public function testCachesPermissionsPerUserForThisInstance()
{
$userId = 99;
$user = new FakeUserSession();
$user->UserId = $userId;
$resource = new FakeBookableResource(1, 'whatever');
$resourceIdList = array(3, 1, 4);
$store = $this->getMock('IResourcePermissionStore');
$ps = new PermissionService($store, $userId);
$store->expects($this->once())->method('GetPermittedResources')->with($this->equalTo($userId))->will($this->returnValue($resourceIdList));
$canAccess1 = $ps->CanAccessResource($resource, $user);
$canAccess2 = $ps->CanAccessResource($resource, $user);
$this->assertTrue($canAccess1);
$this->assertTrue($canAccess2);
}
public static function Verification($permission_name, $crud = __CanRead__)
{
session_start();
$account_name = $_SESSION['login'];
if (!is_null($account_name)) {
$account = AccountService::GetByName($account_name, true);
if (!is_null($account)) {
$roles = UserRoleService::GetByUserId($account->account_id);
$permission = PermissionService::GetByName($permission_name);
$res = false;
for ($i = 0; $i < count($roles); $i++) {
$rps = RolePermissionService::GetByRoleIdPermissionId($roles[$i]->role_id, $permission->permission_id);
foreach ($rps as $value) {
$rr = PermissionHelper::setPermissionFlag(__CanCreate__, $value->cancreate) | PermissionHelper::setPermissionFlag(__CanRead__, $value->canread) | PermissionHelper::setPermissionFlag(__CanUpdate__, $value->canupdate) | PermissionHelper::setPermissionFlag(__CanRemove__, $value->canremove);
if (($rr & $crud) == $crud) {
$res = true;
}
}
}
}
} else {
header('Location: /account/permission');
}
if (!$res) {
header('Location: /account/permission');
}
}
/**
* set permissions for this user's posts
*/
public function updatePostPermissions()
{
$set = $this->owner->PostPermission;
$source = $this->postPermissionSource();
switch ($set) {
case 'Hidden':
$this->permissionService->removePermissions($source, 'View', $this->getGroupFor(self::FOLLOWERS));
$this->permissionService->removePermissions($source, 'View', $this->getGroupFor(self::FRIENDS));
$source->InheritPerms = false;
$source->PublicAccess = false;
break;
case 'Friends only':
$source->InheritPerms = false;
$source->PublicAccess = false;
$this->permissionService->removePermissions($source, 'View', $this->getGroupFor(self::FOLLOWERS));
$this->permissionService->grant($source, 'View', $this->getGroupFor(self::FRIENDS));
break;
case 'Friends and followers':
$source->InheritPerms = false;
$source->PublicAccess = false;
$this->permissionService->grant($source, 'View', $this->getGroupFor(self::FOLLOWERS));
$this->permissionService->grant($source, 'View', $this->getGroupFor(self::FRIENDS));
break;
case 'Logged In':
$source->InheritPerms = false;
$source->PublicAccess = false;
$this->permissionService->grant($source, 'View', $this->getGroupFor(self::FOLLOWERS));
$this->permissionService->grant($source, 'View', $this->getGroupFor(self::FRIENDS));
break;
case 'Public':
$source->PublicAccess = true;
break;
}
$source->write();
}
/**
* Gives access to this micropost, based on information in the $to array
*
* @param array $to
* The people/groups this post is being sent to. This is an array of
* - logged_in: boolean (logged in users; uses a system config setting to determine which group represents 'logged in'
* - members: an array, or comma separated string, of member IDs
* - groups: an array, or comma separated string, of group IDs
*/
public function giveAccessTo($to)
{
if ($to) {
$grantTo = array();
if (isset($to['logged_in']) && $to['logged_in']) {
// find the 'logged in' group, and grant to that.
$groups = null;
if (class_exists('Multisites')) {
$groups = Multisites::inst()->getCurrentSite()->LoggedInGroups()->toArray();
} else {
$groups = SiteConfig::current_site_config()->LoggedInGroups()->toArray();
}
if ($groups) {
$grantTo = array_merge($grantTo, $groups);
}
}
// todo evaluate security implication of posting to arbitrary members...
// do we need to check 'friends' status here?
if (isset($to['members']) && count($to['members'])) {
if (!is_array($to['members'])) {
$to['members'] = explode(',', $to['members']);
}
foreach ($to['members'] as $memberId) {
$id = (int) $memberId;
$toMember = Member::get()->byID($id);
if ($toMember) {
$grantTo[] = $toMember;
}
}
}
if (isset($to['groups']) && count($to['groups'])) {
if (!is_array($to['groups'])) {
$to['groups'] = explode(',', $to['groups']);
}
foreach ($to['groups'] as $groupId) {
$groupId = (int) $groupId;
$group = Group::get()->byID($groupId);
if ($group) {
$grantTo[] = $group;
}
}
}
if (count($grantTo)) {
foreach ($grantTo as $grantee) {
$this->permissionService->grant($this, 'View', $grantee);
}
}
// what about to the public?
if (isset($to['public'])) {
$this->PublicAccess = true;
$this->write();
}
}
}
