protected function clearAllCaches()
{
ForgetAllCacheUtil::forgetAllCaches();
PermissionsCache::forgetAll(true);
RightsCache::forgetAll(true);
Role::forgetRoleIdToRoleCache();
}
public static function forgetAllCaches()
{
RedBeanModelsCache::forgetAll();
RedBeansCache::forgetAll();
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
GeneralCache::forgetAll();
BeanModelCache::forgetAll();
Currency::resetCaches();
//php only cache
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
ZurmoDatabaseCompatibilityUtil::createActualPermissionsCacheTable();
ZurmoDatabaseCompatibilityUtil::createNamedSecurableActualPermissionsCacheTable();
ZurmoDatabaseCompatibilityUtil::createActualRightsCacheTable();
ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures();
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
Currency::resetCaches();
//php only cache
Permission::resetCaches();
//php only cache
self::$activitiesObserver = new ActivitiesObserver();
self::$activitiesObserver->init();
//runs init();
self::$conversationsObserver = new ConversationsObserver();
self::$conversationsObserver->init();
//runs init();
self::$emailMessagesObserver = new EmailMessagesObserver();
self::$emailMessagesObserver->init();
//runs init();
self::$contactLatestActivityDateTimeObserver = new ContactLatestActivityDateTimeObserver();
self::$contactLatestActivityDateTimeObserver->init();
//runs init();
self::$accountLatestActivityDateTimeObserver = new AccountLatestActivityDateTimeObserver();
self::$accountLatestActivityDateTimeObserver->init();
//runs init();
self::$accountContactAffiliationObserver = new AccountContactAffiliationObserver();
self::$accountContactAffiliationObserver->init();
//runs init();
Yii::app()->gameHelper;
Yii::app()->gamificationObserver;
//runs init();
Yii::app()->gameHelper->resetDeferredPointTypesAndValuesByUserIdToAdd();
Yii::app()->emailHelper->sendEmailThroughTransport = false;
Yii::app()->jobQueue->deleteAll();
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
ZurmoDatabaseCompatibilityUtil::createActualPermissionsCacheTable();
ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures();
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
Currency::resetCaches();
//php only cache
$activitiesObserver = new ActivitiesObserver();
$activitiesObserver->init();
//runs init();
$conversationsObserver = new ConversationsObserver();
$conversationsObserver->init();
//runs init();
Yii::app()->gameHelper;
Yii::app()->gamificationObserver;
//runs init();
Yii::app()->gameHelper->resetDeferredPointTypesAndValuesByUserIdToAdd();
Yii::app()->emailHelper->sendEmailThroughTransport = false;
}
protected function clearCaches()
{
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
}
protected function afterDelete()
{
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
}
protected function forgetPermissionsRightsAndPoliciesCache()
{
PermissionsCache::forgetAll();
Permission::resetCaches();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
}
/**
* Override to ensure the permissions cache is forgotten since if it is not, other users logged in will not
* get the effective changes until the cache is cleared across the application.
* (non-PHPdoc)
* @see ZurmoBaseController::actionAfterSuccessfulModelSave()
*/
protected function actionAfterSuccessfulModelSave($model, $modelToStringValue, $redirectUrlParams = null)
{
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
parent::actionAfterSuccessfulModelSave($model, $modelToStringValue, $redirectUrlParams);
}
public function getActualRight($moduleName, $rightName)
{
assert('is_string($moduleName)');
assert('is_string($rightName)');
assert('$moduleName != ""');
assert('$rightName != ""');
$identifier = $this->id . $moduleName . $rightName . 'ActualRight';
if (!SECURITY_OPTIMIZED) {
// The slow way will remain here as documentation
// for what the optimized way is doing.
try {
// not using default value to save cpu cycles on requests that follow the first exception.
return RightsCache::getEntry($identifier);
} catch (NotFoundException $e) {
if (Group::getByName(Group::SUPER_ADMINISTRATORS_GROUP_NAME)->contains($this)) {
$actualRight = Right::ALLOW;
} else {
$actualRight = parent::getActualRight($moduleName, $rightName);
}
RightsCache::cacheEntry($identifier, $actualRight);
}
} else {
try {
// not using default value to save cpu cycles on requests that follow the first exception.
return RightsCache::getEntry($identifier);
} catch (NotFoundException $e) {
// Optimizations work on the database,
// anything not saved will not work.
assert('$this->id > 0');
$actualRight = intval(ZurmoDatabaseCompatibilityUtil::callFunction("get_user_actual_right({$this->id}, '{$moduleName}', '{$rightName}')"));
RightsCache::cacheEntry($identifier, $actualRight);
}
}
return $actualRight;
}
public function testRightsPropagationViaRoles()
{
$parentRole = Role::getByName('Sales Manager');
$childRole = Role::getByName('Sales Person');
$childChildRole = Role::getByName('Junior Sales Person');
$userInParentRole = $parentRole->users[0];
$userInChildRole = $childRole->users[0];
$userInChildChildRole = $childChildRole->users[0];
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInChildRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInParentRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
$this->assertTrue($userInParentRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInParentRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInParentRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
$this->assertTrue($userInChildRole->save());
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInParentRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInParentRole->save());
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInParentRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInParentRole->save());
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInChildRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildRole->removeRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInChildRole->save());
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$userInChildChildRole->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API);
$this->assertTrue($userInChildChildRole->save());
$this->assertEquals(Right::ALLOW, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::ALLOW, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
Right::deleteAll();
//Clear the cache since the method above removeAll calls directly to the database.
RightsCache::forgetAll();
$userInParentRoleId = $userInParentRole->id;
$userInChildRoleId = $userInChildRole->id;
$userInChildChildRoleId = $userInChildChildRole->id;
RedBeanModel::forgetAll();
unset($userInParentRole);
unset($userInChildRole);
unset($userInChildChildRole);
$userInParentRole = User::getById($userInParentRoleId);
$userInChildRole = User::getById($userInChildRoleId);
$userInChildChildRole = User::getById($userInChildChildRoleId);
$this->assertEquals(Right::DENY, $userInParentRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
$this->assertEquals(Right::DENY, $userInChildChildRole->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API));
}
protected function afterSave()
{
parent::afterSave();
if ($this->rightsChanged) {
RightsCache::forgetAll();
$this->rightsChanged = false;
}
if ($this->policiesChanged) {
PoliciesCache::forgetAll();
$this->policiesChanged = false;
}
}
