Preparations
- in Admin Console
- go to User Management → Users section
- create 2 active users by using Add toolbar button
- go to User Management → Administrators section
- create user with pseudo-root as it's Username
- remember ID of created user
- in IDE:
- open /core/kernel/application.php for editing
- in the kApplication::permissionCheckingDisabled method before returning a result add code, that would return true (means permission check is disabled), when $user_id is equals to ID of pseudo-root user
Part 1 (create/update/delete own address)
- on the Front-End
- login using 1st created user
- click on My Addresses link in My Account sidebox on the left
- click on New Address link
- create new address
- confirm, that redirect to address list page happened
- confirm, that address was created and it's shown on list page
- click Edit link to edit just created address
- locate "addr-X---" part at the end of page URL (the X is any number)
- change Full Name field value
- press the Update button
- confirm, that redirect to address list page happened
- confirm, that new value of Full Name field is displayed
- click on Delete link to edit just created address
- confirm address removal by pressing OK or similar button in browser confirmation window, that appears
- confirm, that redirect to address list page happened
- confirm, that no addresses are shown in the list
Part 2 (update/delete other user address)
- on the Front-End
- login using 1st created user
- click on My Addresses link in My Account sidebox on the left
- click on New Address link
- create new address
- click Edit link to edit just created address
- locate "addr-X---" part at the end of page URL (the X is any number)
- change Full Name field value
- in the database
- open Addresses table
- locate record, that has AddressId column value equals to X number obtained above
- change value of PortalUserId field to ID of 2nd created user
- remember value in FullName field
- on the Front-End
- press the Update button
- confirm, that you stayed on same address editing page
- in the database
- open "Addresses" table
- locate record, that has "AddressId" column value equals to "X" number obtained above
- confirm, that FullName field value matches one, that was remembered before
- change value of "PortalUserId" field to ID of 1st created user
- on the Front-End
- click on My Addresses link in My Account sidebox on the left
- in the database
- change value of PortalUserId field to ID of 2nd created user
- on the Front-End
- click on Delete link to edit just created address
- confirm address removal by pressing OK or similar button in browser confirmation window, that appears
- confirm, that redirect to address list page happened
- confirm, that no addresses are shown in the list
- in the database
- open "Addresses" table
- locate record, that has "AddressId" column value equals to "X" number obtained above
- confirm, that record wasn't deleted
- change value of PortalUserId field to ID of 1st created user
Part 3 (the root user changing/deleting address)
- login to Admin Console as root user
- go to User Management → Users section
- open 1st created user (the one, used to login on Front-End) for editing
- go to Addresses tab
- open address for editing
- change Full Name and save changes
- confirm, that changed value of Full Name field is shown in the grid
- delete address
- confirm, that address was deleted
Part 4 (the administrator changing/deleting address)
- login to Admin Console as administrator (not root user)
- go to User Management → Users section
- open 1st created user (the one, used to login on Front-End) for editing
- go to Addresses tab
- open address for editing
- change Full Name and save changes
- confirm, that changed value of Full Name field is shown in the grid
- delete address
- confirm, that address was deleted
Part 5 (permission override in user permission checking code)
NOTE: Test needs to be performed in Firefox.
NOTE: The User Management → Groups section can be enabled from Configuration → Users → General section.
- login to Admin Console as administrator
- go to Website & Content → Labels & Phrases section
- right click on section name in the tree
- select Open Link in New Tab context menu item (the new tab will open in background)
- go to User Management → Groups section
- for admin group remove view permission (but keep other permissions) from Website & Content → Labels & Phrases section
- confirm, that Website & Content → Labels & Phrases section is no longer visible in tree
- switch to background tab, that was opened before
- reload page in the browser
- confirm, that No Permission screen is shown
- close current tab
- logout
- login to Admin Console as pseudo-root user
- confirm, that Website & Content → Labels & Phrases section is visible in tree
- go to Website & Content → Labels & Phrases section
- confirm, that section content (grid) is displayed in main frame
Part 6 (event permission override)
- login to Admin Console as administrator
- go to User Management → Groups section
- for admin group remove add permission (but keep other permissions) from Custom → Widgets section
- go to Custom → Widgets section
- click on Add button on toolbar
- confirm, that modal/popup window is opened and the No Permission page is displayed in it
- logout
- login to Admin Console as pseudo-root user
- go to Custom → Widgets section
- click on Add button on toolbar
- confirm, that modal/popup window is opened and widget adding page is displayed in it
Part 7 (upload permission override)
- in IDE:
- open /modules/custom/units/widgets/widget_eh.php file for editing
- add 'OnProcessSelected' => array('self' => 'edit'), line to $permissions array in WidgetEventHandler::mapPermissions method
- login to Admin Console as administrator
- go to User Management → Groups section
- for admin group add add permission and remove edit permission from Custom → Widgets section
- go to Custom → Widgets section
- click on Add button on toolbar
- use Browse button of Image field to select an image for upload
- confirm, that alert telling that upload permissions are missing is displayed and no image is uploaded
- login to Admin Console as pseudo-root user
- go to Custom → Widgets section
- click on Add button on toolbar
- use Browse button of Image field to select an image for upload
- confirm, that image was uploaded and it's thumbnail is displayed
Part 8 (autoload permission override)
- on Front-End:
- login using 1st created user
- click on My Addresses link in My Account sidebox on the left
- click on New Address link
- if no addresses exist already, then create new address
- click Edit link next to any of displayed addresses
- confirm, that redirect happened on a page, where selected address details are shown
- in IDE:
- open /modules/in-commerce/units/addresses/addresses_event_handler.php file for editing
- comment out 'OnItemBuild' => Array ('subitem' => true), line in AddressesEventHandler::mapPermissions method
- on Front-End:
- reload the page
- confirm, that No Permission page is shown
- logout
- login as pseudo-root user
- click on My Addresses link in My Account sidebox on the left
- click on New Address link
- create new address
- click Edit link next to any of displayed addresses
- confirm, that redirect happened on a page, where selected address details are shown