diff --git a/docs/changelog/6.x.x.txt b/docs/changelog/6.x.x.txt index 1c697ea18..263c455dc 100644 --- a/docs/changelog/6.x.x.txt +++ b/docs/changelog/6.x.x.txt @@ -68,6 +68,7 @@ - fix [ 1429389 ] 6.9: "1" appended to HTML - fix [ 1433508 ] 6.9: isInGroup does not work correctly - fix a bug where a link was provided to become or delete non-existant users. + - fix bugs with the in-memory session caching of user and group memberships 6.8.8 - fix [ 1423434 ] 6.8.5 - Versioning - users can see uncommitted data diff --git a/lib/WebGUI/Group.pm b/lib/WebGUI/Group.pm index ed43d50cb..cacdba4bb 100755 --- a/lib/WebGUI/Group.pm +++ b/lib/WebGUI/Group.pm @@ -151,7 +151,7 @@ sub addUsers { $self->session->stow->delete("isInGroup"); my $expireOffset = shift || $self->get("expireOffset"); foreach my $uid (@{$users}) { - next if ($uid eq '1'); + next if ($uid eq '1' and !isIn($self->getId, 1, 7)); my ($isIn) = $self->session->db->quickArray("select count(*) from groupings where groupId=".$self->session->db->quote($self->getId)." and userId=".$self->session->db->quote($uid)); unless ($isIn) { $self->session->db->write("insert into groupings (groupId,userId,expireDate) values (".$self->session->db->quote($self->getId).", ".$self->session->db->quote($uid).", ".($self->session->datetime->time()+$expireOffset).")"); diff --git a/lib/WebGUI/User.pm b/lib/WebGUI/User.pm index 21f4e0758..0a9fe6ee0 100644 --- a/lib/WebGUI/User.pm +++ b/lib/WebGUI/User.pm @@ -58,9 +58,9 @@ These methods are available from this class: sub _create { my $session = shift; my $userId = shift || $session->id->generate(); - $session->db->write("insert into users (userId,dateCreated) values (".$session->db->quote($userId).",".time().")"); - WebGUI::Group->new($session,[2])->addUsers([$userId]); - WebGUI::Group->new($session,[7])->addUsers([$userId]); + $session->db->write("insert into users (userId,dateCreated) values (?,?)",[$userId, time()]); + WebGUI::Group->new($session,2)->addUsers([$userId]); + WebGUI::Group->new($session,7)->addUsers([$userId]); return $userId; } @@ -88,6 +88,7 @@ sub addToGroups { foreach my $groupId (@{$groups}) { WebGUI::Group->new($self->session,$groupId)->addUsers([$self->userId],$expireOffset); } + $self->session->stow->delete("gotGroupsForUser"); } #------------------------------------------------------------------- @@ -142,12 +143,12 @@ sub delete { foreach my $groupId (@{$self->getGroups($self->userId)}) { WebGUI::Group->new($self->session,$groupId)->deleteUsers([$self->userId]); } - $self->session->db->write("delete from messageLog where userId=".$self->session->db->quote($self->{_userId})); + $self->session->db->write("delete from messageLog where userId=?",[$self->{_userId}]); require WebGUI::Operation::Auth; my $authMethod = WebGUI::Operation::Auth::getInstance($self->session,$self->authMethod,$self->{_userId}); $authMethod->deleteParams($self->{_userId}); - $self->session->db->write("delete from userProfileData where userId=".$self->session->db->quote($self->{_userId})); - $self->session->db->write("delete from users where userId=".$self->session->db->quote($self->{_userId})); + $self->session->db->write("delete from userProfileData where userId=?",[$self->{_userId}]); + $self->session->db->write("delete from users where userId=?",[$self->{_userId}]); } #------------------------------------------------------------------- @@ -169,6 +170,7 @@ sub deleteFromGroups { foreach my $groupId (@{$groups}) { WebGUI::Group->new($self->session,$groupId)->deleteUsers([$self->userId]); } + $self->session->stow->delete("gotGroupsForUser"); } #------------------------------------------------------------------- diff --git a/lib/WebGUI/i18n/English/WebGUI.pm b/lib/WebGUI/i18n/English/WebGUI.pm index e3995ed98..0a32e2a12 100644 --- a/lib/WebGUI/i18n/English/WebGUI.pm +++ b/lib/WebGUI/i18n/English/WebGUI.pm @@ -1279,9 +1279,10 @@ Users that have privileges to add, edit, and delete packages of wobjects and pag When users are added to the system they are put into the registered users group. A user should only be removed from this group if their account is deleted or if you wish to punish a troublemaker.

-Secondary Admins
-Users in the Secondary Admins group may add new users, but cannot edit users. Also, if -you are a Secondary Admin for a group, you may modify the membership of that group. +Secondary Admins
Users in the Secondary Admins group may +add new users, but cannot edit users. Also, if you are a Secondary +Admin, you can be set as the Secondary Admin for a group and you may +modify the membership of that group.

Style Managers
diff --git a/t/Group.t b/t/Group.t index 353531b95..38a306b69 100644 --- a/t/Group.t +++ b/t/Group.t @@ -18,7 +18,7 @@ use WebGUI::Utility; use WebGUI::User; use WebGUI::Group; -use Test::More tests => 45; # increment this value for each test you create +use Test::More tests => 46; # increment this value for each test you create use Test::Deep; my $session = WebGUI::Test->session; @@ -140,7 +140,18 @@ cmp_bag($gB->getGroupsIn(1), [$gA->getId, $gC->getId, $gZ->getId, $gY->getId, $g $gX->addGroups([$gA->getId]); cmp_bag($gX->getGroupsIn(), [3], 'Not able to add B tree under Z tree under X'); +$gX->userIsAdmin(1, "yes"); + +ok(!$gX->userIsAdmin(1), "userIsAdmin: Visitor is not allowed to be a Group Admin"); + +my $user = WebGUI::User->new($session, "new"); +$user->addToGroups([]); +$user->delete; + END { + (defined $gX and ref $gX eq 'WebGUI::Group') and $gX->delete; + (defined $gY and ref $gY eq 'WebGUI::Group') and $gY->delete; + (defined $gZ and ref $gZ eq 'WebGUI::Group') and $gZ->delete; (defined $gA and ref $gA eq 'WebGUI::Group') and $gA->delete; (defined $gB and ref $gB eq 'WebGUI::Group') and $gB->delete; (defined $gC and ref $gC eq 'WebGUI::Group') and $gC->delete; diff --git a/t/User.t b/t/User.t index 2b22301c4..0532440bd 100644 --- a/t/User.t +++ b/t/User.t @@ -17,7 +17,7 @@ use WebGUI::Session; use WebGUI::Utility; use WebGUI::User; -use Test::More tests => 65; # increment this value for each test you create +use Test::More tests => 80; # increment this value for each test you create my $session = WebGUI::Test->session; @@ -40,6 +40,11 @@ is($user->lastUpdated, $lastUpdate, 'lastUpdated() -- username change'); #Let's check the UID and make sure it's sane ok($user->userId =~ m/[A-Za-z0-9\-\_]{22}/, 'userId() returns sane value'); +#Let's make sure the user was added to the correct groups; +foreach my $groupId (2,7) { + ok($user->isInGroup($groupId), "User added to group $groupId by default"); +} + #Let's check the status method $lastUpdate = time(); $user->status('Active'); @@ -94,11 +99,11 @@ $user->referringAffiliate(10); is($user->referringAffiliate, '10', 'referringAffiliate() -- get/set'); is($user->lastUpdated, $lastUpdate, 'lastUpdated() -- referringAffiliate'); -#Let's try adding this user to some groups -my @groups = qw|2 4|; +#Let's try adding this user to some groups. Note, users are auto-added to 2 and 7 on creation +my @groups = qw|6 4|; $user->addToGroups(\@groups); -my ($result) = $session->db->quickArray("select count(*) from groupings where groupId=? and userId=?", [2, $user->userId]); +my ($result) = $session->db->quickArray("select count(*) from groupings where groupId=? and userId=?", [6, $user->userId]); ok($result, 'addToGroups() -- added to first test group'); ($result) = $session->db->quickArray("select count(*) from groupings where groupId=? and userId=?", [4, $user->userId]); @@ -107,7 +112,7 @@ ok($result, 'addToGroups() -- added to second test group'); #Let's delete this user from our test groups $user->deleteFromGroups(\@groups); -my ($result) = $session->db->quickArray("select count(*) from groupings where groupId=? and userId=?", [2, $user->userId]); +my ($result) = $session->db->quickArray("select count(*) from groupings where groupId=? and userId=?", [6, $user->userId]); is($result, '0', 'deleteFromGroups() -- removed from first test group'); my ($result) = $session->db->quickArray("select count(*) from groupings where groupId=? and userId=?", [4, $user->userId]); @@ -249,10 +254,38 @@ $user = WebGUI::User->new($session, "new"); $user->addToGroups([3]); -ok($user->isInGroup(3), "New user is in group 3(Admin)"); +ok($user->isInGroup(3), "addToGroups: New user is in group 3(Admin)"); ok($user->isInGroup(11), "New user is in group 11(Secondary Admins)"); ok($user->isInGroup(12), "New user is in group 12(Turn On Admin)"); ok($user->isInGroup(13), "New user is in group 13(Turn On Admin)"); ok($user->isInGroup(14), "New user is in group 14(Product Managers)"); +$user->deleteFromGroups([3]); +ok(!$user->isInGroup(3), "deleteFromGroups: New user is not in group 3(Admin)"); +ok(!$user->isInGroup(11), "New user is not in group 11(Secondary Admins)"); +ok(!$user->isInGroup(12), "New user is not in group 12(Turn On Admin)"); +ok(!$user->isInGroup(13), "New user is not in group 13(Turn On Admin)"); +ok(!$user->isInGroup(14), "New user is not in group 14(Product Managers)"); + $user->delete; + +ok($visitor->isInGroup(1), "Visitor is a member of group Visitor"); +ok($visitor->isInGroup(7), "Visitor is a member of group Everyone"); + +##remove Visitor from those groups, and make sure we can add him back in. +WebGUI::Group->new($session, '1')->deleteUsers([1]); +($result) = $session->db->quickArray("select count(*) from groupings where groupId=? and userId=?", [1, $user->userId]); +is($result, 0, 'deleteFromGroups() -- Visitor removed from Visitor group'); +WebGUI::Group->new($session, '7')->deleteUsers([1]); +($result) = $session->db->quickArray("select count(*) from groupings where groupId=? and userId=?", [7, $user->userId]); +is($result, 0, 'deleteFromGroups() -- Visitor removed from Everyone group'); + +ok($visitor->isInGroup(1), "isInGroup: Visitor is in group Visitor, hardcoded"); +ok($visitor->isInGroup(7), "isInGroup: Everyone is in group Everyone, hardcoded"); + +##Add Visitor back to those groups +WebGUI::Group->new($session, '1')->addUsers([1]); +WebGUI::Group->new($session, '7')->addUsers([1]); + +ok($visitor->isInGroup(1), "Visitor added back to group Visitor"); +ok($visitor->isInGroup(7), "Visitor added back to group Everyone");