/**
* Override to handle security/access resolution on specific elements.
*/
protected function resolveElementInformationDuringFormLayoutRender(&$elementInformation)
{
if ($this->renderType == 'Edit') {
FormLayoutSecurityUtil::resolveElementForEditableRender($this->model, $elementInformation, Yii::app()->user->userModel);
} elseif ($this->renderType == 'Details') {
FormLayoutSecurityUtil::resolveElementForNonEditableRender($this->model, $elementInformation, Yii::app()->user->userModel);
} else {
throw new NotSupportedException();
}
}
protected function renderNonEditableElementsForRelationsByRelationsData($relationModelClassNames)
{
$content = null;
$formClassName = static::getRelatedItemFormClassName();
foreach ($relationModelClassNames as $relationModelClassName) {
$relatedItemForm = null;
//ASSUMES ONLY A SINGLE ATTACHED RELATEDITEM PER RELATION TYPE.
foreach ($this->getRelatedItemsFromModel() as $item) {
try {
$modelDerivationPathToItem = RuntimeUtil::getModelDerivationPathToItem($relationModelClassName);
$castedDownModel = $item->castDown(array($modelDerivationPathToItem));
$relatedItemForm = new $formClassName($castedDownModel);
break;
} catch (NotFoundException $e) {
//do nothing
}
}
if ($relatedItemForm != null) {
$canAccess = true;
$modelElementType = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity($relationModelClassName, Yii::app()->user->userModel, $canAccess);
if ($canAccess) {
$elementInformation = array('attributeName' => $relationModelClassName, 'type' => $modelElementType);
FormLayoutSecurityUtil::resolveElementForNonEditableRender($relatedItemForm, $elementInformation, Yii::app()->user->userModel);
if ($elementInformation['attributeName'] != null) {
$elementclassname = $elementInformation['type'] . 'Element';
$element = new $elementclassname($relatedItemForm, $elementInformation['attributeName'], $this->form, array_slice($elementInformation, 2));
assert('$element instanceof ModelElement');
$element->nonEditableTemplate = $this->getRelatedItemNonEditableTemplate();
$content .= $element->render();
}
}
}
}
return $content;
}
/**
* @depends testResolveElementForEditableRender
*/
public function testResolveElementForNonEditableRender()
{
$betty = User::getByUsername('betty');
$billy = User::getByUsername('billy');
$contactForBetty = ContactTestHelper::createContactByNameForOwner("betty's contact2", $betty);
$contactForBetty->account = AccountTestHelper::createAccountByNameForOwner('BillyCompany', $billy);
$this->assertTrue($contactForBetty->save());
$accountId = $contactForBetty->account->id;
$nullElementInformation = array('attributeName' => null, 'type' => 'Null');
//test non ModelElement, should pass through without modification.
$elementInformation = array('attributeName' => 'something', 'type' => 'Text');
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($elementInformation, $referenceElementInformation);
//test Acc ModelElement
//Betty will see a nullified Element because Betty cannot access read the related account
$elementInformation = array('attributeName' => 'account', 'type' => 'Account');
$noLinkElementInformation = array('attributeName' => 'account', 'type' => 'Account', 'noLink' => true);
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($nullElementInformation, $referenceElementInformation);
$this->assertEquals(Right::ALLOW, $betty->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS));
//Betty can see the account with a link, because she has been added for Permission::READ on the account.
//and she has access to the accounts tab.
$account = Account::getById($accountId);
$account->addPermissions($betty, Permission::READ);
$this->assertTrue($account->save());
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($elementInformation, $referenceElementInformation);
//Removing Betty's access to the accounts tab means she will see the element, but without a link
$betty->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS, Right::DENY);
$this->assertTrue($betty->save());
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($noLinkElementInformation, $referenceElementInformation);
//Testing UserElement
$elementInformation = array('attributeName' => 'owner', 'type' => 'User');
$noLinkElementInformation = array('attributeName' => 'owner', 'type' => 'User', 'noLink' => true);
//Super can see related user picker link without a problem.
$referenceElementInformation = $elementInformation;
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, User::getByUsername('super'));
$this->assertEquals($elementInformation, $referenceElementInformation);
//Betty can also see related user name, but not a link.
$referenceElementInformation = $elementInformation;
$this->assertEquals(Right::DENY, $betty->getEffectiveRight('UsersModule', UsersModule::RIGHT_ACCESS_USERS));
FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty);
$this->assertEquals($noLinkElementInformation, $referenceElementInformation);
}
/**
* Override to handle security/access resolution on specific elements.
*/
protected function resolveElementInformationDuringFormLayoutRender(&$elementInformation)
{
FormLayoutSecurityUtil::resolveElementForEditableRender($this->model, $elementInformation, Yii::app()->user->userModel);
}
