/**
* @param string $modelClassName
* @param null | string $attributeIndexes
* @param null | string $attributeIndexPrefix
*/
public static function resolveAttributeIndexes($modelClassName, &$attributeIndexes, $attributeIndexPrefix = null)
{
assert('is_string($modelClassName)');
assert('is_string($attributeIndexPrefix) || $attributeIndexPrefix == null');
$moduleClassName = $modelClassName::getModuleClassName();
if (is_subclass_of($modelClassName, 'SecurableItem') && $modelClassName::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule')) {
$permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName);
if ($permission == Permission::NONE || $permission == Permission::DENY) {
$indexes = array();
$indexes[] = 'owner__User';
$mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser(Yii::app()->user->userModel);
if (count($mungeIds) > 0 && $permission == Permission::NONE) {
$indexes[] = 'ReadOptimization';
}
$attributeIndexes[$attributeIndexPrefix] = $indexes;
}
}
}
/**
* @param $requiredPermissions
* @param OwnedSecurableItem $ownedSecurableItem
* @param User $user
* @return bool
* @throws NotSupportedException
* @throws AccessDeniedSecurityException
*/
protected static function checkPermissionsHasRead($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user)
{
$modelClassName = get_class($ownedSecurableItem);
$moduleClassName = $modelClassName::getModuleClassName();
$permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName, $user);
if ($permission == Permission::NONE) {
$mungeIds = static::getMungeIdsByUser($user);
if (count($mungeIds) > 0 && $permission == Permission::NONE) {
$quote = DatabaseCompatibilityUtil::getQuote();
$mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName);
$sql = "select id from " . $mungeTableName . " where {$quote}securableitem_id{$quote} = " . $ownedSecurableItem->getClassId('SecurableItem') . " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "') limit 1";
$id = ZurmoRedBean::getCol($sql);
if (!empty($id)) {
return true;
} else {
throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::NONE);
}
} else {
throw new NotSupportedException();
}
} elseif ($permission == Permission::DENY) {
throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::DENY);
} else {
return true;
}
}
public function actionEditModulePermissions($id)
{
$group = Group::getById(intval($id));
$title = Zurmo::t('ZurmoModule', 'Record Permissions');
$breadCrumbLinks = array(strval($group) => array('group/' . static::resolveBreadCrumbActionByGroup($group), 'id' => $id), $title);
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$permissionsForm = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
$postVariableName = get_class($permissionsForm);
if (isset($_POST[$postVariableName])) {
$this->clearCaches();
$castedPostData = ModulePermissionsFormUtil::typeCastPostData($_POST[$postVariableName]);
$readyToSetPostData = ModulePermissionsEditViewUtil::resolveWritePermissionsFromArray($castedPostData);
if (ModulePermissionsFormUtil::setPermissionsFromCastedPost($readyToSetPostData, $group)) {
Yii::app()->user->setFlash('notification', Zurmo::t('ZurmoModule', 'Record Permissions Saved Successfully.'));
$action = $this->resolveActionToGoToAfterSave($group);
$this->redirect(array($this->getId() . '/' . $action, 'id' => $group->id));
Yii::app()->end(0, false);
}
}
$permissionsData = GroupModulePermissionsDataToEditViewAdapater::resolveData($data);
$metadata = ModulePermissionsEditViewUtil::resolveMetadataFromData($permissionsData, ModulePermissionsEditAndDetailsView::getMetadata());
$titleBarAndEditView = new GroupActionBarAndSecurityEditView($this->getId(), $this->getModule()->getId(), $permissionsForm, $group, $this->getModule()->getPluralCamelCasedName(), $metadata, 'ModulePermissionsEditAndDetailsView', 'GroupModulePermissionsEditMenu');
$view = new GroupsPageView(ZurmoDefaultAdminViewUtil::makeViewWithBreadcrumbsForCurrentUser($this, $titleBarAndEditView, $breadCrumbLinks, 'GroupBreadCrumbView'));
echo $view->render();
}
/**
* @param User $user
* @param RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter
* @param $where
* @param $selectDistinct
* @throws NotSupportedException
*/
public static function resolveReadPermissionsOptimizationToSqlQuery(User $user, RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter, &$where, &$selectDistinct)
{
assert('$where == null || is_string($where)');
assert('is_bool($selectDistinct)');
$modelClassName = get_called_class();
$moduleClassName = $modelClassName::getModuleClassName();
//Currently only adds munge if the module is securable and this model supports it.
if (static::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule')) {
$permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName);
if (($permission == Permission::NONE || $permission == Permission::DENY) && !static::bypassReadPermissionsOptimizationToSqlQueryBasedOnWhere($where)) {
$quote = DatabaseCompatibilityUtil::getQuote();
$modelAttributeToDataProviderAdapter = new OwnedSecurableItemIdToDataProviderAdapter($modelClassName, null);
$builder = new ModelJoinBuilder($modelAttributeToDataProviderAdapter, $joinTablesAdapter);
$ownedTableAliasName = $builder->resolveJoins();
$ownerColumnName = static::getForeignKeyName('OwnedSecurableItem', 'owner');
$mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser($user);
if ($where != null) {
$where = '(' . $where . ') and ';
}
if (count($mungeIds) > 0 && $permission == Permission::NONE) {
$extraOnQueryPart = " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "')";
$mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName);
$mungeTableAliasName = $joinTablesAdapter->addLeftTableAndGetAliasName($mungeTableName, 'securableitem_id', $ownedTableAliasName, 'securableitem_id', $extraOnQueryPart);
$where .= "({$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id} OR ";
// Not Coding Standard
$where .= "{$quote}{$mungeTableName}{$quote}.{$quote}munge_id{$quote} IS NOT NULL)";
// Not Coding Standard
$selectDistinct = true;
//must use distinct since adding munge table query.
} elseif ($permission == Permission::DENY) {
$where .= "{$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id}";
// Not Coding Standard
} else {
throw new NotSupportedException();
}
}
}
}
public function actionSecurityDetails($id)
{
UserAccessUtil::resolveCanCurrentUserAccessAction(intval($id));
$user = User::getById(intval($id));
UserAccessUtil::resolveCanCurrentUserAccessRootUser($user);
UserAccessUtil::resolveAccessingASystemUser($user);
$title = Zurmo::t('UsersModule', 'Security Overview');
$breadCrumbLinks = array(strval($user) => array('default/details', 'id' => $id), $title);
$modulePermissionsData = PermissionsUtil::getAllModulePermissionsDataByPermitable($user);
$modulePermissionsForm = ModulePermissionsFormUtil::makeFormFromPermissionsData($modulePermissionsData);
$viewReadyModulePermissionsData = GroupModulePermissionsDataToEditViewAdapater::resolveData($modulePermissionsData);
$modulePermissionsViewMetadata = ModulePermissionsActualDetailsViewUtil::resolveMetadataFromData($viewReadyModulePermissionsData, ModulePermissionsEditAndDetailsView::getMetadata());
$rightsData = RightsUtil::getAllModuleRightsDataByPermitable($user);
$rightsForm = RightsFormUtil::makeFormFromRightsData($rightsData);
$rightsViewMetadata = RightsEffectiveDetailsViewUtil::resolveMetadataFromData($rightsData, RightsEditAndDetailsView::getMetadata());
$policiesData = PoliciesUtil::getAllModulePoliciesDataByPermitable($user);
$policiesForm = PoliciesFormUtil::makeFormFromPoliciesData($policiesData);
$policiesViewMetadata = PoliciesEffectiveDetailsViewUtil::resolveMetadataFromData($policiesData, PoliciesEditAndDetailsView::getMetadata());
$groupMembershipAdapter = new UserGroupMembershipToViewAdapter($user);
$groupMembershipViewData = $groupMembershipAdapter->getViewData();
$securityDetailsView = new UserActionBarAndSecurityDetailsView($this->getId(), $this->getModule()->getId(), $user, $modulePermissionsForm, $rightsForm, $policiesForm, $modulePermissionsViewMetadata, $rightsViewMetadata, $policiesViewMetadata, $groupMembershipViewData);
$view = new UsersPageView($this->resolveZurmoDefaultOrAdminView($securityDetailsView, $breadCrumbLinks, 'UserBreadCrumbView'));
echo $view->render();
}
public function testSetModulePermissionsFormFromExplicitDenyDirectlyToExplicitAllowFromPost()
{
$group = Group::getByName('modulePermissionsGroup');
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
$compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
$this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
//Now set the read permission to deny
$fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::DENY));
$validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
$saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
$this->assertTrue($saved);
//Now the read should explicitly be deny
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
$compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::DENY, 'inherited' => null, 'actual' => Permission::DENY), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
$this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
//Now set the read to explicit All, which skips removing the permission (prior to fixing the bug here:
//https://www.pivotaltracker.com/story/show/54420494
$fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::ALLOW));
$validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
$saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
$this->assertTrue($saved);
//Now the read should explicitly be deny
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
$compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
$this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
}
/**
* @depends testStrongerIntegerNotSavingAsInteger
*/
public function testRemovingGroupUserIsInAndRetrievingUserModulePermissions()
{
Yii::app()->user->userModel = User::getByUsername('super');
$group = Group::getByName('RRRRRA');
$item = NamedSecurableItem::getByName('AccountsModule');
$item->addPermissions($group, Permission::READ, Permission::ALLOW);
$item->addPermissions($group, Permission::WRITE, Permission::DENY);
$item->addPermissions($group, Permission::WRITE, Permission::DENY);
$item->save();
$item = NamedSecurableItem::getByName('LeadsModule');
$item->addPermissions($group, Permission::READ, Permission::ALLOW);
$item->save();
$group->forget();
$item->forget();
unset($item);
unset($group);
$group = Group::getByName('RRRRRA');
$group->users->removeAll();
$group->groups->removeAll();
$group->save();
$group->delete();
$group->forget();
unset($group);
$user = User::getByUsername('arrry');
$modulePermissionsData = PermissionsUtil::getAllModulePermissionsDataByPermitable($user);
$user->forget();
unset($user);
}
/**
* @depends testSettingChangeOwnerChangePermissionFromPost
*/
public function testModulePermissionsFormUtilSetRightsFromPost()
{
$group = Group::getByName('modulePermissionsGroup');
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
$compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContactsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => Permission::ALLOW, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'LeadsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'MeetingsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'NotesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'OpportunitiesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'TasksModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'UsersModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
$this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
$this->assertEquals($compareData['ContactsModule'], $form->data['ContactsModule']);
$this->assertEquals($compareData['LeadsModule'], $form->data['LeadsModule']);
$this->assertEquals($compareData['OpportunitiesModule'], $form->data['OpportunitiesModule']);
$this->assertEquals($compareData['TasksModule'], $data['TasksModule']);
$this->assertEquals($compareData['NotesModule'], $data['NotesModule']);
$this->assertEquals($compareData['MeetingsModule'], $data['MeetingsModule']);
$this->assertEquals($compareData['UsersModule'], $form->data['UsersModule']);
$fakePost = array('LeadsModule__' . Permission::READ => strval(Permission::ALLOW), 'LeadsModule__' . Permission::WRITE => strval(Permission::ALLOW), 'AccountsModule__' . Permission::READ => '', 'OpportunitiesModule__' . Permission::DELETE => strval(Permission::DENY));
$validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
$readyToSetPostData = ModulePermissionsEditViewUtil::resolveWritePermissionsFromArray($validatedPost);
$readyToSetPostDataCompare = array('LeadsModule__' . Permission::READ => strval(Permission::ALLOW), 'LeadsModule__' . Permission::CHANGE_OWNER => strval(Permission::ALLOW), 'LeadsModule__' . Permission::WRITE => strval(Permission::ALLOW), 'LeadsModule__' . Permission::CHANGE_PERMISSIONS => strval(Permission::ALLOW), 'AccountsModule__' . Permission::READ => '', 'OpportunitiesModule__' . Permission::DELETE => strval(Permission::DENY));
$this->assertEquals($readyToSetPostDataCompare, $readyToSetPostData);
$saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($readyToSetPostData, $group);
$this->assertTrue($saved);
$group->forget();
$group = Group::getByName('modulePermissionsGroup');
$newItem = NamedSecurableItem::getByName('LeadsModule');
$this->assertEquals(array(Permission::READ | Permission::WRITE | Permission::CHANGE_OWNER | Permission::CHANGE_PERMISSIONS, Permission::NONE), $newItem->getExplicitActualPermissions($group));
$newItem->forget();
$compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContactsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => Permission::ALLOW, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'LeadsModule' => array(Permission::CHANGE_OWNER => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::CHANGE_PERMISSIONS => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW)), 'MeetingsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'NotesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'OpportunitiesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => Permission::DENY, 'inherited' => null, 'actual' => Permission::DENY), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'TasksModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'UsersModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$this->assertEquals($compareData['AccountsModule'], $data['AccountsModule']);
$this->assertEquals($compareData['ContactsModule'], $data['ContactsModule']);
$this->assertEquals($compareData['LeadsModule'], $data['LeadsModule']);
$this->assertEquals($compareData['OpportunitiesModule'], $data['OpportunitiesModule']);
$this->assertEquals($compareData['TasksModule'], $data['TasksModule']);
$this->assertEquals($compareData['NotesModule'], $data['NotesModule']);
$this->assertEquals($compareData['MeetingsModule'], $data['MeetingsModule']);
$this->assertEquals($compareData['UsersModule'], $data['UsersModule']);
$group->forget();
}
/**
* Given a moduleClassName, what is the actual read permission?
* Permission::DENY, Permission::ALLOW, or Permission::NONE?
*/
public static function getActualPermissionDataForReadByModuleNameForUser($moduleClassName, User $user = null)
{
assert('is_string($moduleClassName)');
if ($user == null) {
$user = Yii::app()->user->userModel;
}
$item = NamedSecurableItem::getByName($moduleClassName);
return PermissionsUtil::resolveActualPermission($item->getActualPermissions($user), Permission::READ);
}
