diff options
| author | Stefan Giehl <stefan@matomo.org> | 2022-05-25 10:54:43 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-25 10:54:43 +0300 |
| commit | 8198c387746c426ccb3bcbb2e4a2340a6aade718 (patch) | |
| tree | d0b278e3cc3f6b9d5e85bc71e9adc1618d7ebb3f | |
| parent | 53c00a78caf96d24dd8f7f74dc8fd74268b312b1 (diff) | |
Handle write permission correctly when checking for users with access to same site (#19199)
| -rw-r--r-- | plugins/UsersManager/UserAccessFilter.php | 12 | ||||
| -rw-r--r-- | plugins/UsersManager/tests/Integration/UserAccessFilterTest.php | 217 |
2 files changed, 126 insertions, 103 deletions
diff --git a/plugins/UsersManager/UserAccessFilter.php b/plugins/UsersManager/UserAccessFilter.php index ae94c70ffe..9378b8a3d1 100644 --- a/plugins/UsersManager/UserAccessFilter.php +++ b/plugins/UsersManager/UserAccessFilter.php @@ -49,6 +49,12 @@ class UserAccessFilter private $usersWithAdminAccess; /** + * Holds a list of all user logins that have write access. Only used for caching + * @var array Array ('loginName' => array(idsites...)) + */ + private $usersWithWriteAccess; + + /** * Holds a list of all user logins that have view access. Only used for caching * @var array Array ('loginName' => array(idsites...)) */ @@ -104,7 +110,6 @@ class UserAccessFilter return array_values(array_filter($users, function ($user) { return $this->isNonSuperUserAllowedToSeeThisLogin($user['login']); })); - } /** @@ -171,13 +176,14 @@ class UserAccessFilter if (!isset($this->idSitesWithAdmin)) { $this->idSitesWithAdmin = $this->access->getSitesIdWithAdminAccess(); $this->usersWithAdminAccess = $this->model->getUsersSitesFromAccess('admin'); + $this->usersWithWriteAccess = $this->model->getUsersSitesFromAccess('write'); $this->usersWithViewAccess = $this->model->getUsersSitesFromAccess('view'); } return ( (isset($this->usersWithViewAccess[$login]) && array_intersect($this->idSitesWithAdmin, $this->usersWithViewAccess[$login])) - || - (isset($this->usersWithAdminAccess[$login]) && array_intersect($this->idSitesWithAdmin, $this->usersWithAdminAccess[$login])) + || (isset($this->usersWithWriteAccess[$login]) && array_intersect($this->idSitesWithAdmin, $this->usersWithWriteAccess[$login])) + || (isset($this->usersWithAdminAccess[$login]) && array_intersect($this->idSitesWithAdmin, $this->usersWithAdminAccess[$login])) ); } } diff --git a/plugins/UsersManager/tests/Integration/UserAccessFilterTest.php b/plugins/UsersManager/tests/Integration/UserAccessFilterTest.php index 85cab11ab3..cdd8fa0fa3 100644 --- a/plugins/UsersManager/tests/Integration/UserAccessFilterTest.php +++ b/plugins/UsersManager/tests/Integration/UserAccessFilterTest.php @@ -1,4 +1,5 @@ <?php + /** * Matomo - free/libre analytics platform * @@ -15,14 +16,6 @@ use Piwik\Tests\Framework\Fixture; use Piwik\Tests\Framework\Mock\FakeAccess; use Piwik\Tests\Framework\TestCase\IntegrationTestCase; -class TestUserAccessFilter extends UserAccessFilter { - - public function isNonSuperUserAllowedToSeeThisLogin($login) - { - return parent::isNonSuperUserAllowedToSeeThisLogin($login); - } -} - /** * @group UsersManager * @group UserAccessFilterTest @@ -42,19 +35,26 @@ class UserAccessFilterTest extends IntegrationTestCase private $access; /** - * @var TestUserAccessFilter + * @var UserAccessFilter */ private $filter; - private static $users = array( - 'login2' => array('view' => array(1,3,5), 'admin' => array(2,6)), - 'login3' => array('view' => array(), 'admin' => array()), // no access to any site - 'login4' => array('view' => array(6), 'admin' => array()), // only access to one with view - 'login5' => array('view' => array(), 'admin' => array(3)), // only access to one with admin - 'login6' => array('view' => array(), 'admin' => array(6,3)), // access to a couple of sites with admin - 'login7' => array('view' => array(2,1,6,3), 'admin' => array()), // access to a couple of sites with view - 'login8' => array('view' => array(4,7), 'admin' => array(2,5)), // access to a couple of sites with admin and view - ); + /** + * @var \ReflectionMethod + */ + private $isNonSuperUserAllowedToSeeThisLogin; + + private static $users = [ + 'login2' => ['view' => [1,3,5], 'write' => [], 'admin' => [2,6]], + 'login3' => ['view' => [], 'write' => [], 'admin' => []], // no access to any site + 'login4' => ['view' => [6], 'write' => [], 'admin' => []], // only access to one with view + 'login5' => ['view' => [], 'write' => [], 'admin' => [3]], // only access to one with admin + 'login6' => ['view' => [], 'write' => [], 'admin' => [6,3]], // access to a couple of sites with admin + 'login7' => ['view' => [2,1,6,3], 'write' => [], 'admin' => []], // access to a couple of sites with view + 'login8' => ['view' => [4,7], 'write' => [], 'admin' => [2,5]], // access to a couple of sites with admin and view + 'login9' => ['view' => [], 'write' => [2,5], 'admin' => []], // access to a couple of sites with write + 'login10' => ['view' => [1,3], 'write' => [6], 'admin' => []], // access to a couple of sites with write and view + ]; public function setUp(): void { @@ -66,7 +66,10 @@ class UserAccessFilterTest extends IntegrationTestCase FakeAccess::clearAccess(); - $this->filter = new TestUserAccessFilter($this->model, $this->access); + $this->filter = new UserAccessFilter($this->model, $this->access); + $method = new \ReflectionMethod($this->filter, 'isNonSuperUserAllowedToSeeThisLogin'); + $method->setAccessible(true); + $this->isNonSuperUserAllowedToSeeThisLogin = $method; } protected static function beforeTableDataCached() @@ -77,22 +80,22 @@ class UserAccessFilterTest extends IntegrationTestCase self::createManyUsers(); } - public function test_filterUser_WithSuperUserAccess_ShouldAlwaysReturnTrue() + public function testFilterUserWithSuperUserAccessShouldAlwaysReturnTrue() { $this->configureAccessForLogin('login1'); foreach ($this->getAllLogins() as $login) { - $this->assertSame(array('login' => $login), $this->filter->filterUser(array('login' => $login))); + $this->assertSame(['login' => $login], $this->filter->filterUser(['login' => $login])); } } - public function test_filterUser_WithViewUserAccess_ShouldOnlyReturnUserForOwnLogin() + public function testFilterUserWithViewUserAccessShouldOnlyReturnUserForOwnLogin() { $identity = 'login4'; $this->configureAccessForLogin($identity); - $this->assertSame(array('login' => $identity), $this->filter->filterUser(array('login' => $identity))); + $this->assertSame(['login' => $identity], $this->filter->filterUser(['login' => $identity])); foreach ($this->getAllLogins() as $login) { if ($login !== $identity) { - $this->assertNull($this->filter->filterUser(array('login' => $login))); + $this->assertNull($this->filter->filterUser(['login' => $login])); } } } @@ -100,29 +103,30 @@ class UserAccessFilterTest extends IntegrationTestCase /** * @dataProvider getIsUserAllowedToSeeThisLoginWithAdminAccess */ - public function test_filterUser_WithAdminAccess_ShouldOnlyReturnUserForOwnLogin($expectedAllowed, $loginToSee) + public function testFilterUserWithAdminAccessShouldOnlyReturnUserForOwnLogin($expectedAllowed, $loginToSee) { $this->configureAccessForLogin('login2'); if ($expectedAllowed) { - $this->assertSame(array('login' => $loginToSee), $this->filter->filterUser(array('login' => $loginToSee))); + $this->assertSame(['login' => $loginToSee], $this->filter->filterUser(['login' => $loginToSee])); } else { - $this->assertSame(null, $this->filter->filterUser(array('login' => $loginToSee))); + $this->assertSame(null, $this->filter->filterUser(['login' => $loginToSee])); } } /** * @dataProvider getIsUserAllowedToSeeThisLoginWithAdminAccess */ - public function test_isNonSuperUserAllowedToSeeThisLogin_WithAdminAccess_IsAllowedToSeeAnyUserHavingAccessToSameAdminSites($expectedAllowed, $loginToSee) + public function testIsNonSuperUserAllowedToSeeThisLoginWithAdminAccessIsAllowedToSeeAnyUserHavingAccessToSameAdminSites($expectedAllowed, $loginToSee) { $this->configureAccessForLogin('login2'); - $this->assertSame($expectedAllowed, $this->filter->isNonSuperUserAllowedToSeeThisLogin($loginToSee)); + $this->assertSame($expectedAllowed, $this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, $loginToSee)); } public function getIsUserAllowedToSeeThisLoginWithAdminAccess() { return array( array($expectedAllowed = false, 'login1'), // not allowed to see this user as it has super user access + array($expectedAllowed = true, 'login10'), array($expectedAllowed = true, 'login2'), // it is the own user so visible anyway array($expectedAllowed = false, 'login3'), // not allowed to see this user as this one does not have access to any site array($expectedAllowed = true, 'login4'), @@ -130,73 +134,80 @@ class UserAccessFilterTest extends IntegrationTestCase array($expectedAllowed = true, 'login6'), array($expectedAllowed = true, 'login7'), array($expectedAllowed = true, 'login8'), + array($expectedAllowed = true, 'login9'), ); } - public function test_isNonSuperUserAllowedToSeeThisLogin_WithAdminAccess_IsAllowedToSeeAnyUserHavingAccessToSameAdminSites_UserHasAccessToOnlyOneAdminSite() + public function testIsNonSuperUserAllowedToSeeThisLoginWithAdminAccessIsAllowedToSeeAnyUserHavingAccessToSameAdminSitesUserHasAccessToOnlyOneAdminSite() { $this->configureAccessForLogin('login5'); - $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login2')); - $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login5')); - $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login7')); - $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login6')); - - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login1')); // a user having view access only is not allowed to see any other user - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login3')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login4')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login8')); + $this->assertTrue($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login2')); + $this->assertTrue($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login5')); + $this->assertTrue($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login7')); + $this->assertTrue($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login6')); + $this->assertTrue($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login10')); + + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login1')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login3')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login4')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login8')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login9')); } - public function test_isNonSuperUserAllowedToSeeThisLogin_WithOnlyViewAccess_IsAllowedToSeeOnlyOwnUser() + public function testIsNonSuperUserWithOnlyViewAccessAllowedToSeeOnlyOwnUser() { $this->configureAccessForLogin('login7'); - $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login7')); // a view user is allowed to see itself - - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login1')); // a user having view access only is not allowed to see any other user - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login2')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login3')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login4')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login5')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login6')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login8')); + $this->assertTrue($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login7')); + + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login1')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login2')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login3')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login4')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login5')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login6')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login8')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login9')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login10')); } - public function test_isNonSuperUserAllowedToSeeThisLogin_WithNoAccess_IsStillAllowedToSeeAnyUser() + public function testIsNonSuperUserWithoutAnyAccessAllowedToSeeOnlyOwnUser() { $this->configureAccessForLogin('login3'); - $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login3')); // a view user is allowed to see itself - - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login1')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login2')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login4')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login5')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login7')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login6')); - $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login8')); + $this->assertTrue($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login3')); + + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login1')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login2')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login4')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login5')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login7')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login6')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login8')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login9')); + $this->assertFalse($this->isNonSuperUserAllowedToSeeThisLogin->invoke($this->filter, 'login10')); } /** * @dataProvider getTestFilterLogins */ - public function test_filterLogins($expectedLogins, $loginIdentity, $logins) + public function testFilterLogins($expectedLogins, $loginIdentity, $logins) { $this->configureAccessForLogin($loginIdentity); - $this->assertSame($expectedLogins, $this->filter->filterLogins($logins)); // a view user is allowed to see itself + $this->assertSame($expectedLogins, $this->filter->filterLogins($logins)); } /** * @dataProvider getTestFilterLogins */ - public function test_filterUsers($expectedLogins, $loginIdentity, $logins) + public function testFilterUsers($expectedLogins, $loginIdentity, $logins) { $this->configureAccessForLogin($loginIdentity); - $users = array(); - $expectedUsers = array(); + $users = []; + $expectedUsers = []; foreach ($logins as $login) { - $user = array('login' => $login, 'password' => md5('pass')); + $user = ['login' => $login, 'password' => md5('pass')]; $users[] = $user; if (in_array($login, $expectedLogins)) { @@ -210,58 +221,61 @@ class UserAccessFilterTest extends IntegrationTestCase /** * @dataProvider getTestFilterLogins */ - public function test_filterLoginIndexedArray($expectedLogins, $loginIdentity, $logins) + public function testFilterLoginIndexedArray($expectedLogins, $loginIdentity, $logins) { $this->configureAccessForLogin($loginIdentity); - $testArray = array(); - $expectedTestArray = array(); + $testArray = []; + $expectedTestArray = []; foreach ($logins as $login) { - $anything = array('foo' . $login); + $anything = ['foo' . $login]; - $users[$login] = $anything; + $testArray[$login] = $anything; if (in_array($login, $expectedLogins)) { - $expectedUsers[$login] = $anything; + $expectedTestArray[$login] = $anything; } } - $this->assertSame($expectedTestArray, $this->filter->filterLoginIndexedArray($testArray)); // a view user is allowed to see itself + $this->assertSame($expectedTestArray, $this->filter->filterLoginIndexedArray($testArray)); } public function getTestFilterLogins() { - return array( - array($expectedLogins = $this->getAllLogins(), $identity = 'login1', $this->getAllLogins()), // a super user is allowed to see all logins - array($expectedLogins = array('login2', 'foobar'), $identity = 'login1', array('login2', 'foobar')), // for super users we do not even check if they actually exist - array($expectedLogins = $this->buildLogins(array(2,4)), $identity = 'login2', array('login2', 'foobar', 'login4', 'login3')), // should remove logins that do not actually exist when user has admin permission - array($expectedLogins = $this->buildLogins(array(2,4,6,7,8)), $identity = 'login2', $this->getAllLogins()), // an admin user can see users having access to the admin sites - array($expectedLogins = $this->buildLogins(array(3)), $identity = 'login3', $this->getAllLogins()), // a user with no access to any site can only see itself - array($expectedLogins = array('foobar'), $identity = 'foobar', array('foobar')), // doesn't check whether user exists when not having access to any site and user doesn't actually exist - array($expectedLogins = $this->buildLogins(array(4)), $identity = 'login4', $this->getAllLogins()), // a user with only view access to a site can only see itself - array($expectedLogins = $this->buildLogins(array(2,5,6,7)), $identity = 'login5', $this->getAllLogins()), // has access to one admin site - array($expectedLogins = $this->buildLogins(array(2,4,5,6,7)), $identity = 'login6', $this->getAllLogins()), // has access to multiple admin sites - array($expectedLogins = $this->buildLogins(array(7)), $identity = 'login7', $this->getAllLogins()), // has only access to multiple view sites - array($expectedLogins = $this->buildLogins(array(2,7,8)), $identity = 'login8', $this->getAllLogins()), // a user with only view access to a site can only see itself - array($expectedLogins = array(), $identity = 'login1', array()), // no users given, should return empty array for user with super user access - array($expectedLogins = array(), $identity = 'login2', array()), // no users given, should return empty array for user with admin access - array($expectedLogins = array(), $identity = 'login3', array()), // no users given, should return empty array for user with no access - array($expectedLogins = array(), $identity = 'login4', array()), // no users given, should return empty array for user with only view access - array($expectedLogins = array('anonymous'), $identity = 'anonymous', array('anonymous')), // anonymous user can see itself - ); + return [ + [$expectedLogins = $this->getAllLogins(), $identity = 'login1', $this->getAllLogins()], // a super user is allowed to see all logins + [$expectedLogins = ['login2', 'foobar'], $identity = 'login1', ['login2', 'foobar']], // for super users we do not even check if they actually exist + [$expectedLogins = $this->buildLogins([2,4]), $identity = 'login2', ['login2', 'foobar', 'login4', 'login3']], // should remove logins that do not actually exist when user has admin permission + [$expectedLogins = $this->buildLogins([10,2,4,6,7,8,9]), $identity = 'login2', $this->getAllLogins()], // an admin user can see users having access to the admin sites + [$expectedLogins = $this->buildLogins([3]), $identity = 'login3', $this->getAllLogins()], // a user with no access to any site can only see itself + [$expectedLogins = ['foobar'], $identity = 'foobar', ['foobar']], // doesn't check whether user exists when not having access to any site and user doesn't actually exist + [$expectedLogins = $this->buildLogins([4]), $identity = 'login4', $this->getAllLogins()], // a user with only view access to a site can only see itself + [$expectedLogins = $this->buildLogins([10,2,5,6,7]), $identity = 'login5', $this->getAllLogins()], // has access to one admin site + [$expectedLogins = $this->buildLogins([10,2,4,5,6,7]), $identity = 'login6', $this->getAllLogins()], // has access to multiple admin sites + [$expectedLogins = $this->buildLogins([7]), $identity = 'login7', $this->getAllLogins()], // has only access to multiple view sites + [$expectedLogins = $this->buildLogins([2,7,8,9]), $identity = 'login8', $this->getAllLogins()], // has access to multiple view & admin sites + [$expectedLogins = $this->buildLogins([9]), $identity = 'login9', $this->getAllLogins()], // a user with write access only can only see itself + [$expectedLogins = $this->buildLogins([10]), $identity = 'login10', $this->getAllLogins()], // a user with view and write access to a site can only see itself + [$expectedLogins = [], $identity = 'login1', []], // no users given, should return empty array for user with super user access + [$expectedLogins = [], $identity = 'login2', []], // no users given, should return empty array for user with admin access + [$expectedLogins = [], $identity = 'login9', []], // no users given, should return empty array for user with write access + [$expectedLogins = [], $identity = 'login3', []], // no users given, should return empty array for user with no access + [$expectedLogins = [], $identity = 'login4', []], // no users given, should return empty array for user with only view access + [$expectedLogins = ['anonymous'], $identity = 'anonymous', ['anonymous']], // anonymous user can see itself + ]; } - public function test_getAllLogins_shouldBeUpToDate() + public function testGetAllLoginsShouldBeUpToDate() { $this->assertSame($this->model->getUsersLogin(), $this->getAllLogins()); $this->assertNotEmpty($this->getAllLogins()); } - public function test_buildLogins() + public function testBuildLogins() { - $this->assertSame(array('login2', 'login3', 'login7'), $this->buildLogins(array(2,3,7))); - $this->assertSame(array(), $this->buildLogins(array())); + $this->assertSame(['login2', 'login3', 'login7'], $this->buildLogins([2,3,7])); + $this->assertSame([], $this->buildLogins([])); } private static function createManyWebsites() @@ -273,7 +287,7 @@ class UserAccessFilterTest extends IntegrationTestCase private function buildLogins($ids) { - $logins = array(); + $logins = []; foreach ($ids as $id) { $logins[] = 'login' . $id; } @@ -282,7 +296,7 @@ class UserAccessFilterTest extends IntegrationTestCase private function getAllLogins() { - $logins = $this->buildLogins(range(1,8)); + $logins = $this->buildLogins([1, 10, 2,3, 4, 5, 6, 7, 8, 9]); array_unshift($logins, 'anonymous'); return $logins; } @@ -300,6 +314,8 @@ class UserAccessFilterTest extends IntegrationTestCase $model->addUser('login6', md5('pass'), 'email6@example.com', '2008-01-01 00:00:00'); $model->addUser('login7', md5('pass'), 'email7@example.com', '2008-01-01 00:00:00'); $model->addUser('login8', md5('pass'), 'email8@example.com', '2008-01-01 00:00:00'); + $model->addUser('login9', md5('pass'), 'email9@example.com', '2008-01-01 00:00:00'); + $model->addUser('login10', md5('pass'), 'email10@example.com', '2008-01-01 00:00:00'); $model->addUser('anonymous', '', 'ano@example.com', '2008-01-01 00:00:00'); $model->setSuperUserAccess('login1', true); // we treat this one as our superuser @@ -314,17 +330,18 @@ class UserAccessFilterTest extends IntegrationTestCase private function configureAccessForLogin($login) { $hasSuperUser = false; - $idSitesAdmin = array(); - $idSitesView = array(); + $idSitesAdmin = []; + $idSitesWrite = []; + $idSitesView = []; if ($login === 'login1') { $hasSuperUser = true; } elseif (isset(self::$users[$login])) { $idSitesAdmin = self::$users[$login]['admin']; + $idSitesWrite = self::$users[$login]['write']; $idSitesView = self::$users[$login]['view']; } - FakeAccess::clearAccess($hasSuperUser, $idSitesAdmin, $idSitesView, $login); + FakeAccess::clearAccess($hasSuperUser, $idSitesAdmin, $idSitesView, $login, $idSitesWrite); } - } |