public function testCreateActionSecurityFromActionType()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$object = ActionSecurityFactory::createActionSecurityFromActionType('Delete', new Account(), $super);
$this->assertTrue($object instanceof ActionSecurity);
}
public function testCanCurrentUserPerformAction()
{
Yii::app()->user->userModel = User::getByUsername('billy');
$leadForBilly = LeadTestHelper::createLeadbyNameForOwner("billy's lead", User::getByUsername('billy'));
$betty = User::getByUsername('betty');
Yii::app()->user->userModel = $betty;
$leadForBetty = LeadTestHelper::createLeadbyNameForOwner("betty's lead", User::getByUsername('betty'));
$betty->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS, Right::ALLOW);
$saved = $betty->save();
$this->assertTrue($saved);
//make sure betty doesnt have write on billy's lead
$this->assertEquals(Permission::NONE, $leadForBilly->getEffectivePermissions($betty));
//make sure betty doesnt have convert lead right already
$this->assertEquals(Right::DENY, $betty->getEffectiveRight('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS));
//test Betty has no right to convert leads
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBilly, $betty);
$this->assertFalse($actionSecurity->canUserPerformAction());
//test Betty has right to convert leads but cant write the lead she doesn't own
$betty->setRight('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS, Right::ALLOW);
$this->assertTrue($betty->save());
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBilly, $betty);
$this->assertFalse($actionSecurity->canUserPerformAction());
//test Betty has right to convert and to write a lead she owns.
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBetty, $betty);
$this->assertTrue($actionSecurity->canUserPerformAction());
}
/**
* Check if user can perform an action. Action type examples:
* Details, Edit, Delete. Action types are returned by actionElements
* via getActionType method. If the model is not a securable model
* then return true. If the model is a Permitable such as User this will
* return true. This does not necessarily mean the current user is allowed through
* the user interface to edit the $model (User). This must be controlled by
* controller rights filters.
* @param $actionType
* @param $model
* @param $user
* @return bool true if user can perform action.
*/
public static function canUserPerformAction($actionType, $model, $user)
{
assert('$user instanceof User && $user->id > 0');
assert('$actionType == null || is_string($actionType)');
if (!$model instanceof SecurableItem) {
return true;
}
if ($actionType == null) {
return true;
}
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType($actionType, $model, $user);
return $actionSecurity->canUserPerformAction();
}
/**
* @param ActionElement $element
* @param array $elementInformation
* @return bool
*/
protected function shouldRenderToolBarElement($element, $elementInformation)
{
assert('$element instanceof ActionElement');
assert('is_array($elementInformation)');
if (!parent::shouldRenderToolBarElement($element, $elementInformation)) {
return false;
}
$actionType = $element->getActionType();
if ($actionType == null) {
return true;
}
$actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType($actionType, $this->makeModel(), Yii::app()->user->userModel);
return $actionSecurity->canUserPerformAction();
}
