diff options
Diffstat (limited to 'plugins')
44 files changed, 1292 insertions, 9 deletions
diff --git a/plugins/UsersManager/.gitignore b/plugins/UsersManager/.gitignore new file mode 100644 index 0000000000..c8c9480010 --- /dev/null +++ b/plugins/UsersManager/.gitignore @@ -0,0 +1 @@ +tests/System/processed/*xml
\ No newline at end of file diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php index 036f77b6bf..ec900ff65d 100644 --- a/plugins/UsersManager/API.php +++ b/plugins/UsersManager/API.php @@ -40,14 +40,20 @@ class API extends \Piwik\Plugin\API */ private $model; + /** + * @var UserAccessFilter + */ + private $userFilter; + const PREFERENCE_DEFAULT_REPORT = 'defaultReport'; const PREFERENCE_DEFAULT_REPORT_DATE = 'defaultReportDate'; private static $instance = null; - public function __construct(Model $model) + public function __construct(Model $model, UserAccessFilter $filter) { $this->model = $model; + $this->userFilter = $filter; } /** @@ -201,6 +207,7 @@ class API extends \Piwik\Plugin\API } $users = $this->model->getUsers($logins); + $users = $this->userFilter->filterUsers($users); // Non Super user can only access login & alias if (!Piwik::hasUserSuperUserAccess()) { @@ -221,7 +228,10 @@ class API extends \Piwik\Plugin\API { Piwik::checkUserHasSomeAdminAccess(); - return $this->model->getUsersLogin(); + $logins = $this->model->getUsersLogin(); + $logins = $this->userFilter->filterLogins($logins); + + return $logins; } /** @@ -244,7 +254,10 @@ class API extends \Piwik\Plugin\API $this->checkAccessType($access); - return $this->model->getUsersSitesFromAccess($access); + $userSites = $this->model->getUsersSitesFromAccess($access); + $userSites = $this->userFilter->filterLoginIndexedArray($userSites); + + return $userSites; } /** @@ -266,7 +279,10 @@ class API extends \Piwik\Plugin\API { Piwik::checkUserHasAdminAccess($idSite); - return $this->model->getUsersAccessFromSite($idSite); + $usersAccess = $this->model->getUsersAccessFromSite($idSite); + $usersAccess = $this->userFilter->filterLoginIndexedArray($usersAccess); + + return $usersAccess; } public function getUsersWithSiteAccess($idSite, $access) @@ -280,6 +296,7 @@ class API extends \Piwik\Plugin\API return array(); } + $logins = $this->userFilter->filterLogins($logins); $logins = implode(',', $logins); return $this->getUsers($logins); @@ -336,7 +353,9 @@ class API extends \Piwik\Plugin\API Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin); $this->checkUserExists($userLogin); - return $this->model->getUser($userLogin); + $user = $this->model->getUser($userLogin); + + return $this->userFilter->filterUser($user); } /** @@ -351,7 +370,9 @@ class API extends \Piwik\Plugin\API Piwik::checkUserHasSuperUserAccess(); $this->checkUserEmailExists($userEmail); - return $this->model->getUserByEmail($userEmail); + $user = $this->model->getUserByEmail($userEmail); + + return $this->userFilter->filterUser($user); } private function checkLogin($userLogin) @@ -485,6 +506,9 @@ class API extends \Piwik\Plugin\API unset($user['token_auth']); } + // we do not filter these users by access and return them all since we need to print this information in the + // UI and they are allowed to see this. + return $users; } @@ -607,11 +631,33 @@ class API extends \Piwik\Plugin\API public function userEmailExists($userEmail) { Piwik::checkUserIsNotAnonymous(); + Piwik::checkUserHasSomeViewAccess(); return $this->model->userEmailExists($userEmail); } /** + * Returns the first login name of an existing user that has the given email address. If no user can be found for + * this user an error will be returned. + * + * @param string $userEmail + * @return bool true if the user is known + */ + public function getUserLoginFromUserEmail($userEmail) + { + Piwik::checkUserIsNotAnonymous(); + Piwik::checkUserHasSomeAdminAccess(); + + $this->checkUserEmailExists($userEmail); + + $user = $this->model->getUserByEmail($userEmail); + + // any user with some admin access is allowed to find any user by email, no need to filter by access here + + return $user['login']; + } + + /** * Set an access level to a given user for a list of websites ID. * * If access = 'noaccess' the current access (if any) will be deleted. diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php index 37e13fcefa..e14a783451 100644 --- a/plugins/UsersManager/Controller.php +++ b/plugins/UsersManager/Controller.php @@ -9,6 +9,7 @@ namespace Piwik\Plugins\UsersManager; use Exception; +use Piwik\Access; use Piwik\API\Request; use Piwik\API\ResponseBuilder; use Piwik\Common; @@ -123,6 +124,7 @@ class Controller extends ControllerAdmin } } + $view->hasOnlyAdminAccess = Piwik::isUserHasSomeAdminAccess() && !Piwik::hasUserSuperUserAccess(); $view->anonymousHasViewAccess = $this->hasAnonymousUserViewAccess($usersAccessByWebsite); $view->idSiteSelected = $idSiteSelected; $view->defaultReportSiteName = $defaultReportSiteName; diff --git a/plugins/UsersManager/UserAccessFilter.php b/plugins/UsersManager/UserAccessFilter.php new file mode 100644 index 0000000000..20fd671aa3 --- /dev/null +++ b/plugins/UsersManager/UserAccessFilter.php @@ -0,0 +1,183 @@ +<?php +/** + * Piwik - free/libre analytics platform + * + * @link http://piwik.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ +namespace Piwik\Plugins\UsersManager; + +use Piwik\Access; + +/** + * This class offers methods to filter a list of users, logins, or anything that is related to users/logins. + * + * * By default a super user is allowed to see all users. + * * A user having admin access is allowed to see all other users that have view or admin access to the same access. + * * A user not having any admin access is only allowed to see the own user. + * + * The methods in this class make sure to only return the data for logins / users the current user actually has + * permission to see. + * + * FYI: The anonymous user is not treated in any special way. The anonymous user is a regular user with no access or + * view access only and can only see itself. + */ +class UserAccessFilter +{ + /** + * @var Model + */ + private $model; + + /** + * @var Access + */ + private $access; + + /** + * Holds a list of all idSites the current user has view access to. Only used for caching. + * @var array + */ + private $idSitesWithAdmin; + + /** + * Holds a list of all user logins that have admin access. Only used for caching + * @var array Array ('loginName' => array(idsites...)) + */ + private $usersWithAdminAccess; + + /** + * Holds a list of all user logins that have view access. Only used for caching + * @var array Array ('loginName' => array(idsites...)) + */ + private $usersWithViewAccess; + + public function __construct(Model $model, Access $access) + { + $this->model = $model; + $this->access = $access; + } + + /** + * Removes all array values where the current user has no permission to see the existence of a given login index/key. + * @param array $arrayIndexedByLogin An array that is indexed by login / usernames. Eg: + * array('username1' => 5, 'username2' => array(...), ...) + * @return array + */ + public function filterLoginIndexedArray($arrayIndexedByLogin) + { + if ($this->access->hasSuperUserAccess()) { + return $arrayIndexedByLogin; // this part is not needed but makes it faster for super user. + } + + $allowedLogins = $this->filterLogins(array_keys($arrayIndexedByLogin)); + + return array_intersect_key($arrayIndexedByLogin, array_flip($allowedLogins)); + } + + /** + * Removes all users from the list of the given users where the current user has no permission to see the existence + * of that other user. + * @param array $users An array of arrays. Each inner array must have a key 'login'. Eg: + * array(array('login' => 'username1'), array('login' => 'username2'), ...) + * @return array + */ + public function filterUsers($users) + { + if ($this->access->hasSuperUserAccess()) { + return $users; + } + + if (!$this->access->isUserHasSomeAdminAccess()) { + // keep only own user if it is in the list + foreach ($users as $user) { + if ($this->isOwnLogin($user['login'])) { + return array($user); + } + } + + return array(); + } + + foreach ($users as $index => $user) { + if (!$this->isNonSuperUserAllowedToSeeThisLogin($user['login'])) { + unset($users[$index]); + } + } + + return array_values($users); + } + + /** + * Returns the given user only if the current user has permission to see the given user + * @param array $user An array containing a key 'login' + * @return bool + */ + public function filterUser($user) + { + if ($this->access->hasSuperUserAccess() || $this->isNonSuperUserAllowedToSeeThisLogin($user['login'])) { + return $user; + } + } + + /** + * Removes all logins from the list of logins where the current user has no permission to see them. + * + * @param string[] $logins An array of logins / usernames. Eg array('username1', 'username2') + * @return array + */ + public function filterLogins($logins) + { + if ($this->access->hasSuperUserAccess()) { + return $logins; + } + + if (!$this->access->isUserHasSomeAdminAccess()) { + // keep only own user if it is in the list + foreach ($logins as $login) { + if ($this->isOwnLogin($login)) { + return array($login); + } + } + + return array(); + } + + foreach ($logins as $index => $login) { + if (!$this->isNonSuperUserAllowedToSeeThisLogin($login)) { + unset($logins[$index]); + } + } + + return array_values($logins); + } + + protected function isNonSuperUserAllowedToSeeThisLogin($login) + { + // we do not test for super user access here for better performance as we would otherwise test for access for + // each single login in the other calling methods. + return $this->hasAccessToSameSite($login) || $this->isOwnLogin($login); + } + + private function isOwnLogin($login) + { + return $login === $this->access->getLogin(); + } + + private function hasAccessToSameSite($login) + { + // users is allowed to see other users having view or admin access to these sites + if (!isset($this->idSitesWithAdmin)) { + $this->idSitesWithAdmin = $this->access->getSitesIdWithAdminAccess(); + $this->usersWithAdminAccess = $this->model->getUsersSitesFromAccess('admin'); + $this->usersWithViewAccess = $this->model->getUsersSitesFromAccess('view'); + } + + return ( + (isset($this->usersWithViewAccess[$login]) && array_intersect($this->idSitesWithAdmin, $this->usersWithViewAccess[$login])) + || + (isset($this->usersWithAdminAccess[$login]) && array_intersect($this->idSitesWithAdmin, $this->usersWithAdminAccess[$login])) + ); + } +} diff --git a/plugins/UsersManager/UsersManager.php b/plugins/UsersManager/UsersManager.php index 340f081b5f..344faf107a 100644 --- a/plugins/UsersManager/UsersManager.php +++ b/plugins/UsersManager/UsersManager.php @@ -94,6 +94,7 @@ class UsersManager extends \Piwik\Plugin { $jsFiles[] = "plugins/UsersManager/javascripts/usersManager.js"; $jsFiles[] = "plugins/UsersManager/javascripts/usersSettings.js"; + $jsFiles[] = "plugins/UsersManager/javascripts/giveViewAccess.js"; } /** @@ -165,5 +166,7 @@ class UsersManager extends \Piwik\Plugin $translationKeys[] = "UsersManager_ConfirmGrantSuperUserAccess"; $translationKeys[] = "UsersManager_ConfirmProhibitOtherUsersSuperUserAccess"; $translationKeys[] = "UsersManager_ConfirmProhibitMySuperUserAccess"; + $translationKeys[] = "UsersManager_ExceptionUserHasViewAccessAlready"; + $translationKeys[] = "UsersManager_ExceptionNoValueForUsernameOrEmail"; } } diff --git a/plugins/UsersManager/javascripts/giveViewAccess.js b/plugins/UsersManager/javascripts/giveViewAccess.js new file mode 100644 index 0000000000..91300547c7 --- /dev/null +++ b/plugins/UsersManager/javascripts/giveViewAccess.js @@ -0,0 +1,169 @@ +/*! + * Piwik - free/libre analytics platform + * + * @link http://piwik.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + */ + +$(document).ready(function () { + + function hideLoading() + { + $('#giveUserAccessToViewReports').prop('disabled', false); + $('#ajaxLoadingGiveViewAccess').hide(); + } + + function showLoading() + { + $('#giveUserAccessToViewReports').prop('disabled', true); + $('#ajaxLoadingGiveViewAccess').show(); + } + + function showErrorNotification(errorMessage) + { + var placeAt = '#ajaxErrorGiveViewAccess'; + $(placeAt).show(); + + var UI = require('piwik/UI'); + var notification = new UI.Notification(); + notification.show(errorMessage, { + placeat: placeAt, + context: 'error', + id: 'ajaxHelper', + type: null + }); + notification.scrollToNotification(); + hideLoading(); + } + + function createNewAjaxHelper() + { + var ajaxHandler = new ajaxHelper(); + ajaxHandler.setCompleteCallback(function (xhr, status) { + if (xhr && + xhr.responseJSON && + xhr.responseJSON.message && + xhr.responseJSON.result && + xhr.responseJSON.result == 'error') { + hideLoading(); + } + if (status && String(status).toLowerCase() !== 'sucess') { + hideLoading(); + } + }); + ajaxHandler.addParams({ + module: 'API', + format: 'json' + }, 'GET'); + ajaxHandler.setErrorElement('#ajaxErrorGiveViewAccess'); + + return ajaxHandler; + } + + function sendViewAccess(userLogin) + { + sendUpdateUserAccess(userLogin, 'view', function () { window.location.reload(); }); + setTimeout(hideLoading, 250); + // we hide loading after a bit since we cannot influence the ajax request in case of any error + } + + function setViewAccessForUserToAllWebsitesIfUserConfirms(userLogin) + { + // ask confirmation + $('#confirm').find('#login').text(userLogin); + + function onValidate() { + sendViewAccess(userLogin); + } + + piwikHelper.modalConfirm('#confirm', {yes: onValidate, no: hideLoading}) + } + + function setViewAccessForUserIfNotAlreadyHasAccess(userLogin, idSites) + { + var ajaxHandler = createNewAjaxHelper(); + ajaxHandler.addParams({ + method: 'UsersManager.getUsersAccessFromSite', + userLogin: userLogin, + idSite: idSites + }, 'GET'); + ajaxHandler.setCallback(function (users) { + if (users && users[0] && users[0][userLogin]) { + showErrorNotification(_pk_translate('UsersManager_ExceptionUserHasViewAccessAlready')); + } else { + sendViewAccess(userLogin); + } + + }); + ajaxHandler.send(); + } + + function ifUserExists(usernameOrEmail, callback) + { + var ajaxHandler = createNewAjaxHelper(); + ajaxHandler.addParams({ + method: 'UsersManager.userExists', + userLogin: usernameOrEmail, + }, 'GET'); + ajaxHandler.setCallback(callback); + ajaxHandler.send(); + } + + function getUsernameFromEmail(usernameOrEmail, callback) + { + var ajaxHandler = createNewAjaxHelper(); + ajaxHandler.addParams({ + method: 'UsersManager.getUserLoginFromUserEmail', + userEmail: usernameOrEmail, + }, 'GET'); + ajaxHandler.setCallback(callback); + ajaxHandler.send(); + } + + function giveViewAccessToUser(userLogin) + { + var idSites = getIdSites(); + + if (idSites === 'all') { + setViewAccessForUserToAllWebsitesIfUserConfirms(userLogin); + } else { + setViewAccessForUserIfNotAlreadyHasAccess(userLogin, idSites); + } + } + + $('#showGiveViewAccessForm').click(function () { + $('#giveViewAccessForm').toggle() + }); + + $('#giveViewAccessForm #user_invite').keypress(function (e) { + var key = e.keyCode || e.which; + if (key == 13) { + $('#giveViewAccessForm #giveUserAccessToViewReports').click(); + } + }); + + $('#giveViewAccessForm #giveUserAccessToViewReports').click(function () { + showLoading(); + + var usernameOrEmail = $('#user_invite').val(); + + if (!usernameOrEmail) { + showErrorNotification(_pk_translate('UsersManager_ExceptionNoValueForUsernameOrEmail')); + return; + } + + ifUserExists(usernameOrEmail, function (isUserName) { + if (isUserName && isUserName.value) { + giveViewAccessToUser(usernameOrEmail); + } else { + getUsernameFromEmail(usernameOrEmail, function (login) { + if (login && login.value) { + giveViewAccessToUser(login.value); + } else { + hideLoading(); + } + }); + } + }); + }); +}); diff --git a/plugins/UsersManager/javascripts/usersManager.js b/plugins/UsersManager/javascripts/usersManager.js index c0aaeb9bf2..eb0452013c 100644 --- a/plugins/UsersManager/javascripts/usersManager.js +++ b/plugins/UsersManager/javascripts/usersManager.js @@ -292,8 +292,7 @@ $(document).ready(function () { }); }); - $('#access .updateAccess') - .click(bindUpdateAccess); + $('#access .updateAccess').click(bindUpdateAccess); $('#superUserAccess .accessGranted, #superUserAccess .updateAccess').click(bindUpdateSuperUserAccess); diff --git a/plugins/UsersManager/lang/en.json b/plugins/UsersManager/lang/en.json index 522039c459..144b66ec03 100644 --- a/plugins/UsersManager/lang/en.json +++ b/plugins/UsersManager/lang/en.json @@ -17,6 +17,7 @@ "DeleteConfirm": "Are you sure you want to delete the user %s?", "Email": "Email", "EmailYourAdministrator": "%1$sE-mail your administrator about this problem%2$s.", + "EnterUsernameOrEmail": "Enter a username or email address", "ExceptionAccessValues": "The parameter access must have one of the following values: [ %s ]", "ExceptionAdminAnonymous": "You cannot grant 'admin' access to the 'anonymous' user.", "ExceptionDeleteDoesNotExist": "User '%s' doesn't exist therefore it can't be deleted.", @@ -32,8 +33,13 @@ "ExceptionSuperUserAccess": "This user has Super User access and has already permission to access and modify all websites in Piwik. You may remove the Super User access from this user and try again.", "ExceptionUserDoesNotExist": "User '%s' doesn't exist.", "ExceptionYouMustGrantSuperUserAccessFirst": "There has to be at least one user with Super User access. Please grant Super User access to another user first.", + "ExceptionUserHasViewAccessAlready": "This user has access to this website already.", + "ExceptionNoValueForUsernameOrEmail": "Please enter a username or email address.", "ExcludeVisitsViaCookie": "Exclude your visits using a cookie", "ForAnonymousUsersReportDateToLoadByDefault": "For anonymous users, report date to load by default", + "GiveViewAccess": "Give view access", + "GiveViewAccessTitle": "Give an existing user access to view reports for %s", + "GiveViewAccessInstructions": "To give an existing user view access for %s enter the username or email address of an existing user", "IfYouWouldLikeToChangeThePasswordTypeANewOne": "If you would like to change the password type a new one. Otherwise leave this blank.", "InjectedHostCannotChangePwd": "You are currently visiting with an unknown host (%1$s). You cannot change your password until this problem is fixed.", "LastSeen": "Last seen", diff --git a/plugins/UsersManager/stylesheets/usersManager.less b/plugins/UsersManager/stylesheets/usersManager.less index 949ea61d2d..330e8569d7 100644 --- a/plugins/UsersManager/stylesheets/usersManager.less +++ b/plugins/UsersManager/stylesheets/usersManager.less @@ -42,4 +42,17 @@ .old-ie #sites.usersManager .sites_selector_title { height: 30px; -}
\ No newline at end of file +} + +#showGiveViewAccessForm { + text-align: left; +} + +#giveViewAccessForm { + display: none; + margin-left: 30px; + + #user_invite { + min-width: 300px; + } +} diff --git a/plugins/UsersManager/templates/index.twig b/plugins/UsersManager/templates/index.twig index 6bf12d01e0..9ce934ec18 100644 --- a/plugins/UsersManager/templates/index.twig +++ b/plugins/UsersManager/templates/index.twig @@ -55,6 +55,7 @@ {% set accesInvalid %}<img src='plugins/UsersManager/images/no-access.png' class='updateAccess' />{% endset %} {% set superUserAccess %}<span title="{{ 'UsersManager_ExceptionSuperUserAccess'|translate }}">N/A</span>{% endset %} {% for login,access in usersAccessByWebsite %} + {% if userIsSuperUser or (hasOnlyAdminAccess and access!='noaccess') %} <tr> <td id='login'>{{ login }}</td> <td>{{ usersAliasByLogin[login]|raw }}</td> @@ -84,12 +85,34 @@ {% endif %} </td> </tr> + {% endif %} {% endfor %} </tbody> </table> <div id="accessUpdated" style="vertical-align:top;"></div> </div> +{% if hasOnlyAdminAccess %} + <p> + <button id="showGiveViewAccessForm" class="add-user btn btn-lg btn-flat"> + <span class="icon-add"></span> + {{ 'UsersManager_GiveViewAccessTitle'|translate('"' ~ defaultReportSiteName ~ '"') }} + </button> + </p> + <form id="giveViewAccessForm"> + <div class="form-group"> + <input type="text" name="user_invite" + id="user_invite" + placeholder="{{ 'UsersManager_EnterUsernameOrEmail'|translate|e('html_attr') }}" + title="{{ 'UsersManager_GiveViewAccessInstructions'|translate("'" ~ defaultReportSiteName ~ "'")|e('html_attr') }}"> + </div> + + <input class="btn" type="button" id="giveUserAccessToViewReports" value="{{ 'UsersManager_GiveViewAccess'|translate|e('html_attr') }}"> + </form> + {{ ajax.errorDiv('ajaxErrorGiveViewAccess') }} + {{ ajax.loadingDiv('ajaxLoadingGiveViewAccess') }} +{% endif %} + <div class="ui-confirm" id="confirm"> <h2>{{ 'UsersManager_ChangeAllConfirm'|translate("<span id='login'></span>")|raw }}</h2> <input role="yes" type="button" value="{{ 'General_Yes'|translate }}"/> diff --git a/plugins/UsersManager/tests/Fixtures/ManyUsers.php b/plugins/UsersManager/tests/Fixtures/ManyUsers.php new file mode 100644 index 0000000000..b92be230f5 --- /dev/null +++ b/plugins/UsersManager/tests/Fixtures/ManyUsers.php @@ -0,0 +1,69 @@ +<?php +/** + * Piwik - free/libre analytics platform + * + * @link http://piwik.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + */ +namespace Piwik\Plugins\UsersManager\tests\Fixtures; + +use Piwik\Plugins\UsersManager\API; +use Piwik\Tests\Framework\Fixture; + +/** + * Generates tracker testing data for our APITest + * + * This Simple fixture adds one website and tracks one visit with couple pageviews and an ecommerce conversion + */ +class ManyUsers extends Fixture +{ + public $dateTime = '2013-01-23 01:23:45'; + public $idSite = 1; + + public $users = array( + 'login1' => array(), + 'login2' => array('view' => array(1,3,5), 'admin' => array(2,6)), + 'login3' => array('view' => array(), 'admin' => array()), // no access to any site + 'login4' => array('view' => array(6), 'admin' => array()), // only access to one with view + 'login5' => array('view' => array(), 'admin' => array(3)), // only access to one with admin + 'login6' => array('view' => array(), 'admin' => array(6,3)), // access to a couple of sites with admin + 'login7' => array('view' => array(2,1,6,3), 'admin' => array()), // access to a couple of sites with view + 'login8' => array('view' => array(4,7), 'admin' => array(2,5)), // access to a couple of sites with admin and view + ); + + public function setUp() + { + $this->setUpWebsite(); + $this->setUpUsers(); + } + + public function tearDown() + { + // empty + } + + private function setUpWebsite() + { + foreach (range(1,7) as $idSite) { + Fixture::createWebsite('2010-01-01 00:00:00'); + } + } + + protected function setUpUsers() + { + $api = API::getInstance(); + foreach ($this->users as $login => $permissions) { + $api->addUser($login, 'password', $login . '@example.com'); + foreach ($permissions as $access => $idSites) { + if (!empty($idSites)) { + $api->setUserAccess($login, $access, $idSites); + } + } + $user = $api->getUser($login); + $this->users[$login]['token'] = $user['token_auth']; + } + + $api->setSuperUserAccess('login1', true); + } + +}
\ No newline at end of file diff --git a/plugins/UsersManager/tests/Integration/UserAccessFilterTest.php b/plugins/UsersManager/tests/Integration/UserAccessFilterTest.php new file mode 100644 index 0000000000..74ce4e09df --- /dev/null +++ b/plugins/UsersManager/tests/Integration/UserAccessFilterTest.php @@ -0,0 +1,322 @@ +<?php +/** + * Piwik - free/libre analytics platform + * + * @link http://piwik.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + */ + +namespace Piwik\Plugins\UsersManager\tests\Integration; + +use Piwik\Access; +use Piwik\Plugins\UsersManager\Model; +use Piwik\Plugins\UsersManager\UserAccessFilter; +use Piwik\Tests\Framework\Fixture; +use Piwik\Tests\Framework\Mock\FakeAccess; +use Piwik\Tests\Framework\TestCase\IntegrationTestCase; + +class TestUserAccessFilter extends UserAccessFilter { + + public function isNonSuperUserAllowedToSeeThisLogin($login) + { + return parent::isNonSuperUserAllowedToSeeThisLogin($login); + } +} + +/** + * @group UsersManager + * @group UserAccessFilterTest + * @group UserAccessFilter + * @group Plugins + */ +class UserAccessFilterTest extends IntegrationTestCase +{ + /** + * @var Model + */ + private $model; + + /** + * @var Access + */ + private $access; + + /** + * @var TestUserAccessFilter + */ + private $filter; + + private $users = array( + 'login2' => array('view' => array(1,3,5), 'admin' => array(2,6)), + 'login3' => array('view' => array(), 'admin' => array()), // no access to any site + 'login4' => array('view' => array(6), 'admin' => array()), // only access to one with view + 'login5' => array('view' => array(), 'admin' => array(3)), // only access to one with admin + 'login6' => array('view' => array(), 'admin' => array(6,3)), // access to a couple of sites with admin + 'login7' => array('view' => array(2,1,6,3), 'admin' => array()), // access to a couple of sites with view + 'login8' => array('view' => array(4,7), 'admin' => array(2,5)), // access to a couple of sites with admin and view + ); + + public function setUp() + { + parent::setUp(); + + // set up your test here if needed + $this->model = new Model(); + $this->access = new FakeAccess(); + + $this->createManyWebsites(); + $this->createManyUsers(); + FakeAccess::clearAccess(); + + $this->filter = new TestUserAccessFilter($this->model, $this->access); + } + + public function test_filterUser_WithSuperUserAccess_ShouldAlwaysReturnTrue() + { + $this->configureAcccessForLogin('login1'); + foreach ($this->getAllLogins() as $login) { + $this->assertSame(array('login' => $login), $this->filter->filterUser(array('login' => $login))); + } + } + + public function test_filterUser_WithViewUserAccess_ShouldOnlyReturnUserForOwnLogin() + { + $identity = 'login4'; + $this->configureAcccessForLogin($identity); + $this->assertSame(array('login' => $identity), $this->filter->filterUser(array('login' => $identity))); + foreach ($this->getAllLogins() as $login) { + if ($login !== $identity) { + $this->assertNull($this->filter->filterUser(array('login' => $login))); + } + } + } + + /** + * @dataProvider getIsUserAllowedToSeeThisLoginWithAdminAccess + */ + public function test_filterUser_WithAdminAccess_ShouldOnlyReturnUserForOwnLogin($expectedAllowed, $loginToSee) + { + $this->configureAcccessForLogin('login2'); + if ($expectedAllowed) { + $this->assertSame(array('login' => $loginToSee), $this->filter->filterUser(array('login' => $loginToSee))); + } else { + $this->assertSame(null, $this->filter->filterUser(array('login' => $loginToSee))); + } + } + + /** + * @dataProvider getIsUserAllowedToSeeThisLoginWithAdminAccess + */ + public function test_isNonSuperUserAllowedToSeeThisLogin_WithAdminAccess_IsAllowedToSeeAnyUserHavingAccessToSameAdminSites($expectedAllowed, $loginToSee) + { + $this->configureAcccessForLogin('login2'); + $this->assertSame($expectedAllowed, $this->filter->isNonSuperUserAllowedToSeeThisLogin($loginToSee)); + } + + public function getIsUserAllowedToSeeThisLoginWithAdminAccess() + { + return array( + array($expectedAllowed = false, 'login1'), // not allowed to see this user as it has super user access + array($expectedAllowed = true, 'login2'), // it is the own user so visible anyway + array($expectedAllowed = false, 'login3'), // not allowed to see this user as this one does not have access to any site + array($expectedAllowed = true, 'login4'), + array($expectedAllowed = false, 'login5'), // this user doesn't share any site id where the user has admin access + array($expectedAllowed = true, 'login6'), + array($expectedAllowed = true, 'login7'), + array($expectedAllowed = true, 'login8'), + ); + } + + public function test_isNonSuperUserAllowedToSeeThisLogin_WithAdminAccess_IsAllowedToSeeAnyUserHavingAccessToSameAdminSites_UserHasAccessToOnlyOneAdminSite() + { + $this->configureAcccessForLogin('login5'); + + $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login2')); + $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login5')); + $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login7')); + $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login6')); + + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login1')); // a user having view access only is not allowed to see any other user + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login3')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login4')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login8')); + } + + public function test_isNonSuperUserAllowedToSeeThisLogin_WithOnlyViewAccess_IsAllowedToSeeOnlyOwnUser() + { + $this->configureAcccessForLogin('login7'); + $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login7')); // a view user is allowed to see itself + + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login1')); // a user having view access only is not allowed to see any other user + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login2')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login3')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login4')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login5')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login6')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login8')); + } + + public function test_isNonSuperUserAllowedToSeeThisLogin_WithNoAccess_IsStillAllowedToSeeAnyUser() + { + $this->configureAcccessForLogin('login3'); + $this->assertTrue($this->filter->isNonSuperUserAllowedToSeeThisLogin('login3')); // a view user is allowed to see itself + + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login1')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login2')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login4')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login5')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login7')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login6')); + $this->assertFalse($this->filter->isNonSuperUserAllowedToSeeThisLogin('login8')); + } + + /** + * @dataProvider getTestFilterLogins + */ + public function test_filterLogins($expectedLogins, $loginIdentity, $logins) + { + $this->configureAcccessForLogin($loginIdentity); + $this->assertSame($expectedLogins, $this->filter->filterLogins($logins)); // a view user is allowed to see itself + } + + /** + * @dataProvider getTestFilterLogins + */ + public function test_filterUsers($expectedLogins, $loginIdentity, $logins) + { + $this->configureAcccessForLogin($loginIdentity); + + $users = array(); + $expectedUsers = array(); + + foreach ($logins as $login) { + $user = array('login' => $login, 'alias' => 'test', 'password' => md5('pass')); + + $users[] = $user; + if (in_array($login, $expectedLogins)) { + $expectedUsers[] = $user; + } + } + + $this->assertSame($expectedUsers, $this->filter->filterUsers($users)); // a view user is allowed to see itself + } + + /** + * @dataProvider getTestFilterLogins + */ + public function test_filterLoginIndexedArray($expectedLogins, $loginIdentity, $logins) + { + $this->configureAcccessForLogin($loginIdentity); + + $testArray = array(); + $expectedTestArray = array(); + + foreach ($logins as $login) { + $anything = array('foo' . $login); + + $users[$login] = $anything; + + if (in_array($login, $expectedLogins)) { + $expectedUsers[$login] = $anything; + } + } + + $this->assertSame($expectedTestArray, $this->filter->filterLoginIndexedArray($testArray)); // a view user is allowed to see itself + } + + public function getTestFilterLogins() + { + return array( + array($expectedLogins = $this->getAllLogins(), $identity = 'login1', $this->getAllLogins()), // a super user is allowed to see all logins + array($expectedLogins = array('login2', 'foobar'), $identity = 'login1', array('login2', 'foobar')), // for super users we do not even check if they actually exist + array($expectedLogins = $this->buildLogins(array(2,4)), $identity = 'login2', array('login2', 'foobar', 'login4', 'login3')), // should remove logins that do not actually exist when user has admin permission + array($expectedLogins = $this->buildLogins(array(2,4,6,7,8)), $identity = 'login2', $this->getAllLogins()), // an admin user can see users having access to the admin sites + array($expectedLogins = $this->buildLogins(array(3)), $identity = 'login3', $this->getAllLogins()), // a user with no access to any site can only see itself + array($expectedLogins = array('foobar'), $identity = 'foobar', array('foobar')), // doesn't check whether user exists when not having access to any site and user doesn't actually exist + array($expectedLogins = $this->buildLogins(array(4)), $identity = 'login4', $this->getAllLogins()), // a user with only view access to a site can only see itself + array($expectedLogins = $this->buildLogins(array(2,5,6,7)), $identity = 'login5', $this->getAllLogins()), // has access to one admin site + array($expectedLogins = $this->buildLogins(array(2,4,5,6,7)), $identity = 'login6', $this->getAllLogins()), // has access to multiple admin sites + array($expectedLogins = $this->buildLogins(array(7)), $identity = 'login7', $this->getAllLogins()), // has only access to multiple view sites + array($expectedLogins = $this->buildLogins(array(2,7,8)), $identity = 'login8', $this->getAllLogins()), // a user with only view access to a site can only see itself + array($expectedLogins = array(), $identity = 'login1', array()), // no users given, should return empty array for user with super user access + array($expectedLogins = array(), $identity = 'login2', array()), // no users given, should return empty array for user with admin access + array($expectedLogins = array(), $identity = 'login3', array()), // no users given, should return empty array for user with no access + array($expectedLogins = array(), $identity = 'login4', array()), // no users given, should return empty array for user with only view access + array($expectedLogins = array('anonymous'), $identity = 'anonymous', array('anonymous')), // anonymous user can see itself + ); + } + + public function test_getAllLogins_shouldBeUpToDate() + { + $this->assertSame($this->model->getUsersLogin(), $this->getAllLogins()); + $this->assertNotEmpty($this->getAllLogins()); + } + + public function test_buildLogins() + { + $this->assertSame(array('login2', 'login3', 'login7'), $this->buildLogins(array(2,3,7))); + $this->assertSame(array(), $this->buildLogins(array())); + } + + private function createManyWebsites() + { + for ($i = 0; $i < 10; $i++) { + Fixture::createWebsite('2014-01-01 00:00:00'); + } + } + + private function buildLogins($ids) + { + $logins = array(); + foreach ($ids as $id) { + $logins[] = 'login' . $id; + } + return $logins; + } + + private function getAllLogins() + { + $logins = $this->buildLogins(range(1,8)); + array_unshift($logins, 'anonymous'); + return $logins; + } + + private function createManyUsers() + { + $this->model->addUser('login1', md5('pass'), 'email1@example.com', 'alias1', md5('token1'), '2008-01-01 00:00:00'); + $this->model->addUser('login2', md5('pass'), 'email2@example.com', 'alias2', md5('token2'), '2008-01-01 00:00:00'); + // login3 won't have access to any site + $this->model->addUser('login3', md5('pass'), 'email3@example.com', 'alias3', md5('token3'), '2008-01-01 00:00:00'); + $this->model->addUser('login4', md5('pass'), 'email4@example.com', 'alias4', md5('token4'), '2008-01-01 00:00:00'); + $this->model->addUser('login5', md5('pass'), 'email5@example.com', 'alias5', md5('token5'), '2008-01-01 00:00:00'); + $this->model->addUser('login6', md5('pass'), 'email6@example.com', 'alias6', md5('token6'), '2008-01-01 00:00:00'); + $this->model->addUser('login7', md5('pass'), 'email7@example.com', 'alias7', md5('token7'), '2008-01-01 00:00:00'); + $this->model->addUser('login8', md5('pass'), 'email8@example.com', 'alias8', md5('token8'), '2008-01-01 00:00:00'); + $this->model->addUser('anonymous', '', 'ano@example.com', 'anonymous', 'anonymous', '2008-01-01 00:00:00'); + + $this->model->setSuperUserAccess('login1', true); // we treat this one as our superuser + + foreach ($this->users as $login => $permissions) { + foreach ($permissions as $access => $idSites) { + $this->model->addUserAccess($login, $access, $idSites); + } + } + } + + private function configureAcccessForLogin($login) + { + $hasSuperUser = false; + $idSitesAdmin = array(); + $idSitesView = array(); + + if ($login === 'login1') { + $hasSuperUser = true; + } elseif (isset($this->users[$login])) { + $idSitesAdmin = $this->users[$login]['admin']; + $idSitesView = $this->users[$login]['view']; + } + + FakeAccess::clearAccess($hasSuperUser, $idSitesAdmin, $idSitesView, $login); + } + +} diff --git a/plugins/UsersManager/tests/Integration/UsersManagerTest.php b/plugins/UsersManager/tests/Integration/UsersManagerTest.php index 391ba8dab2..4b4dfb6fa7 100644 --- a/plugins/UsersManager/tests/Integration/UsersManagerTest.php +++ b/plugins/UsersManager/tests/Integration/UsersManagerTest.php @@ -378,6 +378,21 @@ class UsersManagerTest extends IntegrationTestCase $this->assertEquals(array($user1, $user2), $this->_removeNonTestableFieldsFromUsers($this->api->getUsers('gegg4564eqgeqag,geggeqge632ge56a4qag'))); } + /** + * @expectedException \Exception + * @expectedExceptionMessage checkUserHasSomeAdminAccess Fake exception + */ + public function testGetUsers_withViewAccess_shouldThrowAnException() + { + $this->api->addUser("gegg4564eqgeqag", "geqgegagae", "tegst@tesgt.com", "alias"); + $this->api->addUser("geggeqge632ge56a4qag", "geqgegeagae", "tesggt@tesgt.com", "alias"); + $this->api->addUser("geggeqgeqagqegg", "geqgeaggggae", "tesgggt@tesgt.com"); + + FakeAccess::clearAccess($superUser = false, $admin = array(), $view = array(1), 'gegg4564eqgeqag'); + + $this->api->getUsers(); + } + protected function _removeNonTestableFieldsFromUsers($users) { foreach ($users as &$user) { @@ -401,6 +416,37 @@ class UsersManagerTest extends IntegrationTestCase $this->assertEquals(array("gegg4564eqgeqag", "geggeqge632ge56a4qag", "geggeqgeqagqegg"), $logins); } + public function testGetUserLoginFromUserEmail() + { + $this->api->addUser('gegg4564eqgeqag', 'geqgegagae', 'tegst@tesgt.com', 'alias'); + $this->api->addUser("geggeqge632ge56a4qag", "geqgegeagae", "tesggt@tesgt.com", "alias"); + $this->api->addUser("geggeqgeqagqegg", "geqgeaggggae", "tesgggt@tesgt.com"); + + $this->assertSame('gegg4564eqgeqag', $this->api->getUserLoginFromUserEmail('tegst@tesgt.com')); + $this->assertSame('geggeqge632ge56a4qag', $this->api->getUserLoginFromUserEmail('tesggt@tesgt.com')); + // test camel case should still find user + $this->assertSame('geggeqge632ge56a4qag', $this->api->getUserLoginFromUserEmail('teSGgT@tesgt.com')); + } + + /** + * @expectedException \Exception + * @expectedExceptionMessage UsersManager_ExceptionUserDoesNotExist + */ + public function testGetUserLoginFromUserEmail_shouldThrowException_IfUserDoesNotExist() + { + $this->api->getUserLoginFromUserEmail('unknownUser@teSsgt.com'); + } + + /** + * @expectedException \Exception + * @expectedExceptionMessage checkUserHasSomeAdminAccess Fake exception + */ + public function testGetUserLoginFromUserEmail_shouldThrowException_IfUserDoesNotHaveAtLeastAdminPermission() + { + FakeAccess::clearAccess($superUser = false, $admin =array(), $view = array(1)); + $this->api->getUserLoginFromUserEmail('tegst@tesgt.com'); + } + /** * @expectedException \Exception * @expectedExceptionMessage UsersManager_ExceptionUserDoesNotExist diff --git a/plugins/UsersManager/tests/System/ApiTest.php b/plugins/UsersManager/tests/System/ApiTest.php new file mode 100644 index 0000000000..7696c786b5 --- /dev/null +++ b/plugins/UsersManager/tests/System/ApiTest.php @@ -0,0 +1,76 @@ +<?php +/** + * Piwik - free/libre analytics platform + * + * @link http://piwik.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + */ + +namespace Piwik\Plugins\UsersManager\tests\System; + +use Piwik\Plugins\UsersManager\tests\Fixtures\ManyUsers; +use Piwik\Tests\Framework\TestCase\SystemTestCase; + +/** + * @group UsersManager + * @group ApiTest + * @group Plugins + */ +class ApiTest extends SystemTestCase +{ + /** + * @var ManyUsers + */ + public static $fixture = null; // initialized below class definition + + /** + * @dataProvider getApiForTesting + */ + public function testApi($api, $params = array()) + { + $apiId = implode('_', $params); + $logins = array( + 'login1' => 'when_superuseraccess', + 'login2' => 'when_adminaccess', + 'login4' => 'when_viewaccess' + ); + + // login1 = super user, login2 = some admin access, login4 = only view access + foreach ($logins as $login => $appendix) { + $params['token_auth'] = self::$fixture->users[$login]['token']; + + $this->runAnyApiTest($api, $apiId . '_' . $appendix, $params, array('xmlFieldsToRemove' => array('date_registered'))); + } + } + + public function getApiForTesting() + { + $apiToTest = array( + array('UsersManager.getUsers'), + array('UsersManager.getUsersLogin'), + array('UsersManager.getUsersAccessFromSite', array('idSite' => 6)), // admin user has admin acces for this + array('UsersManager.getUsersAccessFromSite', array('idSite' => 3)), // admin user has only view access for this, should not see anything + array('UsersManager.getUsersSitesFromAccess', array('access' => 'admin')), + array('UsersManager.getUsersWithSiteAccess', array('idSite' => 3, 'access' => 'admin')), + array('UsersManager.getUser', array('userLogin' => 'login1')), + array('UsersManager.getUser', array('userLogin' => 'login2')), + array('UsersManager.getUser', array('userLogin' => 'login4')), + array('UsersManager.getUser', array('userLogin' => 'login6')), + ); + + return $apiToTest; + } + + public static function getOutputPrefix() + { + return ''; + } + + public static function getPathToTestDirectory() + { + return dirname(__FILE__); + } + +} + +ApiTest::$fixture = new ManyUsers();
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login1_when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login1_when_adminaccess.xml new file mode 100644 index 0000000000..9960d68a9d --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login1_when_adminaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="The user has to be either a Super User or the user 'login1' itself." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login1_when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login1_when_superuseraccess.xml new file mode 100644 index 0000000000..b96941238e --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login1_when_superuseraccess.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login>login1</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login1</alias> + <email>login1@example.com</email> + <token_auth>367ea0b18ee1e641089e5d0a4d5f276d</token_auth> + <superuser_access>1</superuser_access> + + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login1_when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login1_when_viewaccess.xml new file mode 100644 index 0000000000..9960d68a9d --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login1_when_viewaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="The user has to be either a Super User or the user 'login1' itself." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login2_when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login2_when_adminaccess.xml new file mode 100644 index 0000000000..3516ee8eab --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login2_when_adminaccess.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login>login2</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login2</alias> + <email>login2@example.com</email> + <token_auth>ef3cb848005bffc2e2f3c8edbd95c58f</token_auth> + <superuser_access>0</superuser_access> + + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login2_when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login2_when_superuseraccess.xml new file mode 100644 index 0000000000..3516ee8eab --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login2_when_superuseraccess.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login>login2</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login2</alias> + <email>login2@example.com</email> + <token_auth>ef3cb848005bffc2e2f3c8edbd95c58f</token_auth> + <superuser_access>0</superuser_access> + + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login2_when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login2_when_viewaccess.xml new file mode 100644 index 0000000000..907f6cc3b0 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login2_when_viewaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="The user has to be either a Super User or the user 'login2' itself." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login4_when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login4_when_adminaccess.xml new file mode 100644 index 0000000000..99e541176d --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login4_when_adminaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="The user has to be either a Super User or the user 'login4' itself." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login4_when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login4_when_superuseraccess.xml new file mode 100644 index 0000000000..16caa1d378 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login4_when_superuseraccess.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login>login4</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login4</alias> + <email>login4@example.com</email> + <token_auth>dc6fb0514c143d97c72b8be165e7ee0a</token_auth> + <superuser_access>0</superuser_access> + + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login4_when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login4_when_viewaccess.xml new file mode 100644 index 0000000000..16caa1d378 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login4_when_viewaccess.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login>login4</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login4</alias> + <email>login4@example.com</email> + <token_auth>dc6fb0514c143d97c72b8be165e7ee0a</token_auth> + <superuser_access>0</superuser_access> + + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login6_when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login6_when_adminaccess.xml new file mode 100644 index 0000000000..de29ba4336 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login6_when_adminaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="The user has to be either a Super User or the user 'login6' itself." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login6_when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login6_when_superuseraccess.xml new file mode 100644 index 0000000000..2cd79e6cd4 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login6_when_superuseraccess.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login>login6</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login6</alias> + <email>login6@example.com</email> + <token_auth>2cafd6512d8b2739a7b2b01ab6609272</token_auth> + <superuser_access>0</superuser_access> + + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login6_when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login6_when_viewaccess.xml new file mode 100644 index 0000000000..de29ba4336 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUser_login6_when_viewaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="The user has to be either a Super User or the user 'login6' itself." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_3_when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_3_when_adminaccess.xml new file mode 100644 index 0000000000..8dbbc46cd7 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_3_when_adminaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="You can't access this resource as it requires an 'admin' access for the website id = 3." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_3_when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_3_when_superuseraccess.xml new file mode 100644 index 0000000000..29c1c8fc6f --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_3_when_superuseraccess.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login2>view</login2> + <login5>admin</login5> + <login6>admin</login6> + <login7>view</login7> + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_3_when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_3_when_viewaccess.xml new file mode 100644 index 0000000000..8dbbc46cd7 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_3_when_viewaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="You can't access this resource as it requires an 'admin' access for the website id = 3." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_6_when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_6_when_adminaccess.xml new file mode 100644 index 0000000000..ca45c6e1b2 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_6_when_adminaccess.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login2>admin</login2> + <login4>view</login4> + <login6>admin</login6> + <login7>view</login7> + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_6_when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_6_when_superuseraccess.xml new file mode 100644 index 0000000000..ca45c6e1b2 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_6_when_superuseraccess.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login2>admin</login2> + <login4>view</login4> + <login6>admin</login6> + <login7>view</login7> + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_6_when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_6_when_viewaccess.xml new file mode 100644 index 0000000000..77eacac8af --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersAccessFromSite_6_when_viewaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="You can't access this resource as it requires an 'admin' access for the website id = 6." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersLogin__when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersLogin__when_adminaccess.xml new file mode 100644 index 0000000000..11c32f1705 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersLogin__when_adminaccess.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row>login2</row> + <row>login4</row> + <row>login6</row> + <row>login7</row> + <row>login8</row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersLogin__when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersLogin__when_superuseraccess.xml new file mode 100644 index 0000000000..151105d5b4 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersLogin__when_superuseraccess.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row>login1</row> + <row>login2</row> + <row>login3</row> + <row>login4</row> + <row>login5</row> + <row>login6</row> + <row>login7</row> + <row>login8</row> + <row>superUserLogin</row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersLogin__when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersLogin__when_viewaccess.xml new file mode 100644 index 0000000000..89ba742bef --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersLogin__when_viewaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="You can't access this resource as it requires an admin access for at least one website." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersSitesFromAccess_admin_when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersSitesFromAccess_admin_when_adminaccess.xml new file mode 100644 index 0000000000..a88f3cd9e9 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersSitesFromAccess_admin_when_adminaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="You can't access this resource as it requires a 'superuser' access." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersSitesFromAccess_admin_when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersSitesFromAccess_admin_when_superuseraccess.xml new file mode 100644 index 0000000000..52d3c05844 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersSitesFromAccess_admin_when_superuseraccess.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <login2> + <row>2</row> + <row>6</row> + </login2> + <login5> + <row>3</row> + </login5> + <login6> + <row>3</row> + <row>6</row> + </login6> + <login8> + <row>2</row> + <row>5</row> + </login8> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersSitesFromAccess_admin_when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersSitesFromAccess_admin_when_viewaccess.xml new file mode 100644 index 0000000000..a88f3cd9e9 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersSitesFromAccess_admin_when_viewaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="You can't access this resource as it requires a 'superuser' access." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersWithSiteAccess_3_admin_when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersWithSiteAccess_3_admin_when_adminaccess.xml new file mode 100644 index 0000000000..8dbbc46cd7 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersWithSiteAccess_3_admin_when_adminaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="You can't access this resource as it requires an 'admin' access for the website id = 3." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersWithSiteAccess_3_admin_when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersWithSiteAccess_3_admin_when_superuseraccess.xml new file mode 100644 index 0000000000..9af31e8a0c --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersWithSiteAccess_3_admin_when_superuseraccess.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login>login5</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login5</alias> + <email>login5@example.com</email> + <token_auth>4550293427ba5d0a0c96d6123429e9d3</token_auth> + <superuser_access>0</superuser_access> + + </row> + <row> + <login>login6</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login6</alias> + <email>login6@example.com</email> + <token_auth>2cafd6512d8b2739a7b2b01ab6609272</token_auth> + <superuser_access>0</superuser_access> + + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersWithSiteAccess_3_admin_when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersWithSiteAccess_3_admin_when_viewaccess.xml new file mode 100644 index 0000000000..8dbbc46cd7 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsersWithSiteAccess_3_admin_when_viewaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="You can't access this resource as it requires an 'admin' access for the website id = 3." /> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsers__when_adminaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsers__when_adminaccess.xml new file mode 100644 index 0000000000..30411b3ef8 --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsers__when_adminaccess.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login>login2</login> + <alias>login2</alias> + </row> + <row> + <login>login4</login> + <alias>login4</alias> + </row> + <row> + <login>login6</login> + <alias>login6</alias> + </row> + <row> + <login>login7</login> + <alias>login7</alias> + </row> + <row> + <login>login8</login> + <alias>login8</alias> + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsers__when_superuseraccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsers__when_superuseraccess.xml new file mode 100644 index 0000000000..af284f900d --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsers__when_superuseraccess.xml @@ -0,0 +1,84 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <row> + <login>login1</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login1</alias> + <email>login1@example.com</email> + <token_auth>367ea0b18ee1e641089e5d0a4d5f276d</token_auth> + <superuser_access>1</superuser_access> + + </row> + <row> + <login>login2</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login2</alias> + <email>login2@example.com</email> + <token_auth>ef3cb848005bffc2e2f3c8edbd95c58f</token_auth> + <superuser_access>0</superuser_access> + + </row> + <row> + <login>login3</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login3</alias> + <email>login3@example.com</email> + <token_auth>4298f4654bddcccac23e3d38c7d8a79d</token_auth> + <superuser_access>0</superuser_access> + + </row> + <row> + <login>login4</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login4</alias> + <email>login4@example.com</email> + <token_auth>dc6fb0514c143d97c72b8be165e7ee0a</token_auth> + <superuser_access>0</superuser_access> + + </row> + <row> + <login>login5</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login5</alias> + <email>login5@example.com</email> + <token_auth>4550293427ba5d0a0c96d6123429e9d3</token_auth> + <superuser_access>0</superuser_access> + + </row> + <row> + <login>login6</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login6</alias> + <email>login6@example.com</email> + <token_auth>2cafd6512d8b2739a7b2b01ab6609272</token_auth> + <superuser_access>0</superuser_access> + + </row> + <row> + <login>login7</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login7</alias> + <email>login7@example.com</email> + <token_auth>8bda247657d9b13c20843fd97c3fb427</token_auth> + <superuser_access>0</superuser_access> + + </row> + <row> + <login>login8</login> + <password>5f4dcc3b5aa765d61d8327deb882cf99</password> + <alias>login8</alias> + <email>login8@example.com</email> + <token_auth>8fdfef11755e29a8369a57fe2709445b</token_auth> + <superuser_access>0</superuser_access> + + </row> + <row> + <login>superUserLogin</login> + <password>1e56c228742c0189d261500852e27a02</password> + <alias>superUserLogin</alias> + <email>hello@example.org</email> + <token_auth>9ad1de7f8b329ab919d854c556f860c1</token_auth> + <superuser_access>1</superuser_access> + + </row> +</result>
\ No newline at end of file diff --git a/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsers__when_viewaccess.xml b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsers__when_viewaccess.xml new file mode 100644 index 0000000000..89ba742bef --- /dev/null +++ b/plugins/UsersManager/tests/System/expected/test___UsersManager.getUsers__when_viewaccess.xml @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="utf-8" ?> +<result> + <error message="You can't access this resource as it requires an admin access for at least one website." /> +</result>
\ No newline at end of file |