public function testSettingAndGetting()
{
Yii::app()->user->userModel = User::getByUsername('super');
$group1 = new Group();
$group1->name = 'Group1';
$this->assertTrue($group1->save());
$group2 = new Group();
$group2->name = 'Group2';
$this->assertTrue($group2->save());
$group3 = new Group();
$group3->name = 'Group3';
$this->assertTrue($group3->save());
$group4 = new Group();
$group4->name = 'Group4';
$this->assertTrue($group4->save());
$group5 = new Group();
$group5->name = 'Group5';
$this->assertTrue($group5->save());
$group6 = new Group();
$group6->name = 'Group6';
$this->assertTrue($group6->save());
$explicitReadWriteModelPermissions = new ExplicitReadWriteModelPermissions();
$this->assertEquals(0, $explicitReadWriteModelPermissions->getReadOnlyPermitablesCount());
$this->assertEquals(0, $explicitReadWriteModelPermissions->getReadWritePermitablesCount());
//Now add permitables and test retrieving them.
$explicitReadWriteModelPermissions->addReadOnlyPermitable($group1);
$explicitReadWriteModelPermissions->addReadWritePermitable($group2);
$explicitReadWriteModelPermissions->addReadWritePermitable($group3);
$explicitReadWriteModelPermissions->addReadOnlyPermitableToRemove($group4);
$explicitReadWriteModelPermissions->addReadWritePermitableToRemove($group5);
$this->assertEquals(1, $explicitReadWriteModelPermissions->getReadOnlyPermitablesCount());
$this->assertEquals(2, $explicitReadWriteModelPermissions->getReadWritePermitablesCount());
$this->assertEquals(1, $explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount());
$this->assertEquals(1, $explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount());
$readOnlyPermitables = $explicitReadWriteModelPermissions->getReadOnlyPermitables();
$readWritePermitables = $explicitReadWriteModelPermissions->getReadWritePermitables();
$this->assertEquals(1, count($readOnlyPermitables));
$this->assertEquals(2, count($readWritePermitables));
$this->assertEquals($group1, $readOnlyPermitables[$group1->id]);
$this->assertEquals($group2, $readWritePermitables[$group2->id]);
$this->assertEquals($group3, $readWritePermitables[$group3->id]);
$readOnlyPermitablesToRemove = $explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove();
$readWritePermitablesToRemove = $explicitReadWriteModelPermissions->getReadWritePermitablesToRemove();
$this->assertEquals($group4, $readOnlyPermitablesToRemove[$group4->id]);
$this->assertEquals($group5, $readWritePermitablesToRemove[$group5->id]);
$this->assertTrue($explicitReadWriteModelPermissions->isReadOrReadWritePermitable($group1));
$this->assertTrue($explicitReadWriteModelPermissions->isReadOrReadWritePermitable($group2));
$this->assertTrue($explicitReadWriteModelPermissions->isReadOrReadWritePermitable($group3));
$this->assertFalse($explicitReadWriteModelPermissions->isReadOrReadWritePermitable($group4));
$this->assertFalse($explicitReadWriteModelPermissions->isReadOrReadWritePermitable($group5));
$this->assertFalse($explicitReadWriteModelPermissions->isReadOrReadWritePermitable($group6));
$this->assertEquals(1, count($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove()));
$explicitReadWriteModelPermissions->removeAllReadWritePermitables();
$this->assertEquals(3, count($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove()));
}
/**
* Given a SecurableItem, add and remove permissions
* based on what the provided ExplicitReadWriteModelPermissions indicates should be done.
* Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user
* can effectively add permissions even if the current user is no longer the owner.
* @param SecurableItem $securableItem
* @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions
* @return boolean
* @throws NotSupportedException()
*/
public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions)
{
assert('$securableItem->id > 0');
$securableItem->setTreatCurrentUserAsOwnerForPermissions(true);
$saveSecurableItem = false;
if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) {
$securableItem->addPermissions($permitable, Permission::READ);
if ($permitable instanceof Group) {
ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable);
} elseif ($permitable instanceof User) {
ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable);
} else {
throw new NotSupportedException();
}
}
}
if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) {
$securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
if ($permitable instanceof Group) {
ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable);
} elseif ($permitable instanceof User) {
ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable);
} else {
throw new NotSupportedException();
}
}
}
if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) {
$securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW);
if ($permitable instanceof Group) {
ReadPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable);
} elseif ($permitable instanceof User) {
ReadPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable);
} else {
throw new NotSupportedException();
}
}
}
if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) {
$saveSecurableItem = true;
foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) {
$securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW);
if ($permitable instanceof Group) {
ReadPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable);
} elseif ($permitable instanceof User) {
ReadPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable);
} else {
throw new NotSupportedException();
}
}
}
if ($saveSecurableItem) {
$setBackToProcess = false;
if ($securableItem->shouldProcessWorkflowOnSave()) {
$securableItem->setDoNotProcessWorkflowOnSave();
$setBackToProcess = true;
}
$saved = $securableItem->save();
if ($setBackToProcess) {
$securableItem->setProcessWorkflowOnSave();
}
$securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
return $saved;
}
$securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
return true;
}
