/**
  * @param string $modelClassName
  * @param null | string $attributeIndexes
  * @param null | string $attributeIndexPrefix
  */
 public static function resolveAttributeIndexes($modelClassName, &$attributeIndexes, $attributeIndexPrefix = null)
 {
     assert('is_string($modelClassName)');
     assert('is_string($attributeIndexPrefix) || $attributeIndexPrefix == null');
     $moduleClassName = $modelClassName::getModuleClassName();
     if (is_subclass_of($modelClassName, 'SecurableItem') && $modelClassName::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule')) {
         $permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName);
         if ($permission == Permission::NONE || $permission == Permission::DENY) {
             $indexes = array();
             $indexes[] = 'owner__User';
             $mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser(Yii::app()->user->userModel);
             if (count($mungeIds) > 0 && $permission == Permission::NONE) {
                 $indexes[] = 'ReadOptimization';
             }
             $attributeIndexes[$attributeIndexPrefix] = $indexes;
         }
     }
 }
 /**
  * @param $requiredPermissions
  * @param OwnedSecurableItem $ownedSecurableItem
  * @param User $user
  * @return bool
  * @throws NotSupportedException
  * @throws AccessDeniedSecurityException
  */
 protected static function checkPermissionsHasRead($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user)
 {
     $modelClassName = get_class($ownedSecurableItem);
     $moduleClassName = $modelClassName::getModuleClassName();
     $permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName, $user);
     if ($permission == Permission::NONE) {
         $mungeIds = static::getMungeIdsByUser($user);
         if (count($mungeIds) > 0 && $permission == Permission::NONE) {
             $quote = DatabaseCompatibilityUtil::getQuote();
             $mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName);
             $sql = "select id from " . $mungeTableName . " where {$quote}securableitem_id{$quote} = " . $ownedSecurableItem->getClassId('SecurableItem') . " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "') limit 1";
             $id = ZurmoRedBean::getCol($sql);
             if (!empty($id)) {
                 return true;
             } else {
                 throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::NONE);
             }
         } else {
             throw new NotSupportedException();
         }
     } elseif ($permission == Permission::DENY) {
         throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::DENY);
     } else {
         return true;
     }
 }
 public function actionEditModulePermissions($id)
 {
     $group = Group::getById(intval($id));
     $title = Zurmo::t('ZurmoModule', 'Record Permissions');
     $breadCrumbLinks = array(strval($group) => array('group/' . static::resolveBreadCrumbActionByGroup($group), 'id' => $id), $title);
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $permissionsForm = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
     $postVariableName = get_class($permissionsForm);
     if (isset($_POST[$postVariableName])) {
         $this->clearCaches();
         $castedPostData = ModulePermissionsFormUtil::typeCastPostData($_POST[$postVariableName]);
         $readyToSetPostData = ModulePermissionsEditViewUtil::resolveWritePermissionsFromArray($castedPostData);
         if (ModulePermissionsFormUtil::setPermissionsFromCastedPost($readyToSetPostData, $group)) {
             Yii::app()->user->setFlash('notification', Zurmo::t('ZurmoModule', 'Record Permissions Saved Successfully.'));
             $action = $this->resolveActionToGoToAfterSave($group);
             $this->redirect(array($this->getId() . '/' . $action, 'id' => $group->id));
             Yii::app()->end(0, false);
         }
     }
     $permissionsData = GroupModulePermissionsDataToEditViewAdapater::resolveData($data);
     $metadata = ModulePermissionsEditViewUtil::resolveMetadataFromData($permissionsData, ModulePermissionsEditAndDetailsView::getMetadata());
     $titleBarAndEditView = new GroupActionBarAndSecurityEditView($this->getId(), $this->getModule()->getId(), $permissionsForm, $group, $this->getModule()->getPluralCamelCasedName(), $metadata, 'ModulePermissionsEditAndDetailsView', 'GroupModulePermissionsEditMenu');
     $view = new GroupsPageView(ZurmoDefaultAdminViewUtil::makeViewWithBreadcrumbsForCurrentUser($this, $titleBarAndEditView, $breadCrumbLinks, 'GroupBreadCrumbView'));
     echo $view->render();
 }
 /**
  * @param User $user
  * @param RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter
  * @param $where
  * @param $selectDistinct
  * @throws NotSupportedException
  */
 public static function resolveReadPermissionsOptimizationToSqlQuery(User $user, RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter, &$where, &$selectDistinct)
 {
     assert('$where == null || is_string($where)');
     assert('is_bool($selectDistinct)');
     $modelClassName = get_called_class();
     $moduleClassName = $modelClassName::getModuleClassName();
     //Currently only adds munge if the module is securable and this model supports it.
     if (static::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule')) {
         $permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName);
         if (($permission == Permission::NONE || $permission == Permission::DENY) && !static::bypassReadPermissionsOptimizationToSqlQueryBasedOnWhere($where)) {
             $quote = DatabaseCompatibilityUtil::getQuote();
             $modelAttributeToDataProviderAdapter = new OwnedSecurableItemIdToDataProviderAdapter($modelClassName, null);
             $builder = new ModelJoinBuilder($modelAttributeToDataProviderAdapter, $joinTablesAdapter);
             $ownedTableAliasName = $builder->resolveJoins();
             $ownerColumnName = static::getForeignKeyName('OwnedSecurableItem', 'owner');
             $mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser($user);
             if ($where != null) {
                 $where = '(' . $where . ') and ';
             }
             if (count($mungeIds) > 0 && $permission == Permission::NONE) {
                 $extraOnQueryPart = " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "')";
                 $mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName);
                 $mungeTableAliasName = $joinTablesAdapter->addLeftTableAndGetAliasName($mungeTableName, 'securableitem_id', $ownedTableAliasName, 'securableitem_id', $extraOnQueryPart);
                 $where .= "({$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id} OR ";
                 // Not Coding Standard
                 $where .= "{$quote}{$mungeTableName}{$quote}.{$quote}munge_id{$quote} IS NOT NULL)";
                 // Not Coding Standard
                 $selectDistinct = true;
                 //must use distinct since adding munge table query.
             } elseif ($permission == Permission::DENY) {
                 $where .= "{$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id}";
                 // Not Coding Standard
             } else {
                 throw new NotSupportedException();
             }
         }
     }
 }
 public function actionSecurityDetails($id)
 {
     UserAccessUtil::resolveCanCurrentUserAccessAction(intval($id));
     $user = User::getById(intval($id));
     UserAccessUtil::resolveCanCurrentUserAccessRootUser($user);
     UserAccessUtil::resolveAccessingASystemUser($user);
     $title = Zurmo::t('UsersModule', 'Security Overview');
     $breadCrumbLinks = array(strval($user) => array('default/details', 'id' => $id), $title);
     $modulePermissionsData = PermissionsUtil::getAllModulePermissionsDataByPermitable($user);
     $modulePermissionsForm = ModulePermissionsFormUtil::makeFormFromPermissionsData($modulePermissionsData);
     $viewReadyModulePermissionsData = GroupModulePermissionsDataToEditViewAdapater::resolveData($modulePermissionsData);
     $modulePermissionsViewMetadata = ModulePermissionsActualDetailsViewUtil::resolveMetadataFromData($viewReadyModulePermissionsData, ModulePermissionsEditAndDetailsView::getMetadata());
     $rightsData = RightsUtil::getAllModuleRightsDataByPermitable($user);
     $rightsForm = RightsFormUtil::makeFormFromRightsData($rightsData);
     $rightsViewMetadata = RightsEffectiveDetailsViewUtil::resolveMetadataFromData($rightsData, RightsEditAndDetailsView::getMetadata());
     $policiesData = PoliciesUtil::getAllModulePoliciesDataByPermitable($user);
     $policiesForm = PoliciesFormUtil::makeFormFromPoliciesData($policiesData);
     $policiesViewMetadata = PoliciesEffectiveDetailsViewUtil::resolveMetadataFromData($policiesData, PoliciesEditAndDetailsView::getMetadata());
     $groupMembershipAdapter = new UserGroupMembershipToViewAdapter($user);
     $groupMembershipViewData = $groupMembershipAdapter->getViewData();
     $securityDetailsView = new UserActionBarAndSecurityDetailsView($this->getId(), $this->getModule()->getId(), $user, $modulePermissionsForm, $rightsForm, $policiesForm, $modulePermissionsViewMetadata, $rightsViewMetadata, $policiesViewMetadata, $groupMembershipViewData);
     $view = new UsersPageView($this->resolveZurmoDefaultOrAdminView($securityDetailsView, $breadCrumbLinks, 'UserBreadCrumbView'));
     echo $view->render();
 }
 public function testSetModulePermissionsFormFromExplicitDenyDirectlyToExplicitAllowFromPost()
 {
     $group = Group::getByName('modulePermissionsGroup');
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
     $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
     $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
     //Now set the read permission to deny
     $fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::DENY));
     $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
     $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
     $this->assertTrue($saved);
     //Now the read should explicitly be deny
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
     $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::DENY, 'inherited' => null, 'actual' => Permission::DENY), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
     $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
     //Now set the read to explicit All, which skips removing the permission (prior to fixing the bug here:
     //https://www.pivotaltracker.com/story/show/54420494
     $fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::ALLOW));
     $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
     $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
     $this->assertTrue($saved);
     //Now the read should explicitly be deny
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
     $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
     $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
 }
 /**
  * @depends testStrongerIntegerNotSavingAsInteger
  */
 public function testRemovingGroupUserIsInAndRetrievingUserModulePermissions()
 {
     Yii::app()->user->userModel = User::getByUsername('super');
     $group = Group::getByName('RRRRRA');
     $item = NamedSecurableItem::getByName('AccountsModule');
     $item->addPermissions($group, Permission::READ, Permission::ALLOW);
     $item->addPermissions($group, Permission::WRITE, Permission::DENY);
     $item->addPermissions($group, Permission::WRITE, Permission::DENY);
     $item->save();
     $item = NamedSecurableItem::getByName('LeadsModule');
     $item->addPermissions($group, Permission::READ, Permission::ALLOW);
     $item->save();
     $group->forget();
     $item->forget();
     unset($item);
     unset($group);
     $group = Group::getByName('RRRRRA');
     $group->users->removeAll();
     $group->groups->removeAll();
     $group->save();
     $group->delete();
     $group->forget();
     unset($group);
     $user = User::getByUsername('arrry');
     $modulePermissionsData = PermissionsUtil::getAllModulePermissionsDataByPermitable($user);
     $user->forget();
     unset($user);
 }
 /**
  * @depends testSettingChangeOwnerChangePermissionFromPost
  */
 public function testModulePermissionsFormUtilSetRightsFromPost()
 {
     $group = Group::getByName('modulePermissionsGroup');
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
     $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContactsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => Permission::ALLOW, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'LeadsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'MeetingsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'NotesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'OpportunitiesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'TasksModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'UsersModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
     $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
     $this->assertEquals($compareData['ContactsModule'], $form->data['ContactsModule']);
     $this->assertEquals($compareData['LeadsModule'], $form->data['LeadsModule']);
     $this->assertEquals($compareData['OpportunitiesModule'], $form->data['OpportunitiesModule']);
     $this->assertEquals($compareData['TasksModule'], $data['TasksModule']);
     $this->assertEquals($compareData['NotesModule'], $data['NotesModule']);
     $this->assertEquals($compareData['MeetingsModule'], $data['MeetingsModule']);
     $this->assertEquals($compareData['UsersModule'], $form->data['UsersModule']);
     $fakePost = array('LeadsModule__' . Permission::READ => strval(Permission::ALLOW), 'LeadsModule__' . Permission::WRITE => strval(Permission::ALLOW), 'AccountsModule__' . Permission::READ => '', 'OpportunitiesModule__' . Permission::DELETE => strval(Permission::DENY));
     $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
     $readyToSetPostData = ModulePermissionsEditViewUtil::resolveWritePermissionsFromArray($validatedPost);
     $readyToSetPostDataCompare = array('LeadsModule__' . Permission::READ => strval(Permission::ALLOW), 'LeadsModule__' . Permission::CHANGE_OWNER => strval(Permission::ALLOW), 'LeadsModule__' . Permission::WRITE => strval(Permission::ALLOW), 'LeadsModule__' . Permission::CHANGE_PERMISSIONS => strval(Permission::ALLOW), 'AccountsModule__' . Permission::READ => '', 'OpportunitiesModule__' . Permission::DELETE => strval(Permission::DENY));
     $this->assertEquals($readyToSetPostDataCompare, $readyToSetPostData);
     $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($readyToSetPostData, $group);
     $this->assertTrue($saved);
     $group->forget();
     $group = Group::getByName('modulePermissionsGroup');
     $newItem = NamedSecurableItem::getByName('LeadsModule');
     $this->assertEquals(array(Permission::READ | Permission::WRITE | Permission::CHANGE_OWNER | Permission::CHANGE_PERMISSIONS, Permission::NONE), $newItem->getExplicitActualPermissions($group));
     $newItem->forget();
     $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'ContactsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => Permission::ALLOW, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'LeadsModule' => array(Permission::CHANGE_OWNER => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::CHANGE_PERMISSIONS => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW)), 'MeetingsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'NotesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'OpportunitiesModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => Permission::DENY, 'inherited' => null, 'actual' => Permission::DENY), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'TasksModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)), 'UsersModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $this->assertEquals($compareData['AccountsModule'], $data['AccountsModule']);
     $this->assertEquals($compareData['ContactsModule'], $data['ContactsModule']);
     $this->assertEquals($compareData['LeadsModule'], $data['LeadsModule']);
     $this->assertEquals($compareData['OpportunitiesModule'], $data['OpportunitiesModule']);
     $this->assertEquals($compareData['TasksModule'], $data['TasksModule']);
     $this->assertEquals($compareData['NotesModule'], $data['NotesModule']);
     $this->assertEquals($compareData['MeetingsModule'], $data['MeetingsModule']);
     $this->assertEquals($compareData['UsersModule'], $data['UsersModule']);
     $group->forget();
 }
 /**
  * Given a moduleClassName, what is the actual read permission?
  * Permission::DENY, Permission::ALLOW, or Permission::NONE?
  */
 public static function getActualPermissionDataForReadByModuleNameForUser($moduleClassName, User $user = null)
 {
     assert('is_string($moduleClassName)');
     if ($user == null) {
         $user = Yii::app()->user->userModel;
     }
     $item = NamedSecurableItem::getByName($moduleClassName);
     return PermissionsUtil::resolveActualPermission($item->getActualPermissions($user), Permission::READ);
 }