/** * @param string $modelClassName * @param null | string $attributeIndexes * @param null | string $attributeIndexPrefix */ public static function resolveAttributeIndexes($modelClassName, &$attributeIndexes, $attributeIndexPrefix = null) { assert('is_string($modelClassName)'); assert('is_string($attributeIndexPrefix) || $attributeIndexPrefix == null'); $moduleClassName = $modelClassName::getModuleClassName(); if (is_subclass_of($modelClassName, 'SecurableItem') && $modelClassName::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule')) { $permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName); if ($permission == Permission::NONE || $permission == Permission::DENY) { $indexes = array(); $indexes[] = 'owner__User'; $mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser(Yii::app()->user->userModel); if (count($mungeIds) > 0 && $permission == Permission::NONE) { $indexes[] = 'ReadOptimization'; } $attributeIndexes[$attributeIndexPrefix] = $indexes; } } }
/** * @param $requiredPermissions * @param OwnedSecurableItem $ownedSecurableItem * @param User $user * @return bool * @throws NotSupportedException * @throws AccessDeniedSecurityException */ protected static function checkPermissionsHasRead($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user) { $modelClassName = get_class($ownedSecurableItem); $moduleClassName = $modelClassName::getModuleClassName(); $permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName, $user); if ($permission == Permission::NONE) { $mungeIds = static::getMungeIdsByUser($user); if (count($mungeIds) > 0 && $permission == Permission::NONE) { $quote = DatabaseCompatibilityUtil::getQuote(); $mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName); $sql = "select id from " . $mungeTableName . " where {$quote}securableitem_id{$quote} = " . $ownedSecurableItem->getClassId('SecurableItem') . " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "') limit 1"; $id = ZurmoRedBean::getCol($sql); if (!empty($id)) { return true; } else { throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::NONE); } } else { throw new NotSupportedException(); } } elseif ($permission == Permission::DENY) { throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::DENY); } else { return true; } }
public function actionEditModulePermissions($id) { $group = Group::getById(intval($id)); $title = Zurmo::t('ZurmoModule', 'Record Permissions'); $breadCrumbLinks = array(strval($group) => array('group/' . static::resolveBreadCrumbActionByGroup($group), 'id' => $id), $title); $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group); $permissionsForm = ModulePermissionsFormUtil::makeFormFromPermissionsData($data); $postVariableName = get_class($permissionsForm); if (isset($_POST[$postVariableName])) { $this->clearCaches(); $castedPostData = ModulePermissionsFormUtil::typeCastPostData($_POST[$postVariableName]); $readyToSetPostData = ModulePermissionsEditViewUtil::resolveWritePermissionsFromArray($castedPostData); if (ModulePermissionsFormUtil::setPermissionsFromCastedPost($readyToSetPostData, $group)) { Yii::app()->user->setFlash('notification', Zurmo::t('ZurmoModule', 'Record Permissions Saved Successfully.')); $action = $this->resolveActionToGoToAfterSave($group); $this->redirect(array($this->getId() . '/' . $action, 'id' => $group->id)); Yii::app()->end(0, false); } } $permissionsData = GroupModulePermissionsDataToEditViewAdapater::resolveData($data); $metadata = ModulePermissionsEditViewUtil::resolveMetadataFromData($permissionsData, ModulePermissionsEditAndDetailsView::getMetadata()); $titleBarAndEditView = new GroupActionBarAndSecurityEditView($this->getId(), $this->getModule()->getId(), $permissionsForm, $group, $this->getModule()->getPluralCamelCasedName(), $metadata, 'ModulePermissionsEditAndDetailsView', 'GroupModulePermissionsEditMenu'); $view = new GroupsPageView(ZurmoDefaultAdminViewUtil::makeViewWithBreadcrumbsForCurrentUser($this, $titleBarAndEditView, $breadCrumbLinks, 'GroupBreadCrumbView')); echo $view->render(); }
/** * @param User $user * @param RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter * @param $where * @param $selectDistinct * @throws NotSupportedException */ public static function resolveReadPermissionsOptimizationToSqlQuery(User $user, RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter, &$where, &$selectDistinct) { assert('$where == null || is_string($where)'); assert('is_bool($selectDistinct)'); $modelClassName = get_called_class(); $moduleClassName = $modelClassName::getModuleClassName(); //Currently only adds munge if the module is securable and this model supports it. if (static::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule')) { $permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName); if (($permission == Permission::NONE || $permission == Permission::DENY) && !static::bypassReadPermissionsOptimizationToSqlQueryBasedOnWhere($where)) { $quote = DatabaseCompatibilityUtil::getQuote(); $modelAttributeToDataProviderAdapter = new OwnedSecurableItemIdToDataProviderAdapter($modelClassName, null); $builder = new ModelJoinBuilder($modelAttributeToDataProviderAdapter, $joinTablesAdapter); $ownedTableAliasName = $builder->resolveJoins(); $ownerColumnName = static::getForeignKeyName('OwnedSecurableItem', 'owner'); $mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser($user); if ($where != null) { $where = '(' . $where . ') and '; } if (count($mungeIds) > 0 && $permission == Permission::NONE) { $extraOnQueryPart = " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "')"; $mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName); $mungeTableAliasName = $joinTablesAdapter->addLeftTableAndGetAliasName($mungeTableName, 'securableitem_id', $ownedTableAliasName, 'securableitem_id', $extraOnQueryPart); $where .= "({$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id} OR "; // Not Coding Standard $where .= "{$quote}{$mungeTableName}{$quote}.{$quote}munge_id{$quote} IS NOT NULL)"; // Not Coding Standard $selectDistinct = true; //must use distinct since adding munge table query. } elseif ($permission == Permission::DENY) { $where .= "{$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id}"; // Not Coding Standard } else { throw new NotSupportedException(); } } } }
public function actionSecurityDetails($id) { UserAccessUtil::resolveCanCurrentUserAccessAction(intval($id)); $user = User::getById(intval($id)); UserAccessUtil::resolveCanCurrentUserAccessRootUser($user); UserAccessUtil::resolveAccessingASystemUser($user); $title = Zurmo::t('UsersModule', 'Security Overview'); $breadCrumbLinks = array(strval($user) => array('default/details', 'id' => $id), $title); $modulePermissionsData = PermissionsUtil::getAllModulePermissionsDataByPermitable($user); $modulePermissionsForm = ModulePermissionsFormUtil::makeFormFromPermissionsData($modulePermissionsData); $viewReadyModulePermissionsData = GroupModulePermissionsDataToEditViewAdapater::resolveData($modulePermissionsData); $modulePermissionsViewMetadata = ModulePermissionsActualDetailsViewUtil::resolveMetadataFromData($viewReadyModulePermissionsData, ModulePermissionsEditAndDetailsView::getMetadata()); $rightsData = RightsUtil::getAllModuleRightsDataByPermitable($user); $rightsForm = RightsFormUtil::makeFormFromRightsData($rightsData); $rightsViewMetadata = RightsEffectiveDetailsViewUtil::resolveMetadataFromData($rightsData, RightsEditAndDetailsView::getMetadata()); $policiesData = PoliciesUtil::getAllModulePoliciesDataByPermitable($user); $policiesForm = PoliciesFormUtil::makeFormFromPoliciesData($policiesData); $policiesViewMetadata = PoliciesEffectiveDetailsViewUtil::resolveMetadataFromData($policiesData, PoliciesEditAndDetailsView::getMetadata()); $groupMembershipAdapter = new UserGroupMembershipToViewAdapter($user); $groupMembershipViewData = $groupMembershipAdapter->getViewData(); $securityDetailsView = new UserActionBarAndSecurityDetailsView($this->getId(), $this->getModule()->getId(), $user, $modulePermissionsForm, $rightsForm, $policiesForm, $modulePermissionsViewMetadata, $rightsViewMetadata, $policiesViewMetadata, $groupMembershipViewData); $view = new UsersPageView($this->resolveZurmoDefaultOrAdminView($securityDetailsView, $breadCrumbLinks, 'UserBreadCrumbView')); echo $view->render(); }
public function testSetModulePermissionsFormFromExplicitDenyDirectlyToExplicitAllowFromPost() { $group = Group::getByName('modulePermissionsGroup'); $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group); $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data); $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null))); $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']); //Now set the read permission to deny $fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::DENY)); $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost); $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group); $this->assertTrue($saved); //Now the read should explicitly be deny $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group); $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data); $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::DENY, 'inherited' => null, 'actual' => Permission::DENY), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null))); $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']); //Now set the read to explicit All, which skips removing the permission (prior to fixing the bug here: //https://www.pivotaltracker.com/story/show/54420494 $fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::ALLOW)); $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost); $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group); $this->assertTrue($saved); //Now the read should explicitly be deny $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group); $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data); $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null))); $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']); }
/** * @depends testStrongerIntegerNotSavingAsInteger */ public function testRemovingGroupUserIsInAndRetrievingUserModulePermissions() { Yii::app()->user->userModel = User::getByUsername('super'); $group = Group::getByName('RRRRRA'); $item = NamedSecurableItem::getByName('AccountsModule'); $item->addPermissions($group, Permission::READ, Permission::ALLOW); $item->addPermissions($group, Permission::WRITE, Permission::DENY); $item->addPermissions($group, Permission::WRITE, Permission::DENY); $item->save(); $item = NamedSecurableItem::getByName('LeadsModule'); $item->addPermissions($group, Permission::READ, Permission::ALLOW); $item->save(); $group->forget(); $item->forget(); unset($item); unset($group); $group = Group::getByName('RRRRRA'); $group->users->removeAll(); $group->groups->removeAll(); $group->save(); $group->delete(); $group->forget(); unset($group); $user = User::getByUsername('arrry'); $modulePermissionsData = PermissionsUtil::getAllModulePermissionsDataByPermitable($user); $user->forget(); unset($user); }
/** * @depends testSettingChangeOwnerChangePermissionFromPost */ public function testModulePermissionsFormUtilSetRightsFromPost() { $group = Group::getByName('modulePermissionsGroup'); $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group); $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data); $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContactsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => Permission::ALLOW, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'LeadsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'MeetingsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'NotesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'OpportunitiesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'TasksModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'UsersModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null))); $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']); $this->assertEquals($compareData['ContactsModule'], $form->data['ContactsModule']); $this->assertEquals($compareData['LeadsModule'], $form->data['LeadsModule']); $this->assertEquals($compareData['OpportunitiesModule'], $form->data['OpportunitiesModule']); $this->assertEquals($compareData['TasksModule'], $data['TasksModule']); $this->assertEquals($compareData['NotesModule'], $data['NotesModule']); $this->assertEquals($compareData['MeetingsModule'], $data['MeetingsModule']); $this->assertEquals($compareData['UsersModule'], $form->data['UsersModule']); $fakePost = array('LeadsModule__' . Permission::READ => strval(Permission::ALLOW), 'LeadsModule__' . Permission::WRITE => strval(Permission::ALLOW), 'AccountsModule__' . Permission::READ => '', 'OpportunitiesModule__' . Permission::DELETE => strval(Permission::DENY)); $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost); $readyToSetPostData = ModulePermissionsEditViewUtil::resolveWritePermissionsFromArray($validatedPost); $readyToSetPostDataCompare = array('LeadsModule__' . Permission::READ => strval(Permission::ALLOW), 'LeadsModule__' . Permission::CHANGE_OWNER => strval(Permission::ALLOW), 'LeadsModule__' . Permission::WRITE => strval(Permission::ALLOW), 'LeadsModule__' . Permission::CHANGE_PERMISSIONS => strval(Permission::ALLOW), 'AccountsModule__' . Permission::READ => '', 'OpportunitiesModule__' . Permission::DELETE => strval(Permission::DENY)); $this->assertEquals($readyToSetPostDataCompare, $readyToSetPostData); $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($readyToSetPostData, $group); $this->assertTrue($saved); $group->forget(); $group = Group::getByName('modulePermissionsGroup'); $newItem = NamedSecurableItem::getByName('LeadsModule'); $this->assertEquals(array(Permission::READ | Permission::WRITE | Permission::CHANGE_OWNER | Permission::CHANGE_PERMISSIONS, Permission::NONE), $newItem->getExplicitActualPermissions($group)); $newItem->forget(); $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContactsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => Permission::ALLOW, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'LeadsModule' => array(Permission::CHANGE_OWNER => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::CHANGE_PERMISSIONS => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW)), 'MeetingsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'NotesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'OpportunitiesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => Permission::DENY, 'inherited' => null, 'actual' => Permission::DENY), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'TasksModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'UsersModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null))); $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group); $this->assertEquals($compareData['AccountsModule'], $data['AccountsModule']); $this->assertEquals($compareData['ContactsModule'], $data['ContactsModule']); $this->assertEquals($compareData['LeadsModule'], $data['LeadsModule']); $this->assertEquals($compareData['OpportunitiesModule'], $data['OpportunitiesModule']); $this->assertEquals($compareData['TasksModule'], $data['TasksModule']); $this->assertEquals($compareData['NotesModule'], $data['NotesModule']); $this->assertEquals($compareData['MeetingsModule'], $data['MeetingsModule']); $this->assertEquals($compareData['UsersModule'], $data['UsersModule']); $group->forget(); }
/** * Given a moduleClassName, what is the actual read permission? * Permission::DENY, Permission::ALLOW, or Permission::NONE? */ public static function getActualPermissionDataForReadByModuleNameForUser($moduleClassName, User $user = null) { assert('is_string($moduleClassName)'); if ($user == null) { $user = Yii::app()->user->userModel; } $item = NamedSecurableItem::getByName($moduleClassName); return PermissionsUtil::resolveActualPermission($item->getActualPermissions($user), Permission::READ); }