protected static function makeModelClassNamesAndSearchAttributeData($partialTerm, User $user, $scopeData)
{
assert('is_string($partialTerm)');
assert('$user->id > 0');
assert('$scopeData == null || is_array($scopeData)');
$modelClassNamesAndSearchAttributeData = array();
$modelNamesAndLabels = WorkflownQueuesSearchForm::getInQueueSearchableModelNamesAndLabels();
foreach ($modelNamesAndLabels as $modelClassName => $notUsed) {
$moduleClassName = $modelClassName::getModuleClassName();
$module = Yii::app()->findModule($moduleClassName::getDirectoryName());
$globalSearchFormClassName = $moduleClassName::getGlobalSearchFormClassName();
if ($globalSearchFormClassName != null && RightsUtil::canUserAccessModule(get_class($module), $user) && ($scopeData == null || in_array($modelClassName, $scopeData))) {
$searchAttributes = MixedTermSearchUtil::getGlobalSearchAttributeByModuleAndPartialTerm($module, $partialTerm);
if (!empty($searchAttributes)) {
$model = new $modelClassName(false);
assert('$model instanceof RedBeanModel');
$searchForm = new $globalSearchFormClassName($model);
assert('$searchForm instanceof SearchForm');
$metadataAdapter = new SearchDataProviderMetadataAdapter($searchForm, $user->id, $searchAttributes);
$metadata = $metadataAdapter->getAdaptedMetadata(false);
$modelClassNamesAndSearchAttributeData[$globalSearchFormClassName] = array($modelClassName => $metadata);
}
}
}
return $modelClassNamesAndSearchAttributeData;
}
/**
* Validates if current user has rights to push dashboard to users
* @return bool
*/
public static function canCurrentUserPushDashboardOrLayout()
{
if (RightsUtil::doesUserHaveAllowByRightName('ZurmoModule', ZurmoModule::RIGHT_PUSH_DASHBOARD_OR_LAYOUT, Yii::app()->user->userModel)) {
return true;
}
return false;
}
/**
* @return string content
* @param EmailMessage object $emailMessage
* @param User object $user
*/
public static function renderEmailMessageToMatchContent(EmailMessage $emailMessage, $user)
{
$userCanAccessContacts = RightsUtil::canUserAccessModule('ContactsModule', $user);
$userCanAccessLeads = RightsUtil::canUserAccessModule('LeadsModule', $user);
$userCanCreateContact = RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getCreateRight(), $user);
$userCanCreateLead = RightsUtil::doesUserHaveAllowByRightName('LeadsModule', LeadsModule::getCreateRight(), $user);
if ($userCanAccessLeads && $userCanAccessContacts) {
$selectForm = new AnyContactSelectForm();
} elseif (!$userCanAccessLeads && $userCanAccessContacts) {
$selectForm = new ContactSelectForm();
} else {
$selectForm = new LeadSelectForm();
}
if ($userCanCreateContact && $userCanCreateLead) {
$gridSize = 3;
} elseif ($userCanCreateContact || $userCanCreateLead) {
$gridSize = 2;
} else {
$gridSize = 1;
}
$contact = new Contact();
self::resolveEmailAddressAndNameToContact($emailMessage, $contact);
$view = new ArchivedEmailMatchingView('default', 'emailMessages', $emailMessage, $contact, $selectForm, $userCanAccessLeads, $userCanAccessContacts, $userCanCreateContact, $userCanCreateLead, $gridSize);
return $view->render();
}
protected function renderContent()
{
$content = $this->renderTitleContent();
$content .= '<ul class="configuration-list">';
$modules = Module::getModuleObjects();
$moduleClassNamesAndLabels = array();
foreach ($modules as $module) {
$moduleTreeMenuItems = $module->getDesignerMenuItems();
if ($module->isEnabled() && !empty($moduleTreeMenuItems)) {
$moduleClassNamesAndLabels[get_class($module)] = $module::getModuleLabelByTypeAndLanguage('Plural');
}
}
asort($moduleClassNamesAndLabels);
foreach ($moduleClassNamesAndLabels as $moduleClassName => $label) {
if (RightsUtil::canUserAccessModule($moduleClassName, Yii::app()->user->userModel)) {
$route = $this->moduleId . '/' . $this->controllerId . '/modulesMenu/';
$content .= ZurmoHtml::openTag('li');
$content .= '<h4>' . $label . '</h4>';
$content .= ZurmoHtml::link(ZurmoHtml::wrapLabel(Zurmo::t('Core', 'Configure')), Yii::app()->createUrl($route, array('moduleClassName' => $moduleClassName)), array('class' => 'white-button'));
$content .= ZurmoHtml::closeTag('li');
}
}
$content .= '</ul>';
return $content;
}
/**
* Based on the current user, return the importRules types and their display labels. Only include import rules
* that the user has a right to access its corresponding module.
* @return array of import rules types and display labels.
*/
public static function getImportRulesTypesForCurrentUser()
{
//todo: cache results to improve performance if needed.
$importRulesTypes = array();
$modules = Module::getModuleObjects();
foreach ($modules as $module) {
$rulesClassNames = $module::getAllClassNamesByPathFolder('rules');
foreach ($rulesClassNames as $ruleClassName) {
$classToEvaluate = new ReflectionClass($ruleClassName);
if (is_subclass_of($ruleClassName, 'ImportRules') && !$classToEvaluate->isAbstract()) {
$moduleClassNames = $ruleClassName::getModuleClassNames();
$addToArray = true;
foreach ($moduleClassNames as $moduleClassNameToCheckAccess) {
if (!RightsUtil::canUserAccessModule($moduleClassNameToCheckAccess, Yii::app()->user->userModel) || !RightsUtil::doesUserHaveAllowByRightName($moduleClassNameToCheckAccess, $moduleClassNameToCheckAccess::getCreateRight(), Yii::app()->user->userModel)) {
$addToArray = false;
}
}
if ($addToArray) {
$importRulesTypes[$ruleClassName::getType()] = $ruleClassName::getDisplayLabel();
}
}
}
}
return $importRulesTypes;
}
public function testResolvePortletsForCurrentUser()
{
$betty = User::getByUsername('betty');
$this->assertFalse(RightsUtil::canUserAccessModule('AccountsModule', $betty));
$this->assertFalse(RightsUtil::canUserAccessModule('ContactsModule', $betty));
$this->assertFalse(RightsUtil::canUserAccessModule('TasksModule', $betty));
Yii::app()->user->userModel = $betty;
$portlet1 = new Portlet();
$portlet1->viewType = 'AccountsRelatedList';
$portlet2 = new Portlet();
$portlet2->viewType = 'ContactsRelatedList';
$portlet3 = new Portlet();
$portlet3->viewType = 'TasksMyList';
$portlets = array();
$portlets[0][0] = $portlet1;
$portlets[0][1] = $portlet2;
$portlets[0][2] = $portlet3;
$portlets[1][0] = $portlet3;
$portlets[1][1] = $portlet1;
$portlets[1][2] = $portlet3;
$this->assertEquals(2, count($portlets));
$resolvedPortlets = PortletsSecurityUtil::resolvePortletsForCurrentUser($portlets);
$comparePortlets = array();
$comparePortlets[0][0] = $portlet3;
$comparePortlets[1][0] = $portlet3;
$comparePortlets[1][1] = $portlet3;
$this->assertEquals(0, count($resolvedPortlets));
Yii::app()->user->userModel = User::getByUsername('super');
$resolvedPortlets = PortletsSecurityUtil::resolvePortletsForCurrentUser($portlets);
$this->assertEquals($portlets, $resolvedPortlets);
}
/**
* @return array of all module rights data
*/
public static function getAllModuleRightsDataByPermitable(Permitable $permitable)
{
$data = array();
$modules = Module::getModuleObjects();
foreach ($modules as $module) {
if ($module instanceof SecurableModule) {
$moduleClassName = get_class($module);
$rights = $moduleClassName::getRightsNames();
$rightLabels = $moduleClassName::getTranslatedRightsLabels();
$reflectionClass = new ReflectionClass($moduleClassName);
if (!empty($rights)) {
$rightsData = array();
foreach ($rights as $right) {
if (!isset($rightLabels[$right])) {
throw new NotSupportedException($right);
}
$explicit = $permitable->getExplicitActualRight($moduleClassName, $right);
$inherited = $permitable->getInheritedActualRight($moduleClassName, $right);
$effective = $permitable->getEffectiveRight($moduleClassName, $right);
$constants = $reflectionClass->getConstants();
$constantId = array_search($right, $constants);
$rightsData[$constantId] = array('displayName' => $rightLabels[$right], 'explicit' => RightsUtil::getRightStringFromRight($explicit), 'inherited' => RightsUtil::getRightStringFromRight($inherited), 'effective' => RightsUtil::getRightStringFromRight($effective));
}
$data[$moduleClassName] = ArrayUtil::subValueSort($rightsData, 'displayName', 'asort');
}
}
}
return $data;
}
/**
* In order for a user to have access to an accountContactAffiliation portlet, the user must have access rights
* to the Accounts and Contacts module as well as rights to the AccountContactAffiliations module.
* @param User $user
* @return bool
*/
public function canUserAccessPortlet(User $user)
{
if (RightsUtil::canUserAccessModule('AccountsModule', $user) && RightsUtil::canUserAccessModule('ContactsModule', $user)) {
return true;
}
return false;
}
/**
* @return string
*/
protected function getDefaultRoute()
{
if (RightsUtil::doesUserHaveAllowByRightName('ContactWebFormsModule', ContactWebFormsModule::getCreateRight(), Yii::app()->user->userModel)) {
return Yii::app()->createUrl('contactWebForms/default/create/');
}
return null;
}
/**
* Override so it only render if to recipient is a Contact
* and the user has the right to access Email Templates
* @return string
*/
protected function renderControlEditable()
{
if ($this->shouldUseTemplate() && RightsUtil::canUserAccessModule('EmailTemplatesModule', Yii::app()->user->userModel)) {
return parent::renderControlEditable();
}
return null;
}
/**
* @param string $modelClassName
* @param User $user
* @param $canAccess
* @return string
*/
public static function resolveModelElementTypeByActionSecurity($modelClassName, $user, &$canAccess)
{
assert('is_string($modelClassName)');
assert('$user instanceof User && $user->id > 0');
if ($modelClassName == 'Contact') {
$canAccessContacts = RightsUtil::canUserAccessModule('ContactsModule', $user);
$canAccessLeads = RightsUtil::canUserAccessModule('LeadsModule', $user);
if ($canAccessContacts && $canAccessLeads) {
return 'AllStatesContact';
} elseif (!$canAccessContacts && $canAccessLeads) {
return 'Lead';
} elseif ($canAccessContacts && !$canAccessLeads) {
return 'Contact';
} else {
$canAccess = false;
return 'Contact';
}
} else {
$moduleClassName = $modelClassName::getModuleClassName();
if (!RightsUtil::canUserAccessModule($moduleClassName, $user)) {
$canAccess = false;
}
return $modelClassName;
}
}
/**
* @param User $user
* @return bool
*/
public static function canUserAccessModuleInAVariableState(User $user)
{
assert('$user->id > 0');
if (RightsUtil::canUserAccessModule('ContactsModule', $user) || RightsUtil::canUserAccessModule('LeadsModule', $user)) {
return true;
}
return false;
}
/**
* @return string
*/
public function render()
{
if (RightsUtil::canUserAccessModule('ProductTemplatesModule', Yii::app()->user->userModel)) {
return ZurmoHtml::link($this->resolveLabelAndWrap(), $this->route, $this->getHtmlOptions());
} else {
return '';
}
}
protected function preFilter($filterChain)
{
if (RightsUtil::doesUserHaveAllowByRightName($this->moduleClassName, $this->rightName, Yii::app()->user->userModel)) {
return true;
}
static::processAccessFailure();
Yii::app()->end(0, false);
}
protected function getMenuItems()
{
$items = array();
if (RightsUtil::doesUserHaveAllowByRightName('CampaignsModule', CampaignsModule::getCreateRight(), Yii::app()->user->userModel)) {
$items[] = array('label' => Zurmo::t('CampaignsModule', 'Create Campaign'), 'url' => Yii::app()->createUrl('campaigns/default/create'));
return $items;
}
return null;
}
public function getMenuItems()
{
$items = array();
if (RightsUtil::doesUserHaveAllowByRightName('WorkflowsModule', WorkflowsModule::getCreateRight(), Yii::app()->user->userModel)) {
$items[] = array('label' => Zurmo::t('WorkflowsModule', 'Create Workflow'), 'url' => Yii::app()->createUrl('workflows/default/create'));
return $items;
}
return null;
}
/**
* Override to handle special cases for the user status attribute.
* @see DetailsView::resolveElementInformationDuringFormLayoutRender()
*/
protected function resolveElementInformationDuringFormLayoutRender(&$elementInformation)
{
if ($elementInformation['type'] == 'DerivedUserStatus' && !UserStatusUtil::canUserEditStatusOnAnotherUser(Yii::app()->user->userModel, $this->model)) {
$elementInformation['type'] = 'ReadOnlyDerivedUserStatus';
}
if ($elementInformation['attributeName'] == 'role' && !RightsUtil::canUserAccessModule('RolesModule', Yii::app()->user->userModel)) {
$elementInformation['type'] = 'ReadOnlyModel';
}
}
public function getMenuItems()
{
$items = array();
if (RightsUtil::doesUserHaveAllowByRightName('EmailTemplatesModule', EmailTemplatesModule::getCreateRight(), Yii::app()->user->userModel)) {
$items[] = array('label' => Zurmo::t('EmailTemplatesModule', 'Create Template'), 'url' => Yii::app()->createUrl('emailTemplates/default/create', array('type' => EmailTemplate::TYPE_WORKFLOW)));
return $items;
}
return null;
}
/**
* @param string $moduleClassName
* @return bool
*/
public static function canCurrentUserCanAccessModule($moduleClassName)
{
assert('is_string($moduleClassName)');
if ($moduleClassName::getStateMetadataAdapterClassName() != null) {
$workflowRules = WorkflowRules::makeByModuleClassName($moduleClassName);
return $workflowRules->canUserAccessModuleInAVariableState(Yii::app()->user->userModel);
} else {
return RightsUtil::canUserAccessModule($moduleClassName, Yii::app()->user->userModel);
}
}
protected static function resolveAndRenderPostingAndContinueLinksContent(GameNotification $notification, $index)
{
if (!RightsUtil::canUserAccessModule('SocialItemsModule', Yii::app()->user->userModel)) {
return ZurmoHtml::link(Zurmo::t('Core', 'Continue'), '#', array('class' => 'close-ModalGameNotification default-btn', 'onclick' => '$("#ModalGameNotification' . $index . '").dialog("close"); return false;'));
} else {
$content = ZurmoHtml::link(Zurmo::t('Core', 'Skip'), '#', array('class' => 'close-ModalGameNotification simple-link', 'onclick' => '$("#ModalGameNotification' . $index . '").dialog("close"); return false;'));
$content .= static::renderPostToProfileLinkContent($notification, $index);
return $content;
}
}
protected static function resolveRelatedItemIdsByModelAndUser(Item $model, &$relatedItemIds, User $user)
{
assert('is_array($relatedItemIds)');
if (RightsUtil::canUserAccessModule($model::getModuleClassName(), $user)) {
$itemId = $model->getClassId('Item');
if (!in_array($itemId, $relatedItemIds)) {
$relatedItemIds[] = $itemId;
}
}
}
/**
* @param int $userId
*/
public static function resolveCanCurrentUserAccessAction($userId)
{
if (Yii::app()->user->userModel->id == $userId || RightsUtil::canUserAccessModule('SendGridModule', Yii::app()->user->userModel)) {
return;
}
$messageView = new AccessFailureView();
$view = new AccessFailurePageView($messageView);
echo $view->render();
Yii::app()->end(0, false);
}
public function testCanUserAccessModule()
{
$user = User::getByUsername('billy');
$this->assertTrue(RightsUtil::canUserAccessModule('HomeModule', $user));
$this->assertFalse(RightsUtil::canUserAccessModule('AccountsModule', $user));
$user->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$saved = $user->save();
$this->assertTrue($saved);
$this->assertTrue(RightsUtil::canUserAccessModule('AccountsModule', $user));
}
/**
* Checks if the user has permission to add portlet from modal
* @param Object $portletRules
* @return bool
*/
public static function doesCurrentUserHavePermissionToAddPortlet($portletRules)
{
$user = Yii::app()->user->userModel;
$viewClassName = $portletRules->getType() . 'View';
$moduleClassName = $viewClassName::getModuleClassName();
if ($portletRules->canUserAccessPortlet($user) && RightsUtil::canUserAccessModule($moduleClassName, $user)) {
return true;
}
return false;
}
protected function preFilter($filterChain)
{
if (!RightsUtil::canUserAccessModule('MarketingListsModule', Yii::app()->user->userModel)) {
$messageView = new UserIsMissingMarketingListAccessSplashView();
$pageViewClassName = $this->controller->getModule()->getPluralCamelCasedName() . 'PageView';
$view = new $pageViewClassName(ZurmoDefaultAdminViewUtil::makeStandardViewForCurrentUser($this->controller, $messageView));
echo $view->render();
return false;
}
return true;
}
protected function renderContent()
{
$url = $this->getCreateMeetingUrl();
$content = ZurmoHtml::openTag('div', array('class' => $this->getIconName()));
$content .= $this->getMessageContent();
if (RightsUtil::doesUserHaveAllowByRightName('MeetingsModule', MeetingsModule::getCreateRight(), Yii::app()->user->userModel)) {
$content .= ZurmoHtml::link(ZurmoHtml::wrapLabel($this->getCreateLinkDisplayLabel()), $url, array('class' => 'z-button green-button'));
}
$content .= ZurmoHtml::closeTag('div');
return $content;
}
/**
* @return null or string containing create link
*/
public function getMenuItems()
{
$items = array();
if (RightsUtil::doesUserHaveAllowByRightName('ProductTemplatesModule', ProductTemplatesModule::getCreateRight(), Yii::app()->user->userModel)) {
$items[] = array('label' => Zurmo::t('ProductTemplatesModule', 'Create Category'), 'url' => Yii::app()->createUrl('productTemplates/category/create'));
}
if (!empty($items)) {
return $items;
}
return null;
}
protected function getMenuItems()
{
$items = array();
if (RightsUtil::doesUserHaveAllowByRightName('ProductsModule', ProductsModule::getCreateRight(), Yii::app()->user->userModel)) {
$items[] = array('label' => Zurmo::t('ProductsModule', 'Create ProductsModuleSingularLabel', LabelUtil::getTranslationParamsForAllModules()), 'url' => Yii::app()->createUrl('products/default/create'));
}
if (!empty($items)) {
return $items;
}
return null;
}
/**
* Runs through relations and makes sure the user can access at least one relation. If at least one is
* accessible, true is returned.
*/
public function canUserPerformAction()
{
$metadata = Activity::getMetadata();
foreach ($metadata['Activity']['activityItemsModelClassNames'] as $modelClassName) {
if (is_subclass_of($modelClassName, 'Item') && $modelClassName::getModuleClassName() != null) {
if (RightsUtil::canUserAccessModule($modelClassName::getModuleClassName(), $this->user)) {
}
return true;
}
}
return false;
}
public function render()
{
if (!RightsUtil::canUserAccessModule('SocialItemsModule', Yii::app()->user->userModel)) {
return parent::render();
}
$postToProfileContent = ZurmoHtml::tag('span', array(), Zurmo::t('ZurmoModule', 'Post to Profile'));
$postToProfileContent .= static::renderHelpSpan();
$postToProfileContent .= ZurmoHtml::checkBox('postToProfile', false);
$content = parent::render();
$content .= ZurmoHtml::tag('div', array('class' => 'post-to-profile clearfix'), $postToProfileContent);
return $content;
}