zabbix/ui/tests/selenium/reports/testScheduledReportPermissi...

<?php
/*
** Zabbix
** Copyright (C) 2001-2023 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
**/


require_once dirname(__FILE__).'/../../include/CWebTest.php';
require_once dirname(__FILE__).'/../behaviors/CMessageBehavior.php';
require_once dirname(__FILE__).'/../../include/helpers/CDataHelper.php';
require_once dirname(__FILE__).'/../traits/TableTrait.php';

/**
 * @dataSource ScheduledReports
 *
 * @backup report
 *
 * @onBefore prepareData
 */
class testScheduledReportPermissions extends CWebTest {

	use TableTrait;

	/**
	 * Attach MessageBehavior to the test.
	 *
	 * @return array
	 */
	public function getBehaviors() {
		return [CMessageBehavior::class];
	}

	protected static $roleids;
	protected static $userids;
	protected static $usergroupids;
	protected static $dashboardids;

	public function prepareData() {
		$roles = CDataHelper::call('role.create', [
			[
				'name' => 'admin role without access to reports',
				'type' => 2,
				'rules' => [
					'actions' => [
						[
							'name' => 'manage_scheduled_reports',
							'status' => '0'
						]
					]
				]
			],
			[
				'name' => 'super-admin role without access to reports',
				'type' => 3,
				'rules' => [
					'actions' => [
						[
							'name' => 'manage_scheduled_reports',
							'status' => '0'
						]
					]
				]
			],
			[
				'name' => 'admin role for reports',
				'type' => 2
			],
			[
				'name' => 'super-admin role for reports',
				'type' => 3
			]
		]);
		$this->assertArrayHasKey('roleids', $roles);
		self::$roleids = CDataHelper::getIds('name');

		$group = CDataHelper::call('usergroup.create', [
			[
				'name' => 'usergroup for report test'
			],
			[
				'name' => 'usergroup for report test second'
			],
			[
				'name' => 'usergroup for report test third'
			]
		]);
		$this->assertArrayHasKey('usrgrpids', $group);
		self::$usergroupids = CDataHelper::getIds('name');

		$users = CDataHelper::call('user.create', [
			[
				'username' => 'admin without report permissions',
				'passwd' => 'xibbaz123',
				'roleid' => self::$roleids['admin role without access to reports'],
				'usrgrps' => [
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test']
					]
				]
			],
			[
				'username' => 'super-admin without report permissions',
				'passwd' => 'xibbaz123',
				'roleid' => self::$roleids['super-admin role without access to reports'],
				'usrgrps' => [
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test']
					]
				]
			],
			[
				'username' => 'admin report permissions',
				'passwd' => 'xibbaz123',
				'roleid' => self::$roleids['admin role for reports'],
				'usrgrps' => [
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test']
					],
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test second']
					],
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test third']
					]
				]
			],
			[
				'username' => 'super-admin report permissions',
				'passwd' => 'xibbaz123',
				'roleid' => self::$roleids['super-admin role for reports'],
				'usrgrps' => [
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test']
					]
				]
			],
			[
				'username' => 'second super-admin report permissions',
				'passwd' => 'xibbaz123',
				'roleid' => self::$roleids['super-admin role for reports'],
				'usrgrps' => [
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test']
					]
				]
			]
		]);
		$this->assertArrayHasKey('userids', $users);
		self::$userids = CDataHelper::getIds('username');

		$dashboards = CDataHelper::call('dashboard.create', [
			[
				'name' => 'dashboard for report permissions',
				'userid' => 1,
				'pages' => [
					[
						'widgets' => [
							[
								'type' => 'clock',
								'x' => 0,
								'y' => 0,
								'width' => 12,
								'height' => 5
							]
						]
					]
				]
			]
		]);
		$this->assertArrayHasKey('dashboardids', $dashboards);
		self::$dashboardids = CDataHelper::getIds('name');

		$reports = CDataHelper::call('report.create', [
			[
				'userid' => 1,
				'name' => 'report to check users without permissions',
				'dashboardid' => '1',
				'users' => [
					[
						'userid' => 1,
						'access_userid' => 1
					]
				],
				'user_groups' => [
					[
						'usrgrpid' => 7,
						'access_userid' => 1
					]
				]
			],
			[
				'userid' => 1,
				'name' => 'report to check the dashboard change',
				'dashboardid' => self::$dashboardids['dashboard for report permissions'],
				'users' => [
					[
						'userid' => 1,
						'access_userid' => 1
					],
					[
						'userid' => 40
					],
					[
						'userid' => 50,
						'access_userid' => self::$userids['super-admin report permissions']
					],
					[
						'userid' => self::$userids['super-admin report permissions'],
						'access_userid' => self::$userids['super-admin report permissions']
					],
					[
						'userid' => self::$userids['admin without report permissions']
					],
					[
						'userid' => self::$userids['super-admin without report permissions'],
						'access_userid' => 1
					]
				],
				'user_groups' => [
					[
						'usrgrpid' => 7,
						'access_userid' => 1
					],
					[
						'usrgrpid' => 8
					],
					[
						'usrgrpid' => 11,
						'access_userid' => self::$userids['super-admin report permissions']
					],
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test'],
						'access_userid' => self::$userids['super-admin report permissions']
					],
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test third']
					],
					[
						'usrgrpid' => self::$usergroupids['usergroup for report test second'],
						'access_userid' => 1
					]
				]
			]
		]);
		$this->assertArrayHasKey('reportids', $reports);
	}

	public static function getUsersWithoutPermissions() {
		return [
			[
				[
					'alias' => 'admin without report permissions',
					'password' => 'xibbaz123',
					'type' => 'admin'
				]
			],
			[
				[
					'alias' => 'super-admin without report permissions',
					'password' => 'xibbaz123',
					'type' => 'super-admin'
				]
			]
		];
	}

	/**
	 * Users without option "Manage scheduled reports" in the role can only view the report.
	 *
	 * @dataProvider getUsersWithoutPermissions
	 */
	public function testScheduledReportPermissions_UsersWithoutPermissions($data) {
		$report = 'report to check users without permissions';
		// User with admin type can't see other user alias or user group name.
		$owner = ($data['type'] === 'admin') ? 'Inaccessible user' : 'Admin (Zabbix Administrator)';
		$group = ($data['type'] === 'admin') ? 'Inaccessible user group' : 'Zabbix administrators';
		$this->page->userLogin($data['alias'], $data['password']);

		// Check report in dashboard.
		$this->page->open('zabbix.php?action=dashboard.view&dashboardid=1')->waitUntilReady();
		$this->query('id:dashboard-actions')->one()->waitUntilClickable()->click();
		$popup = CPopupMenuElement::find()->waitUntilVisible()->one();
		$this->assertTrue($popup->hasItems('View related reports'));
		// "Create new report" option is not available in dashboard.
		$this->assertFalse($popup->query('xpath://a[@aria-label="Create new report"]')->one(false)->isValid());

		// Check report on reports list page.
		$this->page->open('zabbix.php?action=scheduledreport.list')->waitUntilReady();
		$this->assertFalse($this->query('button:Create report')->one()->isEnabled());
		$table = $this->query('class:list-table')->asTable()->one();
		$row = $table->findRow('Name', $report);
		// Check the visibility of the user's alias for different types of users.
		$this->assertEquals($owner, $row->getColumn('Owner')->getText());

		// Check the report form.
		$this->query('link', $report)->one()->click();
		$form = $this->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();
		foreach ($form->getLabels()->asText() as $label) {
			if ($label === 'Owner') {
				$form->checkValue(['Owner' => $owner]);
			}

			if ($label === 'Start time') {
				$time_container = $form->getFieldContainer('Start time');
				$this->assertFalse($time_container->query('id:hours')->one()->isEnabled());
				$this->assertFalse($time_container->query('id:minutes')->one()->isEnabled());
				continue;
			}

			if ($label === 'Subscriptions') {
				$subscriptions = $form->getField('Subscriptions')->asTable();

				foreach ($subscriptions->getRows() as $row) {
					// User with admin type should see "Inaccessible user" in columns 'Generate report by' and 'Recipient'
					$this->assertEquals($owner, $row->getColumn('Generate report by')->getText());

					if ($row->getColumn('Recipient')->query('class:zi-user-filled-small')->one(false)->isValid()) {
						$this->assertEquals($owner, $row->getColumn('Recipient')->getText());
					}
					else {
						$this->assertEquals($group, $row->getColumn('Recipient')->getText());
					}

					// "Recipient", "Status" and "Action" columns should not be clickable.
					foreach ($row->getColumns() as $column) {
						$this->assertFalse($column->query('tag:a')->one(false)->isValid());
					}
				}

				continue;
			}

			// All fields are disabled.
			$this->assertFalse($form->getField($label)->isEnabled());
		}
	}

	/**
	 * Check the report cloning, when the admin user see inaccessible user/user groups and dashboard.
	 */
	public function testScheduledReportPermissions_Clone() {
		$report = 'report to check the dashboard change';
		$before = [
			'fields' => ['Dashboard' => 'Inaccessible dashboard', 'Owner' => 'Inaccessible user'],
			'Subscriptions' => [
				[
					'Recipient' => 'admin without report permissions',
					'Generate report by' => 'Recipient'
				],
				[
					'Recipient' => 'Inaccessible user',
					'Generate report by' => 'Inaccessible user'
				],
				[
					'Recipient' => 'Inaccessible user',
					'Generate report by' => 'Recipient'
				],
				[
					'Recipient' => 'Inaccessible user',
					'Generate report by' => 'super-admin report permissions'
				],
				[
					'Recipient' => 'Inaccessible user group',
					'Generate report by' => 'Inaccessible user'
				],
				[
					'Recipient' => 'Inaccessible user group',
					'Generate report by' => 'Recipient'
				],
				[
					'Recipient' => 'Inaccessible user group',
					'Generate report by' => 'super-admin report permissions'
				],
				[
					'Recipient' => 'super-admin report permissions',
					'Generate report by' => 'super-admin report permissions'
				],
				[
					'Recipient' => 'super-admin without report permissions',
					'Generate report by' => 'Inaccessible user'
				],
				[
					'Recipient' => 'usergroup for report test',
					'Generate report by' => 'super-admin report permissions'
				],
				[
					'Recipient' => 'usergroup for report test second',
					'Generate report by' => 'Inaccessible user'
				],
				[
					'Recipient' => 'usergroup for report test third',
					'Generate report by' => 'Recipient'
				]
			]
		];
		// After cloning the report, all "Inaccessible" entities should be changed to current user or removed.
		$after = [
			'fields' => ['Owner' => 'admin report permissions'],
			'Subscriptions' => [
				[
					'Recipient' => 'admin without report permissions',
					'Generate report by' => 'Recipient'
				],
				[
					'Recipient' => 'super-admin report permissions',
					'Generate report by' => 'admin report permissions'
				],
				[
					'Recipient' => 'super-admin without report permissions',
					'Generate report by' => 'admin report permissions'
				],
				[
					'Recipient' => 'usergroup for report test',
					'Generate report by' => 'admin report permissions'
				],
				[
					'Recipient' => 'usergroup for report test second',
					'Generate report by' => 'admin report permissions'
				],
				[
					'Recipient' => 'usergroup for report test third',
					'Generate report by' => 'Recipient'
				]
			]
		];

		$this->page->userLogin('admin report permissions', 'xibbaz123');
		$this->page->open('zabbix.php?action=scheduledreport.list')->waitUntilReady();
		$this->query('link', $report)->waitUntilClickable()->one()->click();
		$form = $this->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();
		$form->checkValue($before['fields']);
		$this->assertTableData($before['Subscriptions'], 'id:subscriptions-table');

		$this->query('button:Clone')->one()->click();
		$this->page->waitUntilReady();
		$form->invalidate();
		$form->checkValue($after['fields']);
		$this->assertTableData($after['Subscriptions'], 'id:subscriptions-table');
		$form->fill(['Name' => 'check permission after clone', 'Dashboard' => 'Global view']);
		$form->submit();
		$this->assertMessage(TEST_GOOD, 'Scheduled report added');

		$this->query('link', 'check permission after clone')->waitUntilClickable()->one()->click();
		$form->invalidate();
		$after['fields']['Name'] = 'check permission after clone';
		$after['fields']['Dashboard'] = 'Global view';
		$form->checkValue($after['fields']);
		$this->assertTableData($after['Subscriptions'], 'id:subscriptions-table');
	}

	public static function getReportData() {
		return [
			[
				[
					'alias' => 'admin report permissions',
					'password' => 'xibbaz123',
					'Subscriptions' => [
						[
							'Recipient' => 'admin without report permissions',
							'Generate report by' => 'Recipient'
						],
						[
							'Recipient' => 'super-admin report permissions',
							'Generate report by' => 'admin report permissions'
						],
						[
							'Recipient' => 'super-admin without report permissions',
							'Generate report by' => 'admin report permissions'
						],
						[
							'Recipient' => 'usergroup for report test',
							'Generate report by' => 'admin report permissions'
						],
						[
							'Recipient' => 'usergroup for report test second',
							'Generate report by' => 'admin report permissions'
						],
						[
							'Recipient' => 'usergroup for report test third',
							'Generate report by' => 'Recipient'
						]
					]
				]
			],
			[
				[
					'alias' => 'second super-admin report permissions',
					'password' => 'xibbaz123',
					'Subscriptions' => [
						[
							'Recipient' => 'Admin (Zabbix Administrator)',
							'Generate report by' => 'second super-admin report permissions'
						],
						[
							'Recipient' => 'admin-zabbix',
							'Generate report by' => 'Recipient'
						],
						[
							'Recipient' => 'admin without report permissions',
							'Generate report by' => 'Recipient'
						],
						[
							'Recipient' => 'Enabled debug mode',
							'Generate report by' => 'second super-admin report permissions'
						],
						[
							'Recipient' => 'Guests',
							'Generate report by' => 'Recipient'
						],
						[
							'Recipient' => 'super-admin report permissions',
							'Generate report by' => 'second super-admin report permissions'
						],
						[
							'Recipient' => 'super-admin without report permissions',
							'Generate report by' => 'second super-admin report permissions'
						],
						[
							'Recipient' => 'user-zabbix',
							'Generate report by' => 'second super-admin report permissions'
						],
						[
							'Recipient' => 'usergroup for report test',
							'Generate report by' => 'second super-admin report permissions'
						],
						[
							'Recipient' => 'usergroup for report test second',
							'Generate report by' => 'second super-admin report permissions'
						],
						[
							'Recipient' => 'usergroup for report test third',
							'Generate report by' => 'Recipient'
						],
						[
							'Recipient' => 'Zabbix administrators',
							'Generate report by' => 'second super-admin report permissions'
						]
					]
				]
			]
		];
	}

	/**
	 * After changing dashboard, all "Generate report by" users should be set to the current user.
	 *
	 * @dataProvider getReportData
	 *
	 * @backup report
	 */
	public function testScheduledReportPermissions_ChangeDashboard($data) {
		$report = 'report to check the dashboard change';
		$this->page->userLogin($data['alias'], $data['password']);
		$this->page->open('zabbix.php?action=scheduledreport.list')->waitUntilReady();
		$this->query('link', $report)->waitUntilClickable()->one()->click();
		$form = $this->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();
		$form->fill(['Dashboard' => 'Global view']);
		$form->submit();
		$overlay = COverlayDialogElement::find()->waitUntilReady()->one();
		$this->assertEquals('Report generated by other users will be changed to the current user.',
				$overlay->query('class:overlay-dialogue-body')->one()->getText());
		$overlay->query('button:OK')->one()->click();
		$this->assertMessage(TEST_GOOD, 'Scheduled report updated');
		$this->query('link', $report)->waitUntilClickable()->one()->click();
		$this->page->waitUntilReady();
		$this->assertTableData($data['Subscriptions'], 'id:subscriptions-table');
	}

	public static function getCreateData() {
		return [
			[
				[
					'alias' => 'admin report permissions',
					'password' => 'xibbaz123',
					'type' => 'admin'
				]
			],
			[
				[
					'alias' => 'super-admin report permissions',
					'password' => 'xibbaz123',
					'type' => 'super-admin'
				]
			]
		];
	}

	/**
	 * Check that report owner value is current logged in user and for admin type 'owner' field is disabled.
	 *
	 * @dataProvider getCreateData
	 */
	public function testScheduledReportPermissions_Create($data) {
		$state = ($data['type'] === 'admin') ? false : true;

		// Check create form on page.
		$this->page->userLogin($data['alias'], $data['password']);
		$this->page->open('zabbix.php?action=scheduledreport.list')->waitUntilReady();
		$this->page->query('button:Create report')->waitUntilClickable()->one()->click();
		$form = $this->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();
		$form->checkValue(['Owner' => $data['alias']]);
		// TODO: check why not working $form->getField('Owner')->isEnabled($state)
		$this->assertTrue($form->getField('Owner')->query('xpath://div[@class="selected"]/ul')->one()->isEnabled($state));

		// Check create form on dashboard.
		$this->page->open('zabbix.php?action=dashboard.view&dashboardid=1')->waitUntilReady();
		$this->query('id:dashboard-actions')->waitUntilClickable()->one()->click();
		CPopupMenuElement::find()->waitUntilVisible()->one()->select('Create new report');
		$overlay = COverlayDialogElement::find()->waitUntilReady()->one();
		$form = $overlay->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();
		$form->checkValue(['Owner' => $data['alias']]);
		$this->assertTrue($form->getField('Owner')->query('xpath://div[@class="selected"]/ul')->one()->isEnabled($state));
	}

	public static function getDeleteData() {
		return [
			[
				[
					'url' => 'dashboard.list',
					'name' => 'dashboard for report permissions',
					'error' => 'Cannot delete dashboard',
					'details' => 'Dashboard "dashboard for report permissions" is used in report "report to check the dashboard change".'
				]
			],
			[
				[
					'url' => 'user.list',
					'name' => 'super-admin report permissions',
					'error' => 'Cannot delete user',
					'details' => 'User "super-admin report permissions" is user on whose behalf report "report to check the dashboard change" is created.'
				]
			],
			[
				[
					'url' => 'user.list',
					'name' => 'user-recipient of the report',
					'error' => 'Cannot delete user',
					'details' => 'User "user-recipient of the report" is report "Report for delete" recipient.'
				]
			],
			[
				[
					'url' => 'usergroup.list',
					'name' => 'usergroup for report test third',
					'error' => 'Cannot delete user group',
					'details' => 'User group "usergroup for report test third" is report "report to check the dashboard change" recipient.'
				]
			]
		];
	}

	/**
	 * Check that cannot delete a user, user group, and dashboard if they are linked to the report.
	 *
	 * @dataProvider getDeleteData
	 *
	 * @backupOnce profiles
	 */
	public function testScheduledReportPermissions_Delete($data) {
		$this->page->userLogin('Admin', 'zabbix');
		$this->page->open('zabbix.php?action='.$data['url'])->waitUntilReady();
		$this->query('link', $data['name'])->waitUntilClickable()->one()->click();
		$this->page->waitUntilReady();
		if ($data['url'] === 'dashboard.list') {
			$this->query('id:dashboard-actions')->waitUntilClickable()->one()->click();
			CPopupMenuElement::find()->waitUntilVisible()->one()->select('Delete');
		}
		else {
			$this->query('button:Delete')->waitUntilClickable()->one()->click();
		}
		$this->page->acceptAlert();
		$this->assertMessage(TEST_BAD, $data['error'], $data['details']);
	}
}
zabbix6.0 1 year ago			`<?php`
			`/*`
			`** Zabbix`
			`** Copyright (C) 2001-2023 Zabbix SIA`
			`**`
			`** This program is free software; you can redistribute it and/or modify`
			`** it under the terms of the GNU General Public License as published by`
			`** the Free Software Foundation; either version 2 of the License, or`
			`** (at your option) any later version.`
			`**`
			`** This program is distributed in the hope that it will be useful,`
			`** but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`** GNU General Public License for more details.`
			`**`
			`** You should have received a copy of the GNU General Public License`
			`** along with this program; if not, write to the Free Software`
			`** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`**/`


			`require_once dirname(__FILE__).'/../../include/CWebTest.php';`
			`require_once dirname(__FILE__).'/../behaviors/CMessageBehavior.php';`
			`require_once dirname(__FILE__).'/../../include/helpers/CDataHelper.php';`
			`require_once dirname(__FILE__).'/../traits/TableTrait.php';`

			`/**`
			`* @dataSource ScheduledReports`
			`*`
			`* @backup report`
			`*`
			`* @onBefore prepareData`
			`*/`
			`class testScheduledReportPermissions extends CWebTest {`

			`use TableTrait;`

			`/**`
			`* Attach MessageBehavior to the test.`
			`*`
			`* @return array`
			`*/`
			`public function getBehaviors() {`
			`return [CMessageBehavior::class];`
			`}`

			`protected static $roleids;`
			`protected static $userids;`
			`protected static $usergroupids;`
			`protected static $dashboardids;`

			`public function prepareData() {`
			`$roles = CDataHelper::call('role.create', [`
			`[`
			`'name' => 'admin role without access to reports',`
			`'type' => 2,`
			`'rules' => [`
			`'actions' => [`
			`[`
			`'name' => 'manage_scheduled_reports',`
			`'status' => '0'`
			`]`
			`]`
			`]`
			`],`
			`[`
			`'name' => 'super-admin role without access to reports',`
			`'type' => 3,`
			`'rules' => [`
			`'actions' => [`
			`[`
			`'name' => 'manage_scheduled_reports',`
			`'status' => '0'`
			`]`
			`]`
			`]`
			`],`
			`[`
			`'name' => 'admin role for reports',`
			`'type' => 2`
			`],`
			`[`
			`'name' => 'super-admin role for reports',`
			`'type' => 3`
			`]`
			`]);`
			`$this->assertArrayHasKey('roleids', $roles);`
			`self::$roleids = CDataHelper::getIds('name');`

			`$group = CDataHelper::call('usergroup.create', [`
			`[`
			`'name' => 'usergroup for report test'`
			`],`
			`[`
			`'name' => 'usergroup for report test second'`
			`],`
			`[`
			`'name' => 'usergroup for report test third'`
			`]`
			`]);`
			`$this->assertArrayHasKey('usrgrpids', $group);`
			`self::$usergroupids = CDataHelper::getIds('name');`

			`$users = CDataHelper::call('user.create', [`
			`[`
			`'username' => 'admin without report permissions',`
			`'passwd' => 'xibbaz123',`
			`'roleid' => self::$roleids['admin role without access to reports'],`
			`'usrgrps' => [`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test']`
			`]`
			`]`
			`],`
			`[`
			`'username' => 'super-admin without report permissions',`
			`'passwd' => 'xibbaz123',`
			`'roleid' => self::$roleids['super-admin role without access to reports'],`
			`'usrgrps' => [`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test']`
			`]`
			`]`
			`],`
			`[`
			`'username' => 'admin report permissions',`
			`'passwd' => 'xibbaz123',`
			`'roleid' => self::$roleids['admin role for reports'],`
			`'usrgrps' => [`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test']`
			`],`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test second']`
			`],`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test third']`
			`]`
			`]`
			`],`
			`[`
			`'username' => 'super-admin report permissions',`
			`'passwd' => 'xibbaz123',`
			`'roleid' => self::$roleids['super-admin role for reports'],`
			`'usrgrps' => [`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test']`
			`]`
			`]`
			`],`
			`[`
			`'username' => 'second super-admin report permissions',`
			`'passwd' => 'xibbaz123',`
			`'roleid' => self::$roleids['super-admin role for reports'],`
			`'usrgrps' => [`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test']`
			`]`
			`]`
			`]`
			`]);`
			`$this->assertArrayHasKey('userids', $users);`
			`self::$userids = CDataHelper::getIds('username');`

			`$dashboards = CDataHelper::call('dashboard.create', [`
			`[`
			`'name' => 'dashboard for report permissions',`
			`'userid' => 1,`
			`'pages' => [`
			`[`
			`'widgets' => [`
			`[`
			`'type' => 'clock',`
			`'x' => 0,`
			`'y' => 0,`
			`'width' => 12,`
			`'height' => 5`
			`]`
			`]`
			`]`
			`]`
			`]`
			`]);`
			`$this->assertArrayHasKey('dashboardids', $dashboards);`
			`self::$dashboardids = CDataHelper::getIds('name');`

			`$reports = CDataHelper::call('report.create', [`
			`[`
			`'userid' => 1,`
			`'name' => 'report to check users without permissions',`
			`'dashboardid' => '1',`
			`'users' => [`
			`[`
			`'userid' => 1,`
			`'access_userid' => 1`
			`]`
			`],`
			`'user_groups' => [`
			`[`
			`'usrgrpid' => 7,`
			`'access_userid' => 1`
			`]`
			`]`
			`],`
			`[`
			`'userid' => 1,`
			`'name' => 'report to check the dashboard change',`
			`'dashboardid' => self::$dashboardids['dashboard for report permissions'],`
			`'users' => [`
			`[`
			`'userid' => 1,`
			`'access_userid' => 1`
			`],`
			`[`
			`'userid' => 40`
			`],`
			`[`
			`'userid' => 50,`
			`'access_userid' => self::$userids['super-admin report permissions']`
			`],`
			`[`
			`'userid' => self::$userids['super-admin report permissions'],`
			`'access_userid' => self::$userids['super-admin report permissions']`
			`],`
			`[`
			`'userid' => self::$userids['admin without report permissions']`
			`],`
			`[`
			`'userid' => self::$userids['super-admin without report permissions'],`
			`'access_userid' => 1`
			`]`
			`],`
			`'user_groups' => [`
			`[`
			`'usrgrpid' => 7,`
			`'access_userid' => 1`
			`],`
			`[`
			`'usrgrpid' => 8`
			`],`
			`[`
			`'usrgrpid' => 11,`
			`'access_userid' => self::$userids['super-admin report permissions']`
			`],`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test'],`
			`'access_userid' => self::$userids['super-admin report permissions']`
			`],`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test third']`
			`],`
			`[`
			`'usrgrpid' => self::$usergroupids['usergroup for report test second'],`
			`'access_userid' => 1`
			`]`
			`]`
			`]`
			`]);`
			`$this->assertArrayHasKey('reportids', $reports);`
			`}`

			`public static function getUsersWithoutPermissions() {`
			`return [`
			`[`
			`[`
			`'alias' => 'admin without report permissions',`
			`'password' => 'xibbaz123',`
			`'type' => 'admin'`
			`]`
			`],`
			`[`
			`[`
			`'alias' => 'super-admin without report permissions',`
			`'password' => 'xibbaz123',`
			`'type' => 'super-admin'`
			`]`
			`]`
			`];`
			`}`

			`/**`
			`* Users without option "Manage scheduled reports" in the role can only view the report.`
			`*`
			`* @dataProvider getUsersWithoutPermissions`
			`*/`
			`public function testScheduledReportPermissions_UsersWithoutPermissions($data) {`
			`$report = 'report to check users without permissions';`
			`// User with admin type can't see other user alias or user group name.`
			`$owner = ($data['type'] === 'admin') ? 'Inaccessible user' : 'Admin (Zabbix Administrator)';`
			`$group = ($data['type'] === 'admin') ? 'Inaccessible user group' : 'Zabbix administrators';`
			`$this->page->userLogin($data['alias'], $data['password']);`

			`// Check report in dashboard.`
			`$this->page->open('zabbix.php?action=dashboard.view&dashboardid=1')->waitUntilReady();`
			`$this->query('id:dashboard-actions')->one()->waitUntilClickable()->click();`
			`$popup = CPopupMenuElement::find()->waitUntilVisible()->one();`
			`$this->assertTrue($popup->hasItems('View related reports'));`
			`// "Create new report" option is not available in dashboard.`
			`$this->assertFalse($popup->query('xpath://a[@aria-label="Create new report"]')->one(false)->isValid());`

			`// Check report on reports list page.`
			`$this->page->open('zabbix.php?action=scheduledreport.list')->waitUntilReady();`
			`$this->assertFalse($this->query('button:Create report')->one()->isEnabled());`
			`$table = $this->query('class:list-table')->asTable()->one();`
			`$row = $table->findRow('Name', $report);`
			`// Check the visibility of the user's alias for different types of users.`
			`$this->assertEquals($owner, $row->getColumn('Owner')->getText());`

			`// Check the report form.`
			`$this->query('link', $report)->one()->click();`
			`$form = $this->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();`
			`foreach ($form->getLabels()->asText() as $label) {`
			`if ($label === 'Owner') {`
			`$form->checkValue(['Owner' => $owner]);`
			`}`

			`if ($label === 'Start time') {`
			`$time_container = $form->getFieldContainer('Start time');`
			`$this->assertFalse($time_container->query('id:hours')->one()->isEnabled());`
			`$this->assertFalse($time_container->query('id:minutes')->one()->isEnabled());`
			`continue;`
			`}`

			`if ($label === 'Subscriptions') {`
			`$subscriptions = $form->getField('Subscriptions')->asTable();`

			`foreach ($subscriptions->getRows() as $row) {`
			`// User with admin type should see "Inaccessible user" in columns 'Generate report by' and 'Recipient'`
			`$this->assertEquals($owner, $row->getColumn('Generate report by')->getText());`

			`if ($row->getColumn('Recipient')->query('class:zi-user-filled-small')->one(false)->isValid()) {`
			`$this->assertEquals($owner, $row->getColumn('Recipient')->getText());`
			`}`
			`else {`
			`$this->assertEquals($group, $row->getColumn('Recipient')->getText());`
			`}`

			`// "Recipient", "Status" and "Action" columns should not be clickable.`
			`foreach ($row->getColumns() as $column) {`
			`$this->assertFalse($column->query('tag:a')->one(false)->isValid());`
			`}`
			`}`

			`continue;`
			`}`

			`// All fields are disabled.`
			`$this->assertFalse($form->getField($label)->isEnabled());`
			`}`
			`}`

			`/**`
			`* Check the report cloning, when the admin user see inaccessible user/user groups and dashboard.`
			`*/`
			`public function testScheduledReportPermissions_Clone() {`
			`$report = 'report to check the dashboard change';`
			`$before = [`
			`'fields' => ['Dashboard' => 'Inaccessible dashboard', 'Owner' => 'Inaccessible user'],`
			`'Subscriptions' => [`
			`[`
			`'Recipient' => 'admin without report permissions',`
			`'Generate report by' => 'Recipient'`
			`],`
			`[`
			`'Recipient' => 'Inaccessible user',`
			`'Generate report by' => 'Inaccessible user'`
			`],`
			`[`
			`'Recipient' => 'Inaccessible user',`
			`'Generate report by' => 'Recipient'`
			`],`
			`[`
			`'Recipient' => 'Inaccessible user',`
			`'Generate report by' => 'super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'Inaccessible user group',`
			`'Generate report by' => 'Inaccessible user'`
			`],`
			`[`
			`'Recipient' => 'Inaccessible user group',`
			`'Generate report by' => 'Recipient'`
			`],`
			`[`
			`'Recipient' => 'Inaccessible user group',`
			`'Generate report by' => 'super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'super-admin report permissions',`
			`'Generate report by' => 'super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'super-admin without report permissions',`
			`'Generate report by' => 'Inaccessible user'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test',`
			`'Generate report by' => 'super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test second',`
			`'Generate report by' => 'Inaccessible user'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test third',`
			`'Generate report by' => 'Recipient'`
			`]`
			`]`
			`];`
			`// After cloning the report, all "Inaccessible" entities should be changed to current user or removed.`
			`$after = [`
			`'fields' => ['Owner' => 'admin report permissions'],`
			`'Subscriptions' => [`
			`[`
			`'Recipient' => 'admin without report permissions',`
			`'Generate report by' => 'Recipient'`
			`],`
			`[`
			`'Recipient' => 'super-admin report permissions',`
			`'Generate report by' => 'admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'super-admin without report permissions',`
			`'Generate report by' => 'admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test',`
			`'Generate report by' => 'admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test second',`
			`'Generate report by' => 'admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test third',`
			`'Generate report by' => 'Recipient'`
			`]`
			`]`
			`];`

			`$this->page->userLogin('admin report permissions', 'xibbaz123');`
			`$this->page->open('zabbix.php?action=scheduledreport.list')->waitUntilReady();`
			`$this->query('link', $report)->waitUntilClickable()->one()->click();`
			`$form = $this->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();`
			`$form->checkValue($before['fields']);`
			`$this->assertTableData($before['Subscriptions'], 'id:subscriptions-table');`

			`$this->query('button:Clone')->one()->click();`
			`$this->page->waitUntilReady();`
			`$form->invalidate();`
			`$form->checkValue($after['fields']);`
			`$this->assertTableData($after['Subscriptions'], 'id:subscriptions-table');`
			`$form->fill(['Name' => 'check permission after clone', 'Dashboard' => 'Global view']);`
			`$form->submit();`
			`$this->assertMessage(TEST_GOOD, 'Scheduled report added');`

			`$this->query('link', 'check permission after clone')->waitUntilClickable()->one()->click();`
			`$form->invalidate();`
			`$after['fields']['Name'] = 'check permission after clone';`
			`$after['fields']['Dashboard'] = 'Global view';`
			`$form->checkValue($after['fields']);`
			`$this->assertTableData($after['Subscriptions'], 'id:subscriptions-table');`
			`}`

			`public static function getReportData() {`
			`return [`
			`[`
			`[`
			`'alias' => 'admin report permissions',`
			`'password' => 'xibbaz123',`
			`'Subscriptions' => [`
			`[`
			`'Recipient' => 'admin without report permissions',`
			`'Generate report by' => 'Recipient'`
			`],`
			`[`
			`'Recipient' => 'super-admin report permissions',`
			`'Generate report by' => 'admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'super-admin without report permissions',`
			`'Generate report by' => 'admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test',`
			`'Generate report by' => 'admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test second',`
			`'Generate report by' => 'admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test third',`
			`'Generate report by' => 'Recipient'`
			`]`
			`]`
			`]`
			`],`
			`[`
			`[`
			`'alias' => 'second super-admin report permissions',`
			`'password' => 'xibbaz123',`
			`'Subscriptions' => [`
			`[`
			`'Recipient' => 'Admin (Zabbix Administrator)',`
			`'Generate report by' => 'second super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'admin-zabbix',`
			`'Generate report by' => 'Recipient'`
			`],`
			`[`
			`'Recipient' => 'admin without report permissions',`
			`'Generate report by' => 'Recipient'`
			`],`
			`[`
			`'Recipient' => 'Enabled debug mode',`
			`'Generate report by' => 'second super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'Guests',`
			`'Generate report by' => 'Recipient'`
			`],`
			`[`
			`'Recipient' => 'super-admin report permissions',`
			`'Generate report by' => 'second super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'super-admin without report permissions',`
			`'Generate report by' => 'second super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'user-zabbix',`
			`'Generate report by' => 'second super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test',`
			`'Generate report by' => 'second super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test second',`
			`'Generate report by' => 'second super-admin report permissions'`
			`],`
			`[`
			`'Recipient' => 'usergroup for report test third',`
			`'Generate report by' => 'Recipient'`
			`],`
			`[`
			`'Recipient' => 'Zabbix administrators',`
			`'Generate report by' => 'second super-admin report permissions'`
			`]`
			`]`
			`]`
			`]`
			`];`
			`}`

			`/**`
			`* After changing dashboard, all "Generate report by" users should be set to the current user.`
			`*`
			`* @dataProvider getReportData`
			`*`
			`* @backup report`
			`*/`
			`public function testScheduledReportPermissions_ChangeDashboard($data) {`
			`$report = 'report to check the dashboard change';`
			`$this->page->userLogin($data['alias'], $data['password']);`
			`$this->page->open('zabbix.php?action=scheduledreport.list')->waitUntilReady();`
			`$this->query('link', $report)->waitUntilClickable()->one()->click();`
			`$form = $this->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();`
			`$form->fill(['Dashboard' => 'Global view']);`
			`$form->submit();`
			`$overlay = COverlayDialogElement::find()->waitUntilReady()->one();`
			`$this->assertEquals('Report generated by other users will be changed to the current user.',`
			`$overlay->query('class:overlay-dialogue-body')->one()->getText());`
			`$overlay->query('button:OK')->one()->click();`
			`$this->assertMessage(TEST_GOOD, 'Scheduled report updated');`
			`$this->query('link', $report)->waitUntilClickable()->one()->click();`
			`$this->page->waitUntilReady();`
			`$this->assertTableData($data['Subscriptions'], 'id:subscriptions-table');`
			`}`

			`public static function getCreateData() {`
			`return [`
			`[`
			`[`
			`'alias' => 'admin report permissions',`
			`'password' => 'xibbaz123',`
			`'type' => 'admin'`
			`]`
			`],`
			`[`
			`[`
			`'alias' => 'super-admin report permissions',`
			`'password' => 'xibbaz123',`
			`'type' => 'super-admin'`
			`]`
			`]`
			`];`
			`}`

			`/**`
			`* Check that report owner value is current logged in user and for admin type 'owner' field is disabled.`
			`*`
			`* @dataProvider getCreateData`
			`*/`
			`public function testScheduledReportPermissions_Create($data) {`
			`$state = ($data['type'] === 'admin') ? false : true;`

			`// Check create form on page.`
			`$this->page->userLogin($data['alias'], $data['password']);`
			`$this->page->open('zabbix.php?action=scheduledreport.list')->waitUntilReady();`
			`$this->page->query('button:Create report')->waitUntilClickable()->one()->click();`
			`$form = $this->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();`
			`$form->checkValue(['Owner' => $data['alias']]);`
			`// TODO: check why not working $form->getField('Owner')->isEnabled($state)`
			`$this->assertTrue($form->getField('Owner')->query('xpath://div[@class="selected"]/ul')->one()->isEnabled($state));`

			`// Check create form on dashboard.`
			`$this->page->open('zabbix.php?action=dashboard.view&dashboardid=1')->waitUntilReady();`
			`$this->query('id:dashboard-actions')->waitUntilClickable()->one()->click();`
			`CPopupMenuElement::find()->waitUntilVisible()->one()->select('Create new report');`
			`$overlay = COverlayDialogElement::find()->waitUntilReady()->one();`
			`$form = $overlay->query('id:scheduledreport-form')->waitUntilVisible()->asForm()->one();`
			`$form->checkValue(['Owner' => $data['alias']]);`
			`$this->assertTrue($form->getField('Owner')->query('xpath://div[@class="selected"]/ul')->one()->isEnabled($state));`
			`}`

			`public static function getDeleteData() {`
			`return [`
			`[`
			`[`
			`'url' => 'dashboard.list',`
			`'name' => 'dashboard for report permissions',`
			`'error' => 'Cannot delete dashboard',`
			`'details' => 'Dashboard "dashboard for report permissions" is used in report "report to check the dashboard change".'`
			`]`
			`],`
			`[`
			`[`
			`'url' => 'user.list',`
			`'name' => 'super-admin report permissions',`
			`'error' => 'Cannot delete user',`
			`'details' => 'User "super-admin report permissions" is user on whose behalf report "report to check the dashboard change" is created.'`
			`]`
			`],`
			`[`
			`[`
			`'url' => 'user.list',`
			`'name' => 'user-recipient of the report',`
			`'error' => 'Cannot delete user',`
			`'details' => 'User "user-recipient of the report" is report "Report for delete" recipient.'`
			`]`
			`],`
			`[`
			`[`
			`'url' => 'usergroup.list',`
			`'name' => 'usergroup for report test third',`
			`'error' => 'Cannot delete user group',`
			`'details' => 'User group "usergroup for report test third" is report "report to check the dashboard change" recipient.'`
			`]`
			`]`
			`];`
			`}`

			`/**`
			`* Check that cannot delete a user, user group, and dashboard if they are linked to the report.`
			`*`
			`* @dataProvider getDeleteData`
			`*`
			`* @backupOnce profiles`
			`*/`
			`public function testScheduledReportPermissions_Delete($data) {`
			`$this->page->userLogin('Admin', 'zabbix');`
			`$this->page->open('zabbix.php?action='.$data['url'])->waitUntilReady();`
			`$this->query('link', $data['name'])->waitUntilClickable()->one()->click();`
			`$this->page->waitUntilReady();`
			`if ($data['url'] === 'dashboard.list') {`
			`$this->query('id:dashboard-actions')->waitUntilClickable()->one()->click();`
			`CPopupMenuElement::find()->waitUntilVisible()->one()->select('Delete');`
			`}`
			`else {`
			`$this->query('button:Delete')->waitUntilClickable()->one()->click();`
			`}`
			`$this->page->acceptAlert();`
			`$this->assertMessage(TEST_BAD, $data['error'], $data['details']);`
			`}`
			`}`