/** * For now, this determines if there is a subclass of * ModelElement and makes the appropriate adjustments * based on the user's access to this element and its * related attributes. This is for the Editable render. * @return null. Modifies $elementInformation by reference. */ public static function resolveElementForEditableRender($model, &$elementInformation, $user) { assert('$model instanceof RedBeanModel || $model instanceof CModel'); assert('is_array($elementInformation)'); assert('$user instanceof User && $user->id > 0'); $elementclassname = $elementInformation['type'] . 'Element'; $attributeName = $elementInformation['attributeName']; if (is_subclass_of($elementclassname, 'ModelElement')) { $editableActionType = $elementclassname::getEditableActionType(); if (!ActionSecurityUtil::canUserPerformAction($editableActionType, $model->{$attributeName}, $user)) { $elementInformation['attributeName'] = null; $elementInformation['type'] = 'Null'; // Not Coding Standard //TODO: potentially throw misconfiguration exception if field is required //instead of just setting a null element. } elseif ($editableActionType == 'ModalList' && $model->{$attributeName} != null && $model->{$attributeName} instanceof RedBeanModel & $model->{$attributeName}->id > 0 && !ActionSecurityUtil::canUserPerformAction('Details', $model->{$attributeName}, $user)) { $elementInformation['attributeName'] = null; $elementInformation['type'] = 'Null'; // Not Coding Standard } } if (is_subclass_of($elementclassname, 'ModelsElement')) { $actionType = $elementclassname::getEditableActionType(); if ($actionType != null) { $actionSecurity = ActionSecurityFactory::createRightsOnlyActionSecurityFromActionType($actionType, $user); if (!$actionSecurity->canUserPerformAction()) { $elementInformation['attributeName'] = null; $elementInformation['type'] = 'Null'; // Not Coding Standard //TODO: potentially throw misconfiguration exception if field is required //instead of just setting a null element. } } } }
public function testCreateActionSecurityFromActionType() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $object = ActionSecurityFactory::createActionSecurityFromActionType('Delete', new Account(), $super); $this->assertTrue($object instanceof ActionSecurity); }
public function testCanCurrentUserPerformAction() { Yii::app()->user->userModel = User::getByUsername('billy'); $leadForBilly = LeadTestHelper::createLeadbyNameForOwner("billy's lead", User::getByUsername('billy')); $betty = User::getByUsername('betty'); Yii::app()->user->userModel = $betty; $leadForBetty = LeadTestHelper::createLeadbyNameForOwner("betty's lead", User::getByUsername('betty')); $betty->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS, Right::ALLOW); $saved = $betty->save(); $this->assertTrue($saved); //make sure betty doesnt have write on billy's lead $this->assertEquals(Permission::NONE, $leadForBilly->getEffectivePermissions($betty)); //make sure betty doesnt have convert lead right already $this->assertEquals(Right::DENY, $betty->getEffectiveRight('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS)); //test Betty has no right to convert leads $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBilly, $betty); $this->assertFalse($actionSecurity->canUserPerformAction()); //test Betty has right to convert leads but cant write the lead she doesn't own $betty->setRight('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS, Right::ALLOW); $this->assertTrue($betty->save()); $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBilly, $betty); $this->assertFalse($actionSecurity->canUserPerformAction()); //test Betty has right to convert and to write a lead she owns. $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBetty, $betty); $this->assertTrue($actionSecurity->canUserPerformAction()); }
public function testCreateRightsOnlyActionSecurityFromActionType() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $object = ActionSecurityFactory::createRightsOnlyActionSecurityFromActionType('ConversationItemsModalList', $super); $this->assertTrue($object instanceof RightsOnlyActionSecurity); }
/** * Check if user can perform an action. Action type examples: * Details, Edit, Delete. Action types are returned by actionElements * via getActionType method. If the model is not a securable model * then return true. If the model is a Permitable such as User this will * return true. This does not necessarily mean the current user is allowed through * the user interface to edit the $model (User). This must be controlled by * controller rights filters. * @param $actionType * @param $model * @param $user * @return bool true if user can perform action. */ public static function canUserPerformAction($actionType, $model, $user) { assert('$user instanceof User && $user->id > 0'); assert('$actionType == null || is_string($actionType)'); if (!$model instanceof SecurableItem) { return true; } if ($actionType == null) { return true; } $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType($actionType, $model, $user); return $actionSecurity->canUserPerformAction(); }
/** * @param ActionElement $element * @param array $elementInformation * @return bool */ protected function shouldRenderToolBarElement($element, $elementInformation) { assert('$element instanceof ActionElement'); assert('is_array($elementInformation)'); if (!parent::shouldRenderToolBarElement($element, $elementInformation)) { return false; } $actionType = $element->getActionType(); if ($actionType == null) { return true; } $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType($actionType, $this->makeModel(), Yii::app()->user->userModel); return $actionSecurity->canUserPerformAction(); }