/** * @param SecurableItem $securableItem */ public static function forgetSecurableItemForChange(SecurableItem $securableItem) { if ($securableItem->getClassId('SecurableItem') == 0) { return; } $securableItemModelIdentifer = $securableItem->getClassId('SecurableItem'); if (static::supportsAndAllowsPhpCaching()) { static::$securableItemToPermitableToChangePermissions[$securableItemModelIdentifer] = array(); } if (static::supportsAndAllowsMemcache()) { $prefix = static::getCachePrefix($securableItemModelIdentifer) . static::CHANGE; Yii::app()->cache->delete($prefix . $securableItemModelIdentifer); } }
public function checkPermissionsHasAnyOf($requiredPermissions, User $user = null) { assert('is_int($requiredPermissions)'); assert('in_array($requiredPermissions, array(Permission::READ, Permission::WRITE, Permission::DELETE, Permission::CHANGE_PERMISSIONS, Permission::CHANGE_OWNER))'); if ($user == null) { $user = Yii::app()->user->userModel; } if (Permission::ALL == $this->resolveEffectivePermissionsForOwnerAndCreatedByUser($user)) { return; } elseif ($this->isDeleting) { //Avoid potential problems with accessing information already removed from munge. //Potentially there could be some gap with doing this, but it improves performance on complex //role/group setups. return; } else { if (SECURITY_OPTIMIZED) { $modelClassName = get_called_class(); $moduleClassName = $modelClassName::getModuleClassName(); if (static::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule') && AllPermissionsOptimizationUtil::checkPermissionsHasAnyOf($requiredPermissions, $this, $user)) { return; } } parent::checkPermissionsHasAnyOf($requiredPermissions, $user); } }
public static function getAccountMungeRows(SecurableItem $securableItem = null) { if ($securableItem === null) { $rows = ZurmoRedBean::getAll('select name, munge_id, count from account_read, ownedsecurableitem, account where account_read.securableitem_id = ownedsecurableitem.securableitem_id and ownedsecurableitem.id = account.ownedsecurableitem_id order by name, munge_id, account_read.securableitem_id, count'); } else { $securableItemId = $securableItem->getClassId('SecurableItem'); $rows = ZurmoRedBean::getAll("select munge_id, count\n from account_read\n where securableitem_id = {$securableItemId}\n order by munge_id, count"); } $rowsWithValues = array(); foreach ($rows as $row) { $row = array_values($row); array_walk($row, array('self', 'stripFullStops')); $rowsWithValues[] = $row; } return $rowsWithValues; }
/** * Given a SecurableItem, add and remove permissions just on the securableItem. Since this method * is called when the SecurableItem is not being saved and just for display purposes in the user interface. * @param SecurableItem $securableItem * @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions * @return boolean * @throws NotSupportedException() */ public static function resolveExplicitReadWriteModelPermissionsForDisplay(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions) { assert('$securableItem->id < 0'); if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) { foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) { $securableItem->addPermissions($permitable, Permission::READ); } } if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) { foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) { $securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); } } return true; }
protected static function getGroupMungeCount(SecurableItem $securableItem, Group $group) { $count = 0; list($allowPermissions, $denyPermissions) = $securableItem->getExplicitActualPermissions($group); $effectiveExplicitPermissions = $allowPermissions & ~$denyPermissions; if (($effectiveExplicitPermissions & Permission::READ) == Permission::READ) { $count++; } if ($group->group->id > 0 && !(!RedBeanDatabase::isFrozen() && $group->group->isSame($group))) { $count += self::getGroupMungeCount($securableItem, $group->group); } return $count; }
protected static function translatedAttributeLabels($language) { return array_merge(parent::translatedAttributeLabels($language), array('owner' => Zurmo::t('ZurmoModule', 'Owner', array(), null, $language))); }
/** * Override for the 'name' attribute since 'name' can be retrieved regardless of permissions of the user asking * for it. * @see SecurableItem::__get() */ public function __get($attributeName) { if ($attributeName == 'name') { return $this->unrestrictedGet('name'); } return parent::__get($attributeName); }
public static function forgetSecurableItem(SecurableItem $securableItem, $forgetDbLevelCache = true) { if ($securableItem->getClassId('SecurableItem') == 0) { return; } $securableItemModelIdentifer = $securableItem->getModelIdentifier(); if (PHP_CACHING_ON) { self::$securableItemToPermitableToCombinedPermissions[$securableItemModelIdentifer] = array(); } if (MEMCACHE_ON && Yii::app()->cache !== null) { $prefix = self::getCachePrefix($securableItemModelIdentifer, self::$cacheType); Yii::app()->cache->delete($prefix . $securableItemModelIdentifer); } if (SECURITY_OPTIMIZED && DB_CACHING_ON && $forgetDbLevelCache) { $securableItemId = $securableItem->getClassID('SecurableItem'); ZurmoDatabaseCompatibilityUtil::callProcedureWithoutOuts("clear_cache_securableitem_actual_permissions({$securableItemId})"); } }
/** * Update all account read permissions items when permissions for item is removed from user */ public static function securableItemLostPermissionsForUser(SecurableItem $securableItem) { if ($securableItem instanceof Account) { $modelDerivationPathToItem = RuntimeUtil::getModelDerivationPathToItem('Account'); $account = $securableItem->castDown(array($modelDerivationPathToItem)); self::updateAccountReadSubscriptionTableBasedOnBuildTable($account->id); } }
public static function forgetSecurableItem(SecurableItem $securableItem, $forgetDbLevelCache = true) { if ($securableItem->getClassId('SecurableItem') == 0) { return; } $securableItemModelIdentifer = $securableItem->getModelIdentifier(); if (static::supportsAndAllowsPhpCaching()) { static::$securableItemToPermitableToCombinedPermissions[$securableItemModelIdentifer] = array(); } if (static::supportsAndAllowsMemcache()) { $prefix = static::getCachePrefix($securableItemModelIdentifer); Yii::app()->cache->delete($prefix . $securableItemModelIdentifer); } if (SECURITY_OPTIMIZED && static::supportsAndAllowsDatabaseCaching() && $forgetDbLevelCache) { $securableItemId = $securableItem->getClassID('SecurableItem'); ZurmoDatabaseCompatibilityUtil::callProcedureWithoutOuts("clear_cache_securableitem_actual_permissions({$securableItemId})"); } }