From 9da9d2f3c71616697becba1ae92cf7bae47678d6 Mon Sep 17 00:00:00 2001
From: Rahul Patel <teammenuszz@gmail.com>
Date: Mon, 29 Apr 2019 00:26:01 +0530
Subject: [PATCH] #863 done

---
 src/core/Directus/Permissions/Acl.php |  23 +++-
 tests/api/AuthTest.php                |  55 ---------
 tests/api/CollectionTest.php          | 156 --------------------------
 3 files changed, 19 insertions(+), 215 deletions(-)
 delete mode 100644 tests/api/AuthTest.php
 delete mode 100644 tests/api/CollectionTest.php

diff --git a/src/core/Directus/Permissions/Acl.php b/src/core/Directus/Permissions/Acl.php
index e6c712d6ae..ce962b76c6 100644
--- a/src/core/Directus/Permissions/Acl.php
+++ b/src/core/Directus/Permissions/Acl.php
@@ -1245,11 +1245,26 @@ public function allowTo($action, $level, $collection, $status = null)
         if ($this->isAdmin()) {
             return true;
         }
+        if($status){
+            $permission = $this->getPermission($collection, $status);
+            $permissionLevel = ArrayUtils::get($permission, $action);
+            return $this->can($permissionLevel, $level);
+        }else{
+            $statuses = $this->getCollectionStatuses($collection);
+           
+            $allowed = false;
+            foreach ($statuses as $status) {
+                $permission = $this->getPermission($collection, $status);
+                $permissionLevel = ArrayUtils::get($permission, $action);
+
+                if ($this->can($permissionLevel, $level)) {
+                    $allowed = true;
+                    break;
+                }
+            }
 
-        $permission = $this->getPermission($collection, $status);
-        $permissionLevel = ArrayUtils::get($permission, $action);
-
-        return $this->can($permissionLevel, $level);
+            return $allowed;
+        }
     }
 
     public function allowToOnce($action, $collection)
diff --git a/tests/api/AuthTest.php b/tests/api/AuthTest.php
deleted file mode 100644
index 9e590b6a23..0000000000
--- a/tests/api/AuthTest.php
+++ /dev/null
@@ -1,55 +0,0 @@
-<?php
-use Directus\Api\Routes\Auth as Auth;
-use GuzzleHttp\Client;
-class AuthTest extends PHPUnit_Framework_TestCase
-{
-    private $http;
-
-    public function setUp()
-    {
-        $this->http = new GuzzleHttp\Client([
-            'base_uri' => 'http://localhost/directus-api/public/_/',
-            'exceptions' => false
-        ]);
-    }
-
-    public function tearDown() {
-        $this->http = null;
-    }
-    
-    public function testAuthentication()
-    {
-
-        $data = [
-            'form_params' => [
-                'email' => "admin@example.com",
-                'password' => "password"
-            ]
-        ];
-        
-        $response = $this->http->request('POST', 'auth/authenticate', $data);
-        
-        $this->assertEquals(200, $response->getStatusCode());
-        $data = json_decode($response->getBody(true), true);
-        $this->assertArrayHasKey('token', $data['data']);
-        $this->assertTrue(!empty($data['data']['token']));
-        
-    }
-    
-    public function testForgotPassword()
-    {
-
-        $data = [
-            'form_params' => [
-                'email' => "admin@example.com"
-            ]
-        ];
-        
-        $response = $this->http->request('POST', 'auth/password/request', $data);
-        
-        $this->assertEquals(200, $response->getStatusCode());
-        $data = json_decode($response->getBody(true), true);
-        $this->assertTrue($data['public']);
-        
-    }
-}
\ No newline at end of file
diff --git a/tests/api/CollectionTest.php b/tests/api/CollectionTest.php
deleted file mode 100644
index c97cf7f681..0000000000
--- a/tests/api/CollectionTest.php
+++ /dev/null
@@ -1,156 +0,0 @@
-<?php
-use Directus\Api\Routes\Auth as Auth;
-use GuzzleHttp\Client;
-class CollectionTest extends PHPUnit_Framework_TestCase
-{
-    private $http,$token;
-
-    public function setUp()
-    {
-        $this->http = new GuzzleHttp\Client([
-            'base_uri' => 'http://localhost/directus-api/public/_/',
-            'exceptions' => false
-        ]);
-        
-        //Get token
-        $data = [
-            'form_params' => [
-                'email' => "admin@example.com",
-                'password' => "password"
-            ]
-        ];
-        
-        $response = $this->http->request('POST', 'auth/authenticate', $data);
-        $data = json_decode($response->getBody(true), true);
-        $this->token = $data['data']['token'];
-        
-    }
-
-    public function tearDown() {
-        $this->http = null;
-    }
-    
-    public function testCreateCollection()
-    {
-        $data = [
-            'headers' => ['Authorization' => 'bearer '.$this->token],
-            'form_params' => json_decode('{
-                    "collection": "test111_collection",
-                    "hidden": 0,
-                    "fields": [{
-                        "type": "integer",
-                        "datatype": "INT",
-                        "length": 15,
-                        "field": "id",
-                        "interface": "primary-key",
-                        "auto_increment": true,
-                        "primary_key": true,
-                        "hidden_detail": true,
-                        "hidden_browse": true
-                    }, {
-                        "type": "status",
-                        "datatype": "VARCHAR",
-                        "length": 20,
-                        "field": "status",
-                        "interface": "status",
-                        "options": {
-                            "status_mapping": {
-                                "published": {
-                                    "name": "Published",
-                                    "text_color": "white",
-                                    "background_color": "accent",
-                                    "browse_subdued": false,
-                                    "browse_badge": true,
-                                    "soft_delete": false,
-                                    "published": true
-                                },
-                                "draft": {
-                                    "name": "Draft",
-                                    "text_color": "white",
-                                    "background_color": "blue-grey-200",
-                                    "browse_subdued": true,
-                                    "browse_badge": true,
-                                    "soft_delete": false,
-                                    "published": false
-                                },
-                                "deleted": {
-                                    "name": "Deleted",
-                                    "text_color": "white",
-                                    "background_color": "red",
-                                    "browse_subdued": true,
-                                    "browse_badge": true,
-                                    "soft_delete": true,
-                                    "published": false
-                                }
-                            }
-                        }
-                    }, {
-                        "type": "sort",
-                        "datatype": "INT",
-                        "field": "sort",
-                        "interface": "sort"
-                    }, {
-                        "type": "user_created",
-                        "datatype": "INT",
-                        "field": "created_by",
-                        "interface": "user-created",
-                        "options": {
-                                "template": "{{first_name}} {{last_name}}",
-                                "display": "both"
-                        },
-                        "readonly": true,
-                        "hidden_detail": true,
-                        "hidden_browse": true
-                    }, {
-                        "type": "datetime_created",
-                        "datatype": "DATETIME",
-                        "field": "created_on",
-                        "interface": "datetime-created",
-                        "readonly": true,
-                        "hidden_detail": true,
-                        "hidden_browse": true
-                    }, {
-                        "type": "user_updated",
-                        "datatype": "INT",
-                        "field": "modified_by",
-                        "interface": "user-updated",
-                        "options": {
-                            "template": "{{first_name}} {{last_name}}",
-                            "display": "both"
-                        },
-                        "readonly": true,
-                        "hidden_detail": true,
-                        "hidden_browse": true
-                    }, {
-                        "type": "datetime_updated",
-                        "datatype": "DATETIME",
-                        "field": "modified_on",
-                        "interface": "datetime-updated",
-                        "readonly": true,
-                        "hidden_detail": true,
-                        "hidden_browse": true
-                    }]
-                }',true)
-        ];
-        
-        //echo "<pre>";
-        //print_r($data);exit;
-        $response = $this->http->request('POST', 'collections', $data);
-        $this->assertEquals(200, $response->getStatusCode());
-        $data = json_decode($response->getBody(true), true);
-        $this->assertArrayHasKey('collection', $data['data']);
-        $this->assertTrue(!empty($data['data']['collection']));
-    }
-    
-    public function testDeleteCollection()
-    {
-        $data = [
-            'headers' => ['Authorization' => 'bearer '.$this->token],
-        ];
-        
-        $response = $this->http->request('DELETE', 'collections/test111_collection', $data);
-        
-        $this->assertEquals(204, $response->getStatusCode());        
-    }
-    
-}
\ No newline at end of file