public function actionEditModulePermissions($id)
{
$group = Group::getById(intval($id));
$title = Zurmo::t('ZurmoModule', 'Record Permissions');
$breadCrumbLinks = array(strval($group) => array('group/' . static::resolveBreadCrumbActionByGroup($group), 'id' => $id), $title);
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$permissionsForm = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
$postVariableName = get_class($permissionsForm);
if (isset($_POST[$postVariableName])) {
$this->clearCaches();
$castedPostData = ModulePermissionsFormUtil::typeCastPostData($_POST[$postVariableName]);
$readyToSetPostData = ModulePermissionsEditViewUtil::resolveWritePermissionsFromArray($castedPostData);
if (ModulePermissionsFormUtil::setPermissionsFromCastedPost($readyToSetPostData, $group)) {
Yii::app()->user->setFlash('notification', Zurmo::t('ZurmoModule', 'Record Permissions Saved Successfully.'));
$action = $this->resolveActionToGoToAfterSave($group);
$this->redirect(array($this->getId() . '/' . $action, 'id' => $group->id));
Yii::app()->end(0, false);
}
}
$permissionsData = GroupModulePermissionsDataToEditViewAdapater::resolveData($data);
$metadata = ModulePermissionsEditViewUtil::resolveMetadataFromData($permissionsData, ModulePermissionsEditAndDetailsView::getMetadata());
$titleBarAndEditView = new GroupActionBarAndSecurityEditView($this->getId(), $this->getModule()->getId(), $permissionsForm, $group, $this->getModule()->getPluralCamelCasedName(), $metadata, 'ModulePermissionsEditAndDetailsView', 'GroupModulePermissionsEditMenu');
$view = new GroupsPageView(ZurmoDefaultAdminViewUtil::makeViewWithBreadcrumbsForCurrentUser($this, $titleBarAndEditView, $breadCrumbLinks, 'GroupBreadCrumbView'));
echo $view->render();
}
public function actionSecurityDetails($id)
{
UserAccessUtil::resolveCanCurrentUserAccessAction(intval($id));
$user = User::getById(intval($id));
UserAccessUtil::resolveCanCurrentUserAccessRootUser($user);
UserAccessUtil::resolveAccessingASystemUser($user);
$title = Zurmo::t('UsersModule', 'Security Overview');
$breadCrumbLinks = array(strval($user) => array('default/details', 'id' => $id), $title);
$modulePermissionsData = PermissionsUtil::getAllModulePermissionsDataByPermitable($user);
$modulePermissionsForm = ModulePermissionsFormUtil::makeFormFromPermissionsData($modulePermissionsData);
$viewReadyModulePermissionsData = GroupModulePermissionsDataToEditViewAdapater::resolveData($modulePermissionsData);
$modulePermissionsViewMetadata = ModulePermissionsActualDetailsViewUtil::resolveMetadataFromData($viewReadyModulePermissionsData, ModulePermissionsEditAndDetailsView::getMetadata());
$rightsData = RightsUtil::getAllModuleRightsDataByPermitable($user);
$rightsForm = RightsFormUtil::makeFormFromRightsData($rightsData);
$rightsViewMetadata = RightsEffectiveDetailsViewUtil::resolveMetadataFromData($rightsData, RightsEditAndDetailsView::getMetadata());
$policiesData = PoliciesUtil::getAllModulePoliciesDataByPermitable($user);
$policiesForm = PoliciesFormUtil::makeFormFromPoliciesData($policiesData);
$policiesViewMetadata = PoliciesEffectiveDetailsViewUtil::resolveMetadataFromData($policiesData, PoliciesEditAndDetailsView::getMetadata());
$groupMembershipAdapter = new UserGroupMembershipToViewAdapter($user);
$groupMembershipViewData = $groupMembershipAdapter->getViewData();
$securityDetailsView = new UserActionBarAndSecurityDetailsView($this->getId(), $this->getModule()->getId(), $user, $modulePermissionsForm, $rightsForm, $policiesForm, $modulePermissionsViewMetadata, $rightsViewMetadata, $policiesViewMetadata, $groupMembershipViewData);
$view = new UsersPageView($this->resolveZurmoDefaultOrAdminView($securityDetailsView, $breadCrumbLinks, 'UserBreadCrumbView'));
echo $view->render();
}
/**
* Should not throw an exception AccessDeniedSecurityException
*/
public function testARegularUserWhoCanAccessGroupsCanProperlyModifyModulePermission()
{
$nobody = UserTestHelper::createBasicUser('nobody');
$nobody->setRight('GroupsModule', GroupsModule::RIGHT_ACCESS_GROUPS);
$nobody->setRight('GroupsModule', GroupsModule::RIGHT_CREATE_GROUPS);
$nobody->setRight('GroupsModule', GroupsModule::RIGHT_DELETE_GROUPS);
$this->assertTrue($nobody->save());
Yii::app()->user->userModel = $nobody;
$group = new Group();
$group->name = 'newGroup2';
$saved = $group->save();
$this->assertTrue($saved);
$group->forget();
$newItem = NamedSecurableItem::getByName('SomeModule');
$this->assertEquals(array(Permission::NONE, Permission::NONE), $newItem->getExplicitActualPermissions($group));
$newItem->forget();
$fakePost = array('SomeModule__' . Permission::CHANGE_PERMISSIONS => strval(Permission::ALLOW), 'SomeModule__' . Permission::CHANGE_OWNER => strval(Permission::ALLOW));
$validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
$saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
$this->assertTrue($saved);
//Success, an exception was not thrown. AccessDeniedSecurityException
}
public function testSetModulePermissionsFormFromExplicitDenyDirectlyToExplicitAllowFromPost()
{
$group = Group::getByName('modulePermissionsGroup');
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
$compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
$this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
//Now set the read permission to deny
$fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::DENY));
$validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
$saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
$this->assertTrue($saved);
//Now the read should explicitly be deny
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
$compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::DENY, 'inherited' => null, 'actual' => Permission::DENY), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
$this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
//Now set the read to explicit All, which skips removing the permission (prior to fixing the bug here:
//https://www.pivotaltracker.com/story/show/54420494
$fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::ALLOW));
$validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
$saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
$this->assertTrue($saved);
//Now the read should explicitly be deny
$data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
$form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
$compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
$this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
}
public function testGroupChangeOrDeleteScenario5()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$job = new ReadPermissionSubscriptionUpdateForAccountJob();
$jobBasedOnBuildTable = new ReadPermissionSubscriptionUpdateForAccountFromBuildTableJob();
$johnny = self::$johnny;
$this->deleteAllModelsAndRecordsFromReadPermissionTable('Account');
$account = AccountTestHelper::createAccountByNameForOwner('Fifth Account', $super);
Yii::app()->jobQueue->deleteAll();
sleep(1);
$group = new Group();
$group->name = 'Group5';
$this->assertTrue($group->save());
$group->users->add($johnny);
$this->assertTrue($group->save());
Yii::app()->jobQueue->deleteAll();
$fakePost = array('AccountsModule__' . Permission::CHANGE_PERMISSIONS => strval(Permission::ALLOW));
$validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
$saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
$this->assertTrue($saved);
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
}
