Merge branch '6.13' into 7.1

eZ/Publish/API/Repository/Tests/BaseTest.php

@@ -567,6 +567,46 @@ public function createRoleWithPolicies($roleName, array $policiesData)
         return $roleService->loadRole($roleDraft->id);
     }
 
+    /**
+     * Create user and assign new role with the given policies.
+     *
+     * @param string $login
+     * @param array $policiesData list of policies in the form of <code>[ [ 'module' => 'name', 'function' => 'name'] ]</code>
+     *
+     * @return \eZ\Publish\API\Repository\Values\User\User
+     *
+     * @throws \Exception
+     */
+    public function createUserWithPolicies($login, array $policiesData)
+    {
+        $repository = $this->getRepository(false);
+        $roleService = $repository->getRoleService();
+        $userService = $repository->getUserService();
+
+        $repository->beginTransaction();
+        try {
+            $userCreateStruct = $userService->newUserCreateStruct(
+                $login,
+                "{$login}@test.local",
+                $login,
+                'eng-GB'
+            );
+            $userCreateStruct->setField('first_name', $login);
+            $userCreateStruct->setField('last_name', $login);
+            $user = $userService->createUser($userCreateStruct, [$userService->loadUserGroup(4)]);
+
+            $role = $this->createRoleWithPolicies(uniqid('role_for_' . $login . '_'), $policiesData);
+            $roleService->assignRoleToUser($role, $user);
+
+            $repository->commit();
+
+            return $user;
+        } catch (\Exception $ex) {
+            $repository->rollback();
+            throw $ex;
+        }
+    }
+
     /**
      * Traverse all errors for all fields in all Translations to find expected one.
      *

eZ/Publish/API/Repository/Tests/TrashServiceAuthorizationTest.php

@@ -47,38 +47,58 @@ public function testLoadTrashItemThrowsUnauthorizedException()
     }
 
     /**
-     * Test for the trash() method.
+     * Test for the trash() method without proper permissions.
      *
-     * @see \eZ\Publish\API\Repository\TrashService::trash()
-     * @expectedException \eZ\Publish\API\Repository\Exceptions\UnauthorizedException
-     * @depends eZ\Publish\API\Repository\Tests\TrashServiceTest::testTrash
-     * @depends eZ\Publish\API\Repository\Tests\UserServiceTest::testLoadAnonymousUser
+     * @covers \eZ\Publish\API\Repository\TrashService::trash
+     *
+     * @expectedException \eZ\Publish\Core\Base\Exceptions\UnauthorizedException
+     * @expectedExceptionMessage User does not have access to 'remove' 'content'
      */
     public function testTrashThrowsUnauthorizedException()
     {
         $repository = $this->getRepository();
+        $trashService = $repository->getTrashService();
+        $locationService = $repository->getLocationService();
 
-        $anonymousUserId = $this->generateId('user', 10);
-        /* BEGIN: Inline */
-        // $anonymousUserId is the ID of the "Anonymous" user
-        // remoteId of the "Media" page main location
-        $mediaRemoteId = '75c715a51699d2d309a924eca6a95145';
+        // Load "Media" page location to be trashed
+        $mediaLocation = $locationService->loadLocationByRemoteId(
+            '75c715a51699d2d309a924eca6a95145'
+        );
 
-        $userService = $repository->getUserService();
+        // switch user context before testing TrashService::trash method
+        $repository->getPermissionResolver()->setCurrentUserReference(
+            $this->createUserWithPolicies('trash_test_user', [])
+        );
+        $trashService->trash($mediaLocation);
+    }
+
+    /**
+     * Test for the trash() method with proper minimal permission set.
+     *
+     * @depends testTrashThrowsUnauthorizedException
+     *
+     * @covers \eZ\Publish\API\Repository\TrashService::trash
+     */
+    public function testTrashRequiresContentRemovePolicy()
+    {
+        $repository = $this->getRepository();
         $trashService = $repository->getTrashService();
         $locationService = $repository->getLocationService();
 
-        // Load "Media" page location
+        // Load "Media" page location to be trashed
         $mediaLocation = $locationService->loadLocationByRemoteId(
-            $mediaRemoteId
+            '75c715a51699d2d309a924eca6a95145'
         );
 
-        // Set "Anonymous" as current user
-        $repository->setCurrentUser($userService->loadUser($anonymousUserId));
-
-        // This call will fail with an "UnauthorizedException"
+        $repository->getPermissionResolver()->setCurrentUserReference(
+            $this->createUserWithPolicies(
+                'trash_test_user',
+                [
+                    ['module' => 'content', 'function' => 'remove'],
+                ]
+            )
+        );
         $trashService->trash($mediaLocation);
-        /* END: Inline */
     }
 
     /**

eZ/Publish/Core/Repository/TrashService.php

@@ -117,8 +117,8 @@ public function trash(Location $location)
             throw new InvalidArgumentValue('id', $location->id, 'Location');
         }
 
-        if ($this->repository->canUser('content', 'manage_locations', $location->getContentInfo(), $location) !== true) {
-            throw new UnauthorizedException('content', 'manage_locations');
+        if (!$this->repository->canUser('content', 'remove', $location->getContentInfo(), $location)) {
+            throw new UnauthorizedException('content', 'remove');
         }
 
         $this->repository->beginTransaction();