diff --git a/VERSIONS_HOTLINE/31595 b/VERSIONS_HOTLINE/31595
new file mode 100644
index 0000000000000000000000000000000000000000..e1e306fc3f01e790071d174a6d890dfe5060ae07
--- /dev/null
+++ b/VERSIONS_HOTLINE/31595
@@ -0,0 +1 @@
+ - ticket #31595 : Permissions sur les articles : correction maintien du droit de l'utilisateur après suppression de l'accès articles sur le groupe
\ No newline at end of file
diff --git a/library/Class/Permission.php b/library/Class/Permission.php
index e23bd7d61a0f961f1bbc2547f2e037e63a2afab6..2eb4ec7e310909893d47e59a4123025a8ae2ab11 100644
--- a/library/Class/Permission.php
+++ b/library/Class/Permission.php
@@ -105,6 +105,12 @@ class PermissionLoader extends Storm_Model_Loader {
0, strlen(static::DYNAMIC_PREFIX)))
$permission->delete();
}
+
+
+ public function denyAllCmsTo($group) {
+ Class_UserGroup_Permission::denyAllToGroup(Class_Permission::getCmsPermissions(),
+ $group);
+ }
}
diff --git a/library/Class/UserGroup.php b/library/Class/UserGroup.php
index ee0c21dc52b75abcb2081ff0daaa8267b0a52780..0b2d10b48499cc6778f4e265da1b726d58fea345 100644
--- a/library/Class/UserGroup.php
+++ b/library/Class/UserGroup.php
@@ -492,6 +492,12 @@ class Class_UserGroup extends Storm_Model_Abstract {
return true;
return false;
}
+
+
+ public function afterSave() {
+ if (!$this->hasRight(static::RIGHT_USER_ACCES_ARTICLES))
+ Class_Permission::denyAllCmsTo($this);
+ }
}
?>
\ No newline at end of file
diff --git a/library/Class/UserGroup/Permission.php b/library/Class/UserGroup/Permission.php
index 5a9060ac531515b0291c9e417b33f420c42b2b15..a9628c4c49f495f85e0e20ff655dfcd1fe5262bf 100644
--- a/library/Class/UserGroup/Permission.php
+++ b/library/Class/UserGroup/Permission.php
@@ -91,6 +91,19 @@ class UserGroup_PermissionLoader extends Storm_Model_Loader {
Class_UserGroup_Permission::deleteBy($params);
}
+
+
+ public function denyAllToGroup($permissions, $group) {
+ if (!$permissions || !$group)
+ return;
+
+ $ids = [];
+ foreach ($permissions as $permission)
+ $ids[] = $permission->getId();
+
+ Class_UserGroup_Permission::deleteBy(['id_permission' => $ids,
+ 'id_group' => $group->getId()]);
+ }
}
diff --git a/tests/application/modules/admin/controllers/CmsControllerTest.php b/tests/application/modules/admin/controllers/CmsControllerTest.php
index 98aa5fe49aeaf47aefe53d7f02cb45ff640e1505..d41c4be3ae52932e19d0ac81e8eb82f664163e59 100644
--- a/tests/application/modules/admin/controllers/CmsControllerTest.php
+++ b/tests/application/modules/admin/controllers/CmsControllerTest.php
@@ -34,16 +34,19 @@ abstract class CmsControllerTestCase extends Admin_AbstractControllerTestCase {
$_cat_a_la_une,
$_cat_atelier;
+ protected $_storm_default_to_volatile = true;
+
public function setUp() {
parent::setUp();
$_SERVER['SCRIPT_NAME'] = '';
- Storm_Model_Loader::defaultToVolatile();
$this->setupBib();
- $this->_group_testing = $this->fixture('Class_UserGroup', ['id' => 22,
- 'libelle' => 'Testing group']);
+ $this->_group_testing = $this->fixture('Class_UserGroup',
+ ['id' => 22,
+ 'libelle' => 'Testing group',
+ 'rights' => [Class_UserGroup::RIGHT_USER_ACCES_ARTICLES]]);
$this->_group_admin = $this->fixture('Class_UserGroup', ['id' => 24,
@@ -90,12 +93,6 @@ abstract class CmsControllerTestCase extends Admin_AbstractControllerTestCase {
}
- public function tearDown() {
- Storm_Model_Loader::defaultToDb();
- parent::tearDown();
- }
-
-
public function setupLieux() {
$this->lieu_bonlieu = $this->fixture('Class_Lieu', ['id' => 3,
'libelle' => 'Bonlieu',
@@ -1704,14 +1701,14 @@ class CmsControllerNewsAddActionPostWithWorkflowTest
/** @test */
public function newArticleSavedWithStatusAValiderShouldSendDeduplicatedMails() {
+ $this->_group_testing->addUser($this->_laurent)->save();
+ Class_Permission::validateArticle()
+ ->permitTo($this->_group_testing, $this->_cat_a_la_une);
+
$data = $this->_basePostDatas;
$data['status'] = Class_Article::STATUS_VALIDATION_PENDING;
+ $this->postDispatch('/admin/cms/add/id_cat/23', $data);
- $this->_group_testing->addUser($this->_laurent)->save();
- Class_Permission::validateArticle()->permitTo($this->_group_testing,
- $this->_cat_a_la_une);
- $this->postDispatch('/admin/cms/add/id_cat/23',
- $data);
$this->assertEquals(['<laurent@afi-sa.fr>', '<bernard@afi-sa.fr>', '<admin@afi-sa.fr>', 'append' => true],
$this->mock_transport->getSentMails()[0]->getHeaders()['To']);
}
diff --git a/tests/application/modules/admin/controllers/UserGroupControllerTest.php b/tests/application/modules/admin/controllers/UserGroupControllerTest.php
index d7087d8a9ea70cf4b78bb8d9f200161e7fe71702..9dbfbc3b73d83d308030f58b3de4c0c99b51a49e 100644
--- a/tests/application/modules/admin/controllers/UserGroupControllerTest.php
+++ b/tests/application/modules/admin/controllers/UserGroupControllerTest.php
@@ -30,15 +30,10 @@ abstract class Admin_UserGroupControllerTestCase extends Admin_AbstractControlle
$_group_moderateurs,
$_group_subscribers;
- public function tearDown() {
- Storm_Model_Loader::defaultToDb();
- parent::tearDown();
- }
-
+ protected $_storm_default_to_volatile = true;
public function setUp() {
parent::setUp();
- Storm_Model_Loader::defaultToVolatile();
$this->fixture('Class_AdminVar',
['id' => 'FORMATIONS', 'valeur' => '1']);
@@ -148,6 +143,63 @@ abstract class Admin_UserGroupControllerTestCase extends Admin_AbstractControlle
+class Admin_UserGroupControllerCmsPermissionsRevokeTest extends Admin_UserGroupControllerTestCase {
+ public function setUp() {
+ parent::setUp();
+
+ $this->_group_search
+ ->addRight(Class_UserGroup::RIGHT_USER_ACCES_ARTICLES)
+ ->save();
+
+ $this->enableCmsPermissions();
+ Class_Permission::createArticleCategory()
+ ->permitTo($this->_group_search, $this->fixture('Class_ArticleCategorie',
+ ['id' => 234,
+ 'libelle' => 'Testing Category']));
+
+ $this->postDispatch('admin/usergroup/edit/id/' . $this->_group_search->getId(),
+ ['libelle' => 'Chercheurs',
+ 'rights' => []]);
+ }
+
+
+ /** @test */
+ public function rightShouldHaveBeenRevoked() {
+ $this->assertFalse($this->_user_group->hasRight(Class_UserGroup::RIGHT_USER_ACCES_ARTICLES));
+ }
+
+
+ /** @test */
+ public function cmsPermissionShouldHaveBeenRevoked() {
+ $this->assertFalse($this->_group_search
+ ->hasPermissionOn(Class_Permission::createArticleCategory(),
+ Class_ArticleCategorie::find(234)));
+ }
+
+
+
+ protected function enableCmsPermissions() {
+ $cnt = 1;
+ foreach ([['CATEGORY', 'ARTICLE', 'Sur la catégorie', 1, 'Créer des sous-catégories'],
+ ['ARTICLE', 'ARTICLE', 'Sur la catégorie', 2, 'Créer des articles'],
+ ['PENDING', 'ARTICLE', 'Nouveaux statuts autorisés', 1, 'À valider'],
+ ['VALIDATED', 'ARTICLE', 'Nouveaux statuts autorisés', 101, 'Validé'],
+ ['REFUSED', 'ARTICLE', 'Nouveaux statuts autorisés', 102, 'Refusé'],
+ ['ARCHIVED', 'ARTICLE', 'Nouveaux statuts autorisés', 103, 'Archivé']] as $permission) {
+ $this->fixture('Class_Permission',
+ ['id' => $cnt++,
+ 'code' => $permission[0],
+ 'module' => $permission[1],
+ 'type' => $permission[2],
+ 'sorting' => $permission[3],
+ 'description' => $permission[4]]);
+ }
+
+ return $this;
+ }
+}
+
+
class Admin_UserGroupControllerListTest extends Admin_UserGroupControllerTestCase {
protected $_json;