Index: tests/og_user_roles.test
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/og_user_roles/tests/og_user_roles.test,v
retrieving revision 1.5
diff -u -p -r1.5 og_user_roles.test
--- tests/og_user_roles.test	13 Nov 2009 23:33:20 -0000	1.5
+++ tests/og_user_roles.test	6 Dec 2009 18:54:16 -0000
@@ -8,61 +8,128 @@
 
 include_once drupal_get_path('module', 'og') .'/tests/og_testcase.php';
 
-class OGUserRolesTestCase extends OgTestCase {
-  public static function getInfo() {
-    return array(
-      'name' => 'OG User Roles',
-      'description' => 'Test privilege escalation of Organic Groups User Roles.',
-      'group' => 'Organic groups',
-    );
-  }
-
-  /**
-   * Implementation of setUp().
-   */
+class OgUserRolesTestCase extends OgTestCase {
   function setUp() {
     parent::setUp('views', 'og', 'og_views', 'og_user_roles');
 
-    // Create and log in an administrative user with all permissions.
-    $permissions = module_invoke_all('perm');
-    $this->admin_user = $this->drupalCreateUser($permissions);
+    // Create an administrative user to configure permissions, users, content
+    // types, nodes, and groups.
+    $this->admin_user = $this->drupalCreateUser(array(
+      'administer permissions',
+      'administer users',
+      'administer content types',
+      'administer nodes',
+      'administer organic groups',
+      // Required for our OGUR privilege escalation test block.
+      'administer blocks',
+      // And our own. Only use $this->admin_user in setUp().
+      'configure member roles',
+      'override group default role',
+    ));
     $this->drupalLogin($this->admin_user);
 
-    // Create a group node content type.
+    // Create content types for group nodes and group posts.
     $this->og_group_type = $this->drupalCreateContentType();
     variable_set('og_content_type_usage_' . $this->og_group_type->name, 'group');
-
-    // Create a group post content type.
     $this->og_post_type = $this->drupalCreateContentType();
     variable_set('og_content_type_usage_' . $this->og_post_type->name, 'group_post');
-    // Enable revisions for group post content type.
-    $edit = array(
-      'node_options[revision]' => 1,
-    );
-    $type_url_str = str_replace('_', '-', $this->og_post_type->name);
-    $this->drupalPost('admin/content/node-type/' . $type_url_str, $edit, t('Save content type'));
 
-    // Create two groups and a post for each group.
+    // Create two groups and one post in each.
     $this->gid1 = $this->addOgGroup($this->og_group_type->name);
     $this->gid2 = $this->addOgGroup($this->og_group_type->name);
     $this->nid1 = $this->addOgPost($this->og_post_type->name, array($this->gid1));
     $this->nid2 = $this->addOgPost($this->og_post_type->name, array($this->gid2));
 
     // Rebuild the menu so the new content types will appear in the menu.
+    // @todo Analyze why this is required and fix the cause.
     menu_rebuild();
 
+    // Enable group details block.
+    // @todo
+
+    // Add and enable a custom block for trivial access checking.
+    $edit = array(
+      'info' => 'OGUR privilege escalation',
+      'title' => 'OGUR privilege escalation',
+      'body' => 'OGUR privilege escalation',
+    );
+    $this->drupalPost('admin/build/block/add', $edit, t('Save block'));
+    $this->block = db_result(db_query("SELECT bid FROM {boxes} WHERE info = '%s'", $edit['info']));
+    $edit = array(
+      "block_$this->block[region]" => 'right',
+    );
+    $this->drupalPost('admin/build/block', $edit, t('Save blocks'));
+  }
+
+  /**
+   * Create a user role and return the new role id.
+   *
+   * @param $name
+   *   The name of the user role to create.
+   */
+  protected function drupalCreateUserRole($name) {
+    $edit = array(
+      'name' => $name,
+    );
+    $this->drupalPost('admin/user/roles', $edit, 'Add role');
+    $this->assertText($name, t('New role %name found.', array('%name' => $name)));
+    $rid = db_result(db_query("SELECT rid FROM {role} WHERE name = '%s'", $edit['name']));
+    $this->assertTrue($rid > 0, t('New role %name exists in database.', array('%name' => $name)));
+    return $rid;
+  }
+
+  /**
+   * Assign global user roles to a user account.
+   *
+   * @param $account
+   *   The user account to assign user roles to.
+   * @param $roles
+   *   A list of user role IDs to assign.
+   */
+  protected function drupalAssignUserRoles($account, $roles) {
+    $edit = array();
+    foreach ($roles as $rid) {
+      $edit["roles[$rid]"] = 1;
+    }
+    $this->drupalPost('user/' . $account->uid . '/edit', $edit, t('Save'));
+    $this->drupalGet('user/' . $account->uid . '/edit');
+    foreach ($edit as $field => $value) {
+      $this->assertFieldByName($field, $value);
+    }
+  }
+}
+
+/**
+ * Tests run-time privilege escalation with OG User Roles.
+ */
+class OgUserRolesGroupMemberTestCase extends OgUserRolesTestCase {
+  public static function getInfo() {
+    return array(
+      'name' => 'Group member functionality',
+      'description' => 'Tests privilege escalation for group members.',
+      'group' => 'Organic groups user roles',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('views', 'og', 'og_views', 'og_user_roles');
+
+    // Enable revisions for group post content type.
+    $edit = array(
+      'node_options[revision]' => 1,
+    );
+    $type_url_str = str_replace('_', '-', $this->og_post_type->name);
+    $this->drupalPost('admin/content/node-type/' . $type_url_str, $edit, t('Save content type'));
+
     // Create a web user.
-    $web_user = $this->drupalCreateUser(array('access comments', 'access content'));
-    $this->web_user = $web_user;
+    $this->web_user = $this->drupalCreateUser(array('access comments', 'access content'));
 
     // Subscribe web user to first group.
-    $result = module_invoke('og', 'subscribe_user', $this->gid1, $web_user);
+    $result = module_invoke('og', 'subscribe_user', $this->gid1, $this->web_user);
     $this->assertTrue(isset($result['type']) && $result['type'] == 'subscribed', 'Web user subscribed to organic group.');
 
-    // Create a role for OGUR privilege escalation.
-    $this->drupalPost('admin/user/roles', array('name' => 'ogur'), 'Add role');
-    $this->role_ogur = db_result(db_query("SELECT rid FROM {role} WHERE name = '%s'", 'ogur'));
-    $this->assertTrue($this->role_ogur > 0, 'User role for OGUR was created.');
+    // Create role for privilege escalation.
+    $this->role_ogur = $this->drupalCreateUserRole('ogur');
 
     // Allow group admins to assign 'ogur' role.
     $edit = array(
@@ -113,21 +180,19 @@ class OGUserRolesTestCase extends OgTest
     $this->assertText($node1->title, 'User can access first group post.');
     $this->assertText($node2->title, 'User can access second group post.');
 
-    // Verify that user cannot edit group post belonging to second group.
+    // Verify that user can NOT edit group post belonging to second group.
     $this->drupalGet('node/' . $node2->nid);
     $this->assertNoLink('Edit');
     $this->assertNoLink('Revisions');
 
     // Verify that user can edit group post belonging to first group.
     $this->drupalGet('node/' . $node1->nid);
-    $this->assertLink('Edit');
     $this->clickLink('Edit');
     $this->drupalPost(NULL, array(), 'Save');
     $t_args = array('@type' => $this->og_post_type->name, '%title' => $node1->title);
     $this->assertRaw(t('@type %title has been updated.', $t_args), 'User can update post in group.');
 
     // Verify that user can access revisions for first group post.
-    $this->assertLink('Revisions');
     $this->clickLink('Revisions');
   }
 
@@ -156,21 +221,21 @@ class OGUserRolesTestCase extends OgTest
     $this->drupalPost('node/' . $this->gid2 . '/edit', $edit, t('Save'));
 
     // Create another web user.
-    $web_user = $this->drupalCreateUser(array('access comments', 'access content'));
+    $this->web_user = $this->drupalCreateUser(array('access comments', 'access content'));
 
     // Subscribe web user to group gid1 which has group-wide default user role.
-    $result = module_invoke('og', 'subscribe_user', $this->gid1, $web_user);
+    $result = module_invoke('og', 'subscribe_user', $this->gid1, $this->web_user);
     $this->assertTrue(isset($result['type']) && $result['type'] == 'subscribed', 'Web user subscribed to organic group.');
 
     // Subscribe web user to group gid2 which has group specific default user role.
-    $result = module_invoke('og', 'subscribe_user', $this->gid2, $web_user);
+    $result = module_invoke('og', 'subscribe_user', $this->gid2, $this->web_user);
     $this->assertTrue(isset($result['type']) && $result['type'] == 'subscribed', 'Web user subscribed to organic group.');
 
     // Load group posts.
     $node2 = node_load($this->nid2);
 
     // Log in web user.
-    $this->drupalLogin($web_user);
+    $this->drupalLogin($this->web_user);
 
     // Verify that user cannot edit group post belonging to group gid1.
     $this->drupalGet('node/' . $this->nid1);
@@ -186,3 +251,77 @@ class OGUserRolesTestCase extends OgTest
   }
 }
 
+/**
+ * Tests group administrator functionality.
+ */
+class OgUserRolesGroupAdminTestCase extends OgUserRolesTestCase {
+  public static function getInfo() {
+    return array(
+      'name' => 'Group administrator functionality',
+      'description' => 'Tests privilege escalation for group administrators.',
+      'group' => 'Organic groups user roles',
+    );
+  }
+
+  /**
+   * Tests assignment of default group admin roles.
+   */
+  function testGlobalDefaultGroupRoles() {
+    // Create a default group admin role.
+    $this->default_admin_role = $this->drupalCreateUserRole('default_admin_role');
+    // Enable our privilege escalation test block for default admin role.
+    $edit = array(
+      "roles[$this->default_admin_role]" => 1,
+    );
+    $this->drupalPost("admin/build/block/configure/block/$this->block", $edit, t('Save block'));
+
+    // Create a role assignable to group members.
+    $this->member_role = $this->drupalCreateUserRole('member_role');
+
+    // Assign default group admin role and make both roles assignable.
+    // @todo Also add a default member role here.
+    $edit = array(
+      "og_user_roles_roles_{$this->og_group_type->type}[$this->member_role]" => 1,
+      'og_user_roles_default_admin_role' => $this->default_admin_role,
+    );
+    $this->drupalPost('admin/og/og_user_roles', $edit, t('Save configuration'));
+
+    // Add a user and subscribe it to the group.
+    $this->group_admin = $this->drupalCreateUser();
+    $this->drupalLogin($this->group_admin);
+    $this->assertNoText('OGUR privilege escalation');
+    $this->drupalGet("node/$this->gid1");
+    $this->assertNoText('OGUR privilege escalation');
+    $this->drupalPost("og/subscribe/$this->gid1", array(), t('Join'));
+    $this->drupalGet("og/users/$this->gid1");
+    // @todo err. OG should throw a 403 here?!?
+    $this->assertResponse(404);
+    $this->drupalGet("og/users/$this->gid1/roles");
+    $this->assertResponse(403);
+
+    // Make the new member group admin.
+    $this->drupalLogin($this->admin_user);
+    $this->drupalPost("og/create_admin/$this->gid1/{$this->group_admin->uid}", array(), t('Confirm'));
+
+    // Verify group admin's permissions.
+    $this->drupalLogin($this->group_admin);
+    $this->assertNoText('OGUR privilege escalation');
+    $this->drupalGet("node/$this->gid1");
+    $this->assertText('OGUR privilege escalation');
+
+    // Assign an additional role to group admin.
+    $this->drupalLogin($this->admin_user);
+    $edit = array(
+      "user_roles[{$this->group_admin->uid}][$this->member_role]" => 1,
+    );
+    $this->drupalPost("og/users/$this->gid1/roles", $edit, t('Save'));
+    $this->assertFieldByName("user_roles[{$this->group_admin->uid}][$this->member_role]", TRUE);
+
+    // Verify that assigning an additional role does not remove default roles.
+    $this->drupalLogin($this->group_admin);
+    $this->assertNoText('OGUR privilege escalation');
+    $this->drupalGet("node/$this->gid1");
+    $this->assertText('OGUR privilege escalation');
+  }
+}
+