From da54aa431dbfab269fb21cafa489e37132c3a0e9 Mon Sep 17 00:00:00 2001
From: Thomas Steur <thomas.steur@gmail.com>
Date: Mon, 27 Jan 2014 21:01:36 +0000
Subject: [PATCH] refs #4564 some bugfixes, documentation and tests

---
 lang/en.json                                  |  2 ++
 plugins/UsersManager/API.php                  | 19 ++++++++++---
 tests/PHPUnit/FakeAccess.php                  | 16 ++++++++---
 .../Integration/Plugins/UsersManagerTest.php  | 27 +++++++++++++++++++
 tests/PHPUnit/UI                              |  2 +-
 5 files changed, 58 insertions(+), 8 deletions(-)

diff --git a/lang/en.json b/lang/en.json
index fdd3900a6c..780df4d458 100644
--- a/lang/en.json
+++ b/lang/en.json
@@ -2152,6 +2152,8 @@
         "ExceptionInvalidPassword": "The password length must be between %1$s and %2$s characters.",
         "ExceptionInvalidEmail": "The email doesn't have a valid format.",
         "ExceptionDeleteDoesNotExist": "User '%s' doesn't exist therefore it can't be deleted.",
+        "ExceptionDeleteOnlyUserWithSuperUserAccess": "Deleting user '%s' is not possible as there has to be at least one user having Super User access. Grant Super User access to another user first.",
+        "ExceptionRemoveSuperUserAccessOnlySuperUser": "Removing the Super User access from user '%s' is not possible as there has to be at least one user having Super User access. Grant Super User access to another user first.",
         "ExceptionAdminAnonymous": "You cannot grant 'admin' access to the 'anonymous' user.",
         "ExceptionEditAnonymous": "The anonymous user cannot be edited or deleted. It is used by Piwik to define a user that has not logged in yet. For example, you can make your statistics public by granting the 'view' access to the 'anonymous' user.",
         "ExceptionSuperUserAccess": "Requested user has Super User access and therefore already permission to all websites.",
diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php
index 7e8f534bcf..1f8c6e5bca 100644
--- a/plugins/UsersManager/API.php
+++ b/plugins/UsersManager/API.php
@@ -348,6 +348,15 @@ class API extends \Piwik\Plugin\API
         Piwik::postEvent('UsersManager.addUser.end', array($userLogin));
     }
 
+    /**
+     * Enable or disable Super user access to the given user login. Note: When granting super user access all previous
+     * permissions of the user will be removed as the user gains access to everything.
+     *
+     * @param string   $userLogin          the user login.
+     * @param bool|int $hasSuperUserAccess true or '1' to grant super user access, false or '0' to remove super user
+     *                                     access.
+     * @throws \Exception
+     */
     public function setSuperUserAccess($userLogin, $hasSuperUserAccess)
     {
         Piwik::checkUserHasSuperUserAccess();
@@ -355,14 +364,18 @@ class API extends \Piwik\Plugin\API
         $this->checkUserExists($userLogin);
 
         if (!$hasSuperUserAccess && $this->isUserTheOnlyUserHavingSuperUserAccess($userLogin)) {
-            throw new Exception('You cannot remove Super User access from this user as there has to be at least one user having Super User access. You have to grant Super User access to another user first.');
+            throw new Exception(Piwik::translate("UsersManager_ExceptionRemoveSuperUserAccessOnlySuperUser", $userLogin));
         }
 
         $this->model->deleteUserAccess($userLogin);
-
         $this->model->setSuperUserAccess($userLogin, $hasSuperUserAccess);
     }
 
+    /**
+     * Returns a list of all super users containing there userLogin and email address.
+     *
+     * @return array
+     */
     public function getUsersHavingSuperUserAccess()
     {
         Piwik::checkUserIsNotAnonymous();
@@ -440,7 +453,7 @@ class API extends \Piwik\Plugin\API
         }
 
         if ($this->isUserTheOnlyUserHavingSuperUserAccess($userLogin)) {
-            throw new Exception('You cannot delete this user as there has to be at least one user having Super User access. To remove this user grant Super User access to another user and then you can delete this user.');
+            throw new Exception(Piwik::translate("UsersManager_ExceptionDeleteOnlyUserWithSuperUserAccess", $userLogin));
         }
 
         $this->model->deleteUserOnly($userLogin);
diff --git a/tests/PHPUnit/FakeAccess.php b/tests/PHPUnit/FakeAccess.php
index 7a9d7ce2ca..310e86e0f7 100644
--- a/tests/PHPUnit/FakeAccess.php
+++ b/tests/PHPUnit/FakeAccess.php
@@ -182,18 +182,26 @@ class FakeAccess
         }
         return $result;
     }
-    
-    public function getConfigSuperUserLogin()
+
+    static public function getAnyUserHavingSuperUserAccess()
+    {
+        return array(
+            'login' => self::$superUserLogin,
+            'email' => 'hello@piwik.org'
+        );
+    }
+
+    public function getAnySuperUserAccessLogin()
     {
         return self::$superUserLogin;
     }
 
     /**
-     * @see FakeAccess::getConfigSuperUserLogin()
+     * @see FakeAccess::getAnySuperUserAccessLogin()
      * @deprecated deprecated since version 2.0.4
      */
     public function getSuperUserLogin()
     {
-        return $this->getConfigSuperUserLogin();
+        return $this->getAnySuperUserAccessLogin();
     }
 }
diff --git a/tests/PHPUnit/Integration/Plugins/UsersManagerTest.php b/tests/PHPUnit/Integration/Plugins/UsersManagerTest.php
index f7c53a766b..7f8f20059a 100644
--- a/tests/PHPUnit/Integration/Plugins/UsersManagerTest.php
+++ b/tests/PHPUnit/Integration/Plugins/UsersManagerTest.php
@@ -263,6 +263,21 @@ class Plugins_UsersManagerTest extends DatabaseTestCase
         $this->api->deleteUser(null);
     }
 
+    /**
+     * @expectedException \Exception
+     * @expectedExceptionMessage UsersManager_ExceptionDeleteOnlyUserWithSuperUserAccess
+     */
+    public function testDeleteUser_ShouldFail_InCaseTheUserIsTheOnlyRemainingSuperUser()
+    {
+        //add user and set some rights
+        $this->api->addUser("regularuser", "geqgeagae1", "test1@test.com", "alias1");
+        $this->api->addUser("superuser", "geqgeagae2", "test2@test.com", "alias2");
+        $this->api->setSuperUserAccess('superuser', true);
+
+        // delete the user
+        $this->api->deleteUser("superuser");
+    }
+
     /**
      * normal case, user deleted
      */
@@ -648,6 +663,18 @@ class Plugins_UsersManagerTest extends DatabaseTestCase
         $this->api->setSuperUserAccess('anonymous', true);
     }
 
+    /**
+     * @expectedException \Exception
+     * @expectedExceptionMessage UsersManager_ExceptionRemoveSuperUserAccessOnlySuperUser
+     */
+    public function testSetSuperUserAccess_ShouldFail_IfUserIsOnlyRemainingUserWithSuperUserAccess()
+    {
+        $this->api->addUser('login1', 'password1', 'test@example.com', false);
+        $this->api->setSuperUserAccess('login1', true);
+
+        $this->api->setSuperUserAccess('login1', false);
+    }
+
     public function testSetSuperUserAccess_ShouldDeleteAllExistingAccessEntries()
     {
         list($id1, $id2) = $this->addSites(2);
diff --git a/tests/PHPUnit/UI b/tests/PHPUnit/UI
index af8a43f8c5..3bf6df6e1c 160000
--- a/tests/PHPUnit/UI
+++ b/tests/PHPUnit/UI
@@ -1 +1 @@
-Subproject commit af8a43f8c50ce919e2a36f002bab56724e220a69
+Subproject commit 3bf6df6e1c23d653930253da13d728021f0b095e
-- 
GitLab