ENH: refs #953. Added item.list.permissions and tests.

Michael Grauer · Michael Grauer · commit 222c83e4a59e · 2013-02-22T17:04:09.000-05:00
diff --git a/modules/api/controllers/components/ApiComponent.php b/modules/api/controllers/components/ApiComponent.php
@@ -2210,6 +2210,36 @@ function itemShare($args)
     return $itemArray;
     }
 
+  /**
+   * List the permissions on an item, requires Admin access to the item.
+   * @param item_id The id of the item
+   * @return A list with three keys: privacy, user, group; privacy will be the
+     item's privacy string [Public|Private]; user will be a list of
+     (user_id, policy, email); group will be a list of (group_id, policy, name).
+     policy for user and group will be a policy string [Admin|Write|Read].
+   */
+  public function itemListPermissions($args)
+    {
+    $this->_validateParams($args, array('item_id'));
+    $userDao = $this->_getUser($args);
+
+    $itempolicygroupModel = MidasLoader::loadModel('Itempolicygroup');
+    $itemModel = MidasLoader::loadModel('Item');
+    $itemId = $args['item_id'];
+    $item = $itemModel->load($itemId);
+
+    if($itemId === false)
+      {
+      throw new Exception("This item doesn't exist.", MIDAS_INVALID_PARAMETER);
+      }
+    if(!$itemModel->policyCheck($item, $userDao, MIDAS_POLICY_ADMIN))
+      {
+      throw new Exception("Admin privileges required on the item to list permissions.", MIDAS_INVALID_POLICY);
+      }
+
+    return $this->_listResourcePermissions($itempolicygroupModel->computePolicyStatus($item), $item->getItempolicyuser(),  $item->getItempolicygroup());
+    }
+
   /**
    * Move an item from the source folder to the desination folder
    * @param token Authentication token
diff --git a/modules/api/tests/controllers/ApiCallItemMethodsTest.php b/modules/api/tests/controllers/ApiCallItemMethodsTest.php
@@ -1840,5 +1840,90 @@ public function testItemAddRemovePolicyuser()
     $this->assertPolicyuserNonexistence(array(), array($adminItem), $targetUser);
     }
 
+  /** Test the item.list.permissions method */
+  public function testItemListPermissions()
+    {
+    $userModel = MidasLoader::loadModel('User');
+    $userDao = $userModel->load('1');
+
+    $userDao = $userModel->load('1');
+    $itemModel = MidasLoader::loadModel('Item');
+    $readItem = $itemModel->load('1004');
+    $writeItem = $itemModel->load('1005');
+    $adminItem = $itemModel->load('1006');
+    $nonAdmins = array($readItem, $writeItem);
+
+    $params = array('method' => 'midas.item.list.permissions',
+                    'token' => $this->_loginAsUser($userDao));
 
+    // try to list permissions without admin, should fail
+    foreach($nonAdmins as $item)
+      {
+      $this->resetAll();
+      $params['item_id'] = $item->getItemId();
+      $this->params = $params;
+      $resp = $this->_callJsonApi();
+      $this->_assertStatusFail($resp, MIDAS_INVALID_POLICY);
+      }
+
+    // now with admin perms
+
+    // first check both privacy statuses
+    $privacyCodes = array("Public" => MIDAS_PRIVACY_PUBLIC, "Private" => MIDAS_PRIVACY_PRIVATE);
+    $privacyStatuses = array(MIDAS_PRIVACY_PUBLIC, MIDAS_PRIVACY_PRIVATE);
+    $privacyStrings = array(MIDAS_PRIVACY_PUBLIC => "Public", MIDAS_PRIVACY_PRIVATE => "Private");
+
+    foreach($privacyStatuses as $privacyStatus)
+      {
+      $this->initializePrivacyStatus(array(), array($adminItem), $privacyStatus);
+
+      $this->resetAll();
+      $params['item_id'] = $adminItem->getItemId();
+      $this->params = $params;
+      $resp = $this->_callJsonApi();
+      $this->_assertStatusOk($resp);
+
+      $this->assertPrivacyStatus(array(), array($adminItem), $privacyStatus);
+      }
+
+    // ensure user perms are correct from the most recent call
+    $privilegeCodes = array("Admin" => MIDAS_POLICY_ADMIN, "Write" => MIDAS_POLICY_WRITE, "Read" => MIDAS_POLICY_READ);
+    $userPolicies = $adminItem->getItempolicyuser();
+    $apiUserPolicies = $resp->data->user;
+    foreach($userPolicies as $userPolicy)
+      {
+      $user = $userPolicy->getUser();
+      $userId = (string)$user->getUserId();
+      $userFound = false;
+      foreach($apiUserPolicies as $apiUserPolicy)
+        {
+        if($apiUserPolicy->user_id == $userId)
+          {
+          $userFound = true;
+          $apiPolicyCode = $privilegeCodes[$apiUserPolicy->policy];
+          $this->assertEquals($apiPolicyCode, $userPolicy->getPolicy());
+          }
+        }
+      $this->assertTrue($userFound, 'API call missing user '. $userId);
+      }
+    // ensure group perms are correct
+    $groupPolicies = $adminItem->getItempolicygroup();
+    $apiGroupPolicies = $resp->data->group;
+    foreach($groupPolicies as $groupPolicy)
+      {
+      $group = $groupPolicy->getGroup();
+      $groupId = (string)$group->getGroupId();
+      $groupFound = false;
+      foreach($apiGroupPolicies as $apiGroupPolicy)
+        {
+        if($apiGroupPolicy->group_id == $groupId)
+          {
+          $groupFound = true;
+          $apiPolicyCode = $privilegeCodes[$apiGroupPolicy->policy];
+          $this->assertEquals($apiPolicyCode, $groupPolicy->getPolicy());
+          }
+        }
+      $this->assertTrue($groupFound, 'API call missing group '. $groupId);
+      }
+    }
   }
