web form owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$contactWebForm = ContactWebFormTestHelper::createContactWebFormByName('contactWebFormForElevationToModelTest', $super);
//Test nobody, access to edit and details should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
//give nobody access to read
Yii::app()->user->userModel = $super;
$contactWebForm->addPermissions($nobody, Permission::READ);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test nobody, access to edit should fail.
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm->id;
$contactWebForm->forget();
$contactWebForm = ContactWebForm::getById($contactWebFormId);
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$contactWebForm->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($contactWebForm, $nobody);
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/edit');
$contactWebFormId = $contactWebForm->id;
$contactWebForm->forget();
$contactWebForm = ContactWebForm::getById($contactWebFormId);
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$contactWebForm->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($contactWebForm->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($contactWebForm, $nobody);
//Test nobody, access to detail should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create web form owned by super
$contactWebForm2 = ContactWebFormTestHelper::createContactWebFormByName('testingParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/details');
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('contactWebForms/default/edit');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$contactWebForm2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($contactWebForm2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($contactWebForm2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
$this->runControllerWithNoExceptionsAndGetContent('contactWebForms/default/details');
//Test userInParentRole, access to details should not fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $contactWebForm2->id));
//.........這裏部分代碼省略.........
示例3: testRegularUserControllerActionsWithElevationToModels
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create project owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$project = ProjectTestHelper::createProjectByNameForOwner('projectForElevationToModelTest', $super);
//Test nobody, access to edit and details should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->runControllerWithNoExceptionsAndGetContent('projects/default/dashboardDetails');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
//give nobody access to read
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ);
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
//Test nobody, access to edit should fail.
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/delete');
$projectId = $project->id;
$project->forget();
$project = Project::getById($projectId);
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
//TODO :Its wierd that giving opportunity errors
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($project, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($project, $nobody);
//Now the nobody user should be able to access the edit view and still the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerWithNoExceptionsAndGetContent('projects/default/edit');
$projectId = $project->id;
$project->forget();
$project = Project::getById($projectId);
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$project->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS, Permission::DENY);
$this->assertTrue($project->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($project, $nobody);
//Test nobody, access to detail should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create project owned by super
$project2 = ProjectTestHelper::createProjectByNameForOwner('testingParentRolePermission', $super);
//Test userInParentRole, access to details and edit should fail.
Yii::app()->user->userModel = $userInParentRole;
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/details');
$this->setGetArray(array('id' => $project2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('projects/default/edit');
//give userInChildRole access to READ
Yii::app()->user->userModel = $super;
$project2->addPermissions($userInChildRole, Permission::READ);
$this->assertTrue($project2->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($project2, $userInChildRole);
//Test userInChildRole, access to details should not fail.
//.........這裏部分代碼省略.........
示例4: testRegularUserControllerActionsWithElevationToModels
/**
* @depends testRegularUserControllerActionsWithElevationToAccessAndCreate
*/
public function testRegularUserControllerActionsWithElevationToModels()
{
//Create lead owned by user super.
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$lead = LeadTestHelper::createLeadByNameForOwner('leadForElevationToModelTest', $super);
//Test nobody, access to edit, details and delete should fail.
$nobody = $this->logoutCurrentUserLoginNewUserAndGetByUsername('nobody');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($lead, $nobody);
//Now the nobody user can access the details view.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
//Test nobody, access to edit and delete should fail.
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read and write
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($lead, $nobody);
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
//Now the nobody user should be able to access the edit view and still the details view
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerWithNoExceptionsAndGetContent('leads/default/edit');
//Test nobody, access to delete should fail.
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//revoke nobody access to read
Yii::app()->user->userModel = $super;
$lead->removePermissions($nobody, Permission::READ_WRITE_CHANGE_PERMISSIONS);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($lead, $nobody);
//Test nobody, access to detail, edit and delete should fail.
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/edit');
$this->setGetArray(array('id' => $lead->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/delete');
//give nobody access to read, write and delete
Yii::app()->user->userModel = $super;
$lead->addPermissions($nobody, Permission::READ_WRITE_DELETE);
$this->assertTrue($lead->save());
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($lead, $nobody);
//now nobody should be able to delete a lead
Yii::app()->user->userModel = $nobody;
$this->setGetArray(array('id' => $lead->id));
$this->resetPostArray();
$this->runControllerWithRedirectExceptionAndGetContent('leads/default/delete', Yii::app()->createUrl('leads/default/index'));
//create some roles
Yii::app()->user->userModel = $super;
$parentRole = new Role();
$parentRole->name = 'AAA';
$this->assertTrue($parentRole->save());
$childRole = new Role();
$childRole->name = 'BBB';
$this->assertTrue($childRole->save());
$userInParentRole = User::getByUsername('confused');
$userInChildRole = User::getByUsername('nobody');
$childRole->users->add($userInChildRole);
$this->assertTrue($childRole->save());
$parentRole->users->add($userInParentRole);
$parentRole->roles->add($childRole);
$this->assertTrue($parentRole->save());
$userInChildRole->forget();
$userInChildRole = User::getByUsername('nobody');
$userInParentRole->forget();
$userInParentRole = User::getByUsername('confused');
$parentRoleId = $parentRole->id;
$parentRole->forget();
$parentRole = Role::getById($parentRoleId);
$childRoleId = $childRole->id;
$childRole->forget();
$childRole = Role::getById($childRoleId);
//create lead owned by super
$lead2 = LeadTestHelper::createLeadByNameForOwner('leadsParentRolePermission', $super);
//Test userInChildRole, access to details, edit and delete should fail.
Yii::app()->user->userModel = $userInChildRole;
$this->setGetArray(array('id' => $lead2->id));
$this->runControllerShouldResultInAccessFailureAndGetContent('leads/default/details');
$this->setGetArray(array('id' => $lead2->id));
//.........這裏部分代碼省略.........
示例5: testCopyingAModelOwnedByAnotherUserWhereYouHaveRestrictedAccess
/**
* Ensures another user can 'clone' an account they can see, but is not necessarily the owner and does not have
* super privileges.
*/
public function testCopyingAModelOwnedByAnotherUserWhereYouHaveRestrictedAccess()
{
Yii::app()->user->userModel = User::getByUsername('super');
$account = AccountTestHelper::createAccountByNameForOwner('a super account', Yii::app()->user->userModel);
//This will simulate sally having access to 'clone' the account.
$sally = User::getByUserName('sally');
$account->addPermissions($sally, Permission::READ);
$account->save();
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account, $sally);
Yii::app()->user->userModel = User::getByUsername('sally');
$copyOfAccount = new Account();
ZurmoCopyModelUtil::copy($account, $copyOfAccount);
$saved = $copyOfAccount->save();
$this->assertTrue($saved);
}
示例6: testUnmarkModelAsStarredForAllUsers
/**
* @depends testCreateStarredTables
*/
public function testUnmarkModelAsStarredForAllUsers()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$steven = UserTestHelper::createBasicUser('Steven');
$account = new Account();
$account->owner = $super;
$account->name = 'Test Account';
$account->officePhone = '1234567890';
$account->addPermissions($steven, Permission::READ);
$this->assertTrue($account->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account, $steven);
StarredUtil::markModelAsStarred($account);
Yii::app()->user->userModel = $steven;
StarredUtil::markModelAsStarred($account);
$starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id);
$this->assertEquals(2, $starredRecords);
StarredUtil::unmarkModelAsStarredForAllUsers($account);
$starredRecords = AccountStarred::getCountByUserIdAndModelId(null, $account->id);
$this->assertEquals(0, $starredRecords);
}
示例7: resolveExplicitReadWriteModelPermissions
/**
* Given a SecurableItem, add and remove permissions
* based on what the provided ExplicitReadWriteModelPermissions indicates should be done.
* Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user
* can effectively add permissions even if the current user is no longer the owner.
* @param SecurableItem $securableItem
* @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions
* @param bool $validate
* @return bool|void
* @throws NotSupportedException
*/
public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate = false)
{
assert('$securableItem->id > 0');
$optimizeReadPermissions = $securableItem::hasReadPermissionsOptimization();
$securableItem->setTreatCurrentUserAsOwnerForPermissions(true);
$saveSecurableItem = false;
if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) {
if ($securableItem->addPermissions($permitable, Permission::READ) && $optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) {
if ($securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER) && $optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemGivenPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) {
$securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW);
if ($optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemLostReadPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) {
$securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW);
if ($optimizeReadPermissions) {
if ($permitable instanceof Group) {
AllPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForGroup($securableItem);
} elseif ($permitable instanceof User) {
AllPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable);
ReadPermissionsSubscriptionUtil::securableItemLostPermissionsForUser($securableItem);
} else {
throw new NotSupportedException();
}
}
}
}
if ($saveSecurableItem) {
$setBackToProcess = false;
if ($securableItem->shouldProcessWorkflowOnSave()) {
$securableItem->setDoNotProcessWorkflowOnSave();
$setBackToProcess = true;
}
$saved = $securableItem->save($validate);
if ($setBackToProcess) {
$securableItem->setProcessWorkflowOnSave();
}
$securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
return $saved;
}
$securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
return true;
}
示例8: testRegularUserBullkWriteWhereSomeItemsTheyDontHavePrivledgesToDoIt
/**
* @depends testRegularUserSwitchingOwnershipLosesAccessToAccount
*/
public function testRegularUserBullkWriteWhereSomeItemsTheyDontHavePrivledgesToDoIt()
{
$super = $this->logoutCurrentUserLoginNewUserAndGetByUsername('super');
$confused = User::getByUsername('confused');
$billy = User::getByUsername('billy');
$this->assertEquals(Right::DENY, $confused->getEffectiveRight('ZurmoModule', ZurmoModule::RIGHT_BULK_WRITE));
$confused->setRight('ZurmoModule', ZurmoModule::RIGHT_BULK_WRITE);
$this->assertTrue($confused->save());
$account1 = AccountTestHelper::createAccountByNameForOwner('canUpdate', $confused);
$account2 = AccountTestHelper::createAccountByNameForOwner('canUpdate2', $confused);
$account3 = AccountTestHelper::createAccountByNameForOwner('cannotUpdate', $billy);
$this->assertEquals($confused, $account1->owner);
$this->assertEquals($confused, $account2->owner);
$this->assertEquals($billy, $account3->owner);
//Give confused user read access to $account3
$this->assertNotEquals($account3->owner->id, $confused->id);
$this->assertEquals(Permission::NONE, $account3->getEffectivePermissions($confused));
$account3->addPermissions($confused, Permission::READ);
$this->assertTrue($account3->save());
AllPermissionsOptimizationUtil::securableItemGivenReadPermissionsForUser($account3, $confused);
$this->assertEquals(Permission::READ, $account3->getEffectivePermissions($confused));
//Make confused user the current user.
Yii::app()->user->userModel = $confused;
//Load MassEdit view for the 3 accounts.
$selectedIds = $account1->id . ',' . $account2->id . ',' . $account3->id;
// Not Coding Standard
$this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => ''));
// Not Coding Standard
$this->resetPostArray();
$content = $this->runControllerWithNoExceptionsAndGetContent('accounts/default/massEdit');
$this->assertContains('<strong>3</strong> records selected for updating', $content);
//Test trying to change the owner to super and trying to change name which is required, but leaving it blank.
//This will result in a validation error, but since since the owner has been selected as super, we want
//to make sure there are no exceptions and the validation appears in the user interface correctly.
$this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => '', 'Account_page' => 1));
$this->setPostArray(array('Account' => array('name' => '', 'owner' => array('id' => $super->id)), 'MassEdit' => array('name' => 1, 'owner' => 1)));
$content = $this->runControllerWithNoExceptionsAndGetContent('accounts/default/massEdit');
$this->assertContains('<strong>3</strong> records selected for updating', $content);
//Now set office phone to a real value, keep owner set at super, and try again. This time the mass update
//should be successful except for account3 which the confused user does not have write access too.
$this->setGetArray(array('selectedIds' => $selectedIds, 'selectAll' => '', 'Account_page' => 1));
$this->setPostArray(array('Account' => array('name' => '7799', 'owner' => array('id' => $super->id)), 'MassEdit' => array('name' => 1, 'owner' => 1)));
$content = $this->runControllerWithRedirectExceptionAndGetContent('accounts/default/massEdit');
//Confirm the flash message shows the correct information that 1 failed.
$this->assertContains('Successfully updated 2 records. 1 account skipped because you do not have sufficient permissions.', Yii::app()->user->getFlash('notification'));
//Confirm updates are correct
Yii::app()->user->userModel = $super;
$account1 = Account::getById($account1->id);
$account2 = Account::getById($account2->id);
$account3 = Account::getById($account3->id);
$this->assertEquals('7799', $account1->name);
$this->assertEquals('7799', $account2->name);
$this->assertEquals('cannotUpdate', $account3->name);
$this->assertEquals($super->getFullName(), $account2->owner->getFullName());
$this->assertEquals($super->getFullName(), $account2->owner->getFullName());
$this->assertEquals($billy->getFullName(), $account3->owner->getFullName());
}