/** * For now, this determines if there is a subclass of * ModelElement and makes the appropriate adjustments * based on the user's access to this element and its * related attributes. This is for the Editable render. * @return null. Modifies $elementInformation by reference. */ public static function resolveElementForEditableRender($model, &$elementInformation, $user) { assert('$model instanceof RedBeanModel || $model instanceof CModel'); assert('is_array($elementInformation)'); assert('$user instanceof User && $user->id > 0'); $elementclassname = $elementInformation['type'] . 'Element'; $attributeName = $elementInformation['attributeName']; if (is_subclass_of($elementclassname, 'ModelElement')) { $editableActionType = $elementclassname::getEditableActionType(); if (!ActionSecurityUtil::canUserPerformAction($editableActionType, $model->{$attributeName}, $user)) { $elementInformation['attributeName'] = null; $elementInformation['type'] = 'Null'; // Not Coding Standard //TODO: potentially throw misconfiguration exception if field is required //instead of just setting a null element. } elseif ($editableActionType == 'ModalList' && $model->{$attributeName} != null && $model->{$attributeName} instanceof RedBeanModel & $model->{$attributeName}->id > 0 && !ActionSecurityUtil::canUserPerformAction('Details', $model->{$attributeName}, $user)) { $elementInformation['attributeName'] = null; $elementInformation['type'] = 'Null'; // Not Coding Standard } } if (is_subclass_of($elementclassname, 'ModelsElement')) { $actionType = $elementclassname::getEditableActionType(); if ($actionType != null) { $actionSecurity = ActionSecurityFactory::createRightsOnlyActionSecurityFromActionType($actionType, $user); if (!$actionSecurity->canUserPerformAction()) { $elementInformation['attributeName'] = null; $elementInformation['type'] = 'Null'; // Not Coding Standard //TODO: potentially throw misconfiguration exception if field is required //instead of just setting a null element. } } } }
public function testCreateRightsOnlyActionSecurityFromActionType() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $object = ActionSecurityFactory::createRightsOnlyActionSecurityFromActionType('ConversationItemsModalList', $super); $this->assertTrue($object instanceof RightsOnlyActionSecurity); }