SAK-131: Add Role based SU security
...
Login as admin, access the Realms tool, and delete the the realm entitled '!su.can_su_realm'.
Select the test site that contains the SU Tool.
Type the name of any non-admin or admin user and select 'Become User' button (the latter case will fail the su, but should achieve the desired results for this test.)
If necessary, log out and re-login as an admin user.
Return to Realms tool and search for the above realm name.
Expected result: '!su.can_su_realm' will be created if missing the first time the tool is opened by a SuperUser.
...
Login as admin, access the Realms tool, and delete the realm entitled '!su.can_su_realm'.
Log out and re-login as a non-admin user in the test site with the SU Tool.
Type the name of any non-admin or admin user and select 'Become User' button (the latter case will fail the su, but should achieve the desired results for this test.)
If necessary, log out and re-login as an admin user.
Return to Realms tool and search for the above realm name.
Expected result: '!su.can_su_realm' will be created if missing the first time the tool is opened by a Standard User.
...
Login as admin and select the test site that contains the SU Tool.
Type in the name of another SuperUser and select 'become user'.
Expected result: 'unauthorized' - SuperUsers cannot su a SuperUser account
Select the up arrow (Reset function.)
Type in the name of a Standard User and select 'become user'.
Expected result: success
Test 4 - Validate Standard User cannot SU another Standard User
Login as a Standard User and select the test site that contains the SU Tool.
Type in the name of another Standard User and select 'become user'.
Expected result: 'unauthorized' - Standard users cannot su another standard user account with out the correct permissions
...
Login as a Standard User and select the test site that contains the SU Tool.
Type in the name of a SuperUser and select 'become user'.
Expected result: 'unauthorized' - Standard users cannot SU a SuperUser account.
...
Logout and re-login as one of the Priveleged User.
Select the test site that contains the SU Tool.
Select SU Tool and type in the name of SuperUser and select 'become user'.
Expected result: 'unauthorized' - Privileged users cannot SU a SuperUser account.
...
Reset the SU Tool (by using the up arrow.)
Type in the name of another standard user and select 'become user'.
Expected result: success
6c - Validate Priveleged User can SU another Priveleged User
Logout and re-login as one of the Priveleged User.
Select the test site that contains the SU Tool.
Type in the name of the other Priveleged User and select 'become user'.
Expected result: success
Test 7a - Validate SuperUser can SU Priveleged User
Logout and re-login as SuperUser.
Select the test site that contains the SU Tool.
Select SU Tool and type in the name of one of the Priveleged Users and select 'become user'.
Expected result: success
7b - Validate Standard User cannot SU Priveleged User
Logout and re-login as Standard User.
Select the test site that contains the SU Tool.
Type in the name of one of the Priveleged Users and select 'become user'.
Expected result: 'unauthorized' - Standard users cannot SU a Privileged account.
...
Logout and re-login as Priveleged User with new 'Cannot SU' role.
Select the test site that contains the SU Tool.
Type in the name of one of the Priveleged Users and select 'become user'.
Reset and type in the name of s SuperUser and select 'become user'.
Reset and type in the name of a Standard User and select 'become user'.
Expected results - all 3 attempts: 'unauthorized' - Standard users cannot SU a Privileged account.
...