public function testCreateActionSecurityFromActionType() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $object = ActionSecurityFactory::createActionSecurityFromActionType('Delete', new Account(), $super); $this->assertTrue($object instanceof ActionSecurity); }
public function testCanCurrentUserPerformAction() { Yii::app()->user->userModel = User::getByUsername('billy'); $leadForBilly = LeadTestHelper::createLeadbyNameForOwner("billy's lead", User::getByUsername('billy')); $betty = User::getByUsername('betty'); Yii::app()->user->userModel = $betty; $leadForBetty = LeadTestHelper::createLeadbyNameForOwner("betty's lead", User::getByUsername('betty')); $betty->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS, Right::ALLOW); $saved = $betty->save(); $this->assertTrue($saved); //make sure betty doesnt have write on billy's lead $this->assertEquals(Permission::NONE, $leadForBilly->getEffectivePermissions($betty)); //make sure betty doesnt have convert lead right already $this->assertEquals(Right::DENY, $betty->getEffectiveRight('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS)); //test Betty has no right to convert leads $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBilly, $betty); $this->assertFalse($actionSecurity->canUserPerformAction()); //test Betty has right to convert leads but cant write the lead she doesn't own $betty->setRight('LeadsModule', LeadsModule::RIGHT_CONVERT_LEADS, Right::ALLOW); $this->assertTrue($betty->save()); $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBilly, $betty); $this->assertFalse($actionSecurity->canUserPerformAction()); //test Betty has right to convert and to write a lead she owns. $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType('ConvertLead', $leadForBetty, $betty); $this->assertTrue($actionSecurity->canUserPerformAction()); }
/** * Check if user can perform an action. Action type examples: * Details, Edit, Delete. Action types are returned by actionElements * via getActionType method. If the model is not a securable model * then return true. If the model is a Permitable such as User this will * return true. This does not necessarily mean the current user is allowed through * the user interface to edit the $model (User). This must be controlled by * controller rights filters. * @param $actionType * @param $model * @param $user * @return bool true if user can perform action. */ public static function canUserPerformAction($actionType, $model, $user) { assert('$user instanceof User && $user->id > 0'); assert('$actionType == null || is_string($actionType)'); if (!$model instanceof SecurableItem) { return true; } if ($actionType == null) { return true; } $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType($actionType, $model, $user); return $actionSecurity->canUserPerformAction(); }
/** * @param ActionElement $element * @param array $elementInformation * @return bool */ protected function shouldRenderToolBarElement($element, $elementInformation) { assert('$element instanceof ActionElement'); assert('is_array($elementInformation)'); if (!parent::shouldRenderToolBarElement($element, $elementInformation)) { return false; } $actionType = $element->getActionType(); if ($actionType == null) { return true; } $actionSecurity = ActionSecurityFactory::createActionSecurityFromActionType($actionType, $this->makeModel(), Yii::app()->user->userModel); return $actionSecurity->canUserPerformAction(); }