/**
* For now, this determines if there is a subclass of
* ModelElement and makes the appropriate adjustments
* based on the user's access to this element and its
* related attributes. This is for the Editable render.
* @return null. Modifies $elementInformation by reference.
*/
public static function resolveElementForEditableRender($model, &$elementInformation, $user)
{
assert('$model instanceof RedBeanModel || $model instanceof CModel');
assert('is_array($elementInformation)');
assert('$user instanceof User && $user->id > 0');
$elementclassname = $elementInformation['type'] . 'Element';
$attributeName = $elementInformation['attributeName'];
if (is_subclass_of($elementclassname, 'ModelElement')) {
$editableActionType = $elementclassname::getEditableActionType();
if (!ActionSecurityUtil::canUserPerformAction($editableActionType, $model->{$attributeName}, $user)) {
$elementInformation['attributeName'] = null;
$elementInformation['type'] = 'Null';
// Not Coding Standard
//TODO: potentially throw misconfiguration exception if field is required
//instead of just setting a null element.
} elseif ($editableActionType == 'ModalList' && $model->{$attributeName} != null && $model->{$attributeName} instanceof RedBeanModel & $model->{$attributeName}->id > 0 && !ActionSecurityUtil::canUserPerformAction('Details', $model->{$attributeName}, $user)) {
$elementInformation['attributeName'] = null;
$elementInformation['type'] = 'Null';
// Not Coding Standard
}
}
if (is_subclass_of($elementclassname, 'ModelsElement')) {
$actionType = $elementclassname::getEditableActionType();
if ($actionType != null) {
$actionSecurity = ActionSecurityFactory::createRightsOnlyActionSecurityFromActionType($actionType, $user);
if (!$actionSecurity->canUserPerformAction()) {
$elementInformation['attributeName'] = null;
$elementInformation['type'] = 'Null';
// Not Coding Standard
//TODO: potentially throw misconfiguration exception if field is required
//instead of just setting a null element.
}
}
}
}
public function testCreateActionSecurityFromActionType()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$object = ActionSecurityFactory::createActionSecurityFromActionType('Delete', new Account(), $super);
$this->assertTrue($object instanceof ActionSecurity);
}
public function testCanCurrentUserPerformAction()
{
Yii::app()->user->userModel = User::getByUsername('billy');
$leadForBilly = LeadTestHelper::createLeadbyNameForOwner("billy's lead", User::getByUsername('billy'));
$betty = User::getByUsername('betty');
Yii::app()->user->userModel = $betty;
$leadForBetty = LeadTestHelper::createLeadbyNameForOwner("betty's lead", User::getByUsername('betty'));
$betty->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS, Right::ALLOW);
$saved = $betty->save();
$this->assertTrue($saved);
//make sure betty doesnt have write on billy's lead
$this->assertEquals(Permission::NONE, $leadForBilly->getEffectivePermissions($betty));
//make sure betty doesnt have convert lead right already
$this->assertEquals(Right::DENY, $betty->getEffectiveRight('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS));
//test Betty has no right to convert leads
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBilly, $betty);
$this->assertFalse($actionSecurity->canUserPerformAction());
//test Betty has right to convert leads but cant write the lead she doesn't own
$betty->setRight('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS, Right::ALLOW);
$this->assertTrue($betty->save());
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBilly, $betty);
$this->assertFalse($actionSecurity->canUserPerformAction());
//test Betty has right to convert and to write a lead she owns.
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBetty, $betty);
$this->assertTrue($actionSecurity->canUserPerformAction());
}
public function testCreateRightsOnlyActionSecurityFromActionType()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$object = ActionSecurityFactory::createRightsOnlyActionSecurityFromActionType('ConversationItemsModalList', $super);
$this->assertTrue($object instanceof RightsOnlyActionSecurity);
}
/**
* Check if user can perform an action. Action type examples:
* Details, Edit, Delete. Action types are returned by actionElements
* via getActionType method. If the model is not a securable model
* then return true. If the model is a Permitable such as User this will
* return true. This does not necessarily mean the current user is allowed through
* the user interface to edit the $model (User). This must be controlled by
* controller rights filters.
* @param $actionType
* @param $model
* @param $user
* @return bool true if user can perform action.
*/
public static function canUserPerformAction($actionType, $model, $user)
{
assert('$user instanceof User && $user->id > 0');
assert('$actionType == null || is_string($actionType)');
if (!$model instanceof SecurableItem) {
return true;
}
if ($actionType == null) {
return true;
}
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType($actionType, $model, $user);
return $actionSecurity->canUserPerformAction();
}
/**
* @param ActionElement $element
* @param array $elementInformation
* @return bool
*/
protected function shouldRenderToolBarElement($element, $elementInformation)
{
assert('$element instanceof ActionElement');
assert('is_array($elementInformation)');
if (!parent::shouldRenderToolBarElement($element, $elementInformation)) {
return false;
}
$actionType = $element->getActionType();
if ($actionType == null) {
return true;
}
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType($actionType, $this->makeModel(), Yii::app()->user->userModel);
return $actionSecurity->canUserPerformAction();
}
