protected function renderNonEditableElementsForRelationsByRelationsData($relationModelClassNames)
{
$content = null;
$formClassName = static::getRelatedItemFormClassName();
foreach ($relationModelClassNames as $relationModelClassName) {
$relatedItemForm = null;
//ASSUMES ONLY A SINGLE ATTACHED RELATEDITEM PER RELATION TYPE.
foreach ($this->getRelatedItemsFromModel() as $item) {
try {
$modelDerivationPathToItem = RuntimeUtil::getModelDerivationPathToItem($relationModelClassName);
$castedDownModel = $item->castDown(array($modelDerivationPathToItem));
$relatedItemForm = new $formClassName($castedDownModel);
break;
} catch (NotFoundException $e) {
//do nothing
}
}
if ($relatedItemForm != null) {
$canAccess = true;
$modelElementType = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity($relationModelClassName, Yii::app()->user->userModel, $canAccess);
if ($canAccess) {
$elementInformation = array('attributeName' => $relationModelClassName, 'type' => $modelElementType);
FormLayoutSecurityUtil::resolveElementForNonEditableRender($relatedItemForm, $elementInformation, Yii::app()->user->userModel);
if ($elementInformation['attributeName'] != null) {
$elementclassname = $elementInformation['type'] . 'Element';
$element = new $elementclassname($relatedItemForm, $elementInformation['attributeName'], $this->form, array_slice($elementInformation, 2));
assert('$element instanceof ModelElement');
$element->nonEditableTemplate = $this->getRelatedItemNonEditableTemplate();
$content .= $element->render();
}
}
}
}
return $content;
}
public function testresolveModelElementTypeByActionSecurity()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$bobby = User::getByUsername('bobby');
$this->assertEquals(Right::DENY, $bobby->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS));
$this->assertEquals(Right::DENY, $bobby->getEffectiveRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS));
$this->assertEquals(Right::DENY, $bobby->getEffectiveRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS));
//test Account model where user does not have access
$canAccess = true;
$elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Account', $bobby, $canAccess);
$this->assertFalse($canAccess);
$this->assertEquals('Account', $elementName);
$bobby->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
$this->assertTrue($bobby->save());
//test Account model where user has access
$canAccess = true;
$elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Account', $bobby, $canAccess);
$this->assertTrue($canAccess);
$this->assertEquals('Account', $elementName);
//test Contact model where has no access to either the leads or contacts module.
$canAccess = true;
$elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Contact', $bobby, $canAccess);
$this->assertFalse($canAccess);
$this->assertEquals('Contact', $elementName);
//test Contact model where user has access to only the leads module
$bobby->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
$this->assertTrue($bobby->save());
$canAccess = true;
$elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Contact', $bobby, $canAccess);
$this->assertTrue($canAccess);
$this->assertEquals('Lead', $elementName);
//test Contact model where user has access to only the contacts module
$bobby->removeRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
$bobby->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS);
$this->assertTrue($bobby->save());
$canAccess = true;
$elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Contact', $bobby, $canAccess);
$this->assertTrue($canAccess);
$this->assertEquals('Contact', $elementName);
//test Contact model where user has access to both the contacts and leads module.
$bobby->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS);
$this->assertTrue($bobby->save());
$canAccess = true;
$elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Contact', $bobby, $canAccess);
$this->assertTrue($canAccess);
$this->assertEquals('AllStatesContact', $elementName);
}
