Esempio n. 1
0
 protected static function makeModelClassNamesAndSearchAttributeData($partialTerm, User $user, $scopeData)
 {
     assert('is_string($partialTerm)');
     assert('$user->id > 0');
     assert('$scopeData == null || is_array($scopeData)');
     $modelClassNamesAndSearchAttributeData = array();
     $modelNamesAndLabels = WorkflownQueuesSearchForm::getInQueueSearchableModelNamesAndLabels();
     foreach ($modelNamesAndLabels as $modelClassName => $notUsed) {
         $moduleClassName = $modelClassName::getModuleClassName();
         $module = Yii::app()->findModule($moduleClassName::getDirectoryName());
         $globalSearchFormClassName = $moduleClassName::getGlobalSearchFormClassName();
         if ($globalSearchFormClassName != null && RightsUtil::canUserAccessModule(get_class($module), $user) && ($scopeData == null || in_array($modelClassName, $scopeData))) {
             $searchAttributes = MixedTermSearchUtil::getGlobalSearchAttributeByModuleAndPartialTerm($module, $partialTerm);
             if (!empty($searchAttributes)) {
                 $model = new $modelClassName(false);
                 assert('$model instanceof RedBeanModel');
                 $searchForm = new $globalSearchFormClassName($model);
                 assert('$searchForm instanceof SearchForm');
                 $metadataAdapter = new SearchDataProviderMetadataAdapter($searchForm, $user->id, $searchAttributes);
                 $metadata = $metadataAdapter->getAdaptedMetadata(false);
                 $modelClassNamesAndSearchAttributeData[$globalSearchFormClassName] = array($modelClassName => $metadata);
             }
         }
     }
     return $modelClassNamesAndSearchAttributeData;
 }
Esempio n. 2
0
 /**
  * Validates if current user has rights to push dashboard to users
  * @return bool
  */
 public static function canCurrentUserPushDashboardOrLayout()
 {
     if (RightsUtil::doesUserHaveAllowByRightName('ZurmoModule', ZurmoModule::RIGHT_PUSH_DASHBOARD_OR_LAYOUT, Yii::app()->user->userModel)) {
         return true;
     }
     return false;
 }
Esempio n. 3
0
 /**
  * @return string content
  * @param EmailMessage object $emailMessage
  * @param User object $user
  */
 public static function renderEmailMessageToMatchContent(EmailMessage $emailMessage, $user)
 {
     $userCanAccessContacts = RightsUtil::canUserAccessModule('ContactsModule', $user);
     $userCanAccessLeads = RightsUtil::canUserAccessModule('LeadsModule', $user);
     $userCanCreateContact = RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getCreateRight(), $user);
     $userCanCreateLead = RightsUtil::doesUserHaveAllowByRightName('LeadsModule', LeadsModule::getCreateRight(), $user);
     if ($userCanAccessLeads && $userCanAccessContacts) {
         $selectForm = new AnyContactSelectForm();
     } elseif (!$userCanAccessLeads && $userCanAccessContacts) {
         $selectForm = new ContactSelectForm();
     } else {
         $selectForm = new LeadSelectForm();
     }
     if ($userCanCreateContact && $userCanCreateLead) {
         $gridSize = 3;
     } elseif ($userCanCreateContact || $userCanCreateLead) {
         $gridSize = 2;
     } else {
         $gridSize = 1;
     }
     $contact = new Contact();
     self::resolveEmailAddressAndNameToContact($emailMessage, $contact);
     $view = new ArchivedEmailMatchingView('default', 'emailMessages', $emailMessage, $contact, $selectForm, $userCanAccessLeads, $userCanAccessContacts, $userCanCreateContact, $userCanCreateLead, $gridSize);
     return $view->render();
 }
Esempio n. 4
0
 protected function renderContent()
 {
     $content = $this->renderTitleContent();
     $content .= '<ul class="configuration-list">';
     $modules = Module::getModuleObjects();
     $moduleClassNamesAndLabels = array();
     foreach ($modules as $module) {
         $moduleTreeMenuItems = $module->getDesignerMenuItems();
         if ($module->isEnabled() && !empty($moduleTreeMenuItems)) {
             $moduleClassNamesAndLabels[get_class($module)] = $module::getModuleLabelByTypeAndLanguage('Plural');
         }
     }
     asort($moduleClassNamesAndLabels);
     foreach ($moduleClassNamesAndLabels as $moduleClassName => $label) {
         if (RightsUtil::canUserAccessModule($moduleClassName, Yii::app()->user->userModel)) {
             $route = $this->moduleId . '/' . $this->controllerId . '/modulesMenu/';
             $content .= ZurmoHtml::openTag('li');
             $content .= '<h4>' . $label . '</h4>';
             $content .= ZurmoHtml::link(ZurmoHtml::wrapLabel(Zurmo::t('Core', 'Configure')), Yii::app()->createUrl($route, array('moduleClassName' => $moduleClassName)), array('class' => 'white-button'));
             $content .= ZurmoHtml::closeTag('li');
         }
     }
     $content .= '</ul>';
     return $content;
 }
Esempio n. 5
0
 /**
  * Based on the current user, return the importRules types and their display labels.  Only include import rules
  * that the user has a right to access its corresponding module.
  * @return array of import rules types and display labels.
  */
 public static function getImportRulesTypesForCurrentUser()
 {
     //todo: cache results to improve performance if needed.
     $importRulesTypes = array();
     $modules = Module::getModuleObjects();
     foreach ($modules as $module) {
         $rulesClassNames = $module::getAllClassNamesByPathFolder('rules');
         foreach ($rulesClassNames as $ruleClassName) {
             $classToEvaluate = new ReflectionClass($ruleClassName);
             if (is_subclass_of($ruleClassName, 'ImportRules') && !$classToEvaluate->isAbstract()) {
                 $moduleClassNames = $ruleClassName::getModuleClassNames();
                 $addToArray = true;
                 foreach ($moduleClassNames as $moduleClassNameToCheckAccess) {
                     if (!RightsUtil::canUserAccessModule($moduleClassNameToCheckAccess, Yii::app()->user->userModel) || !RightsUtil::doesUserHaveAllowByRightName($moduleClassNameToCheckAccess, $moduleClassNameToCheckAccess::getCreateRight(), Yii::app()->user->userModel)) {
                         $addToArray = false;
                     }
                 }
                 if ($addToArray) {
                     $importRulesTypes[$ruleClassName::getType()] = $ruleClassName::getDisplayLabel();
                 }
             }
         }
     }
     return $importRulesTypes;
 }
Esempio n. 6
0
 public function testResolvePortletsForCurrentUser()
 {
     $betty = User::getByUsername('betty');
     $this->assertFalse(RightsUtil::canUserAccessModule('AccountsModule', $betty));
     $this->assertFalse(RightsUtil::canUserAccessModule('ContactsModule', $betty));
     $this->assertFalse(RightsUtil::canUserAccessModule('TasksModule', $betty));
     Yii::app()->user->userModel = $betty;
     $portlet1 = new Portlet();
     $portlet1->viewType = 'AccountsRelatedList';
     $portlet2 = new Portlet();
     $portlet2->viewType = 'ContactsRelatedList';
     $portlet3 = new Portlet();
     $portlet3->viewType = 'TasksMyList';
     $portlets = array();
     $portlets[0][0] = $portlet1;
     $portlets[0][1] = $portlet2;
     $portlets[0][2] = $portlet3;
     $portlets[1][0] = $portlet3;
     $portlets[1][1] = $portlet1;
     $portlets[1][2] = $portlet3;
     $this->assertEquals(2, count($portlets));
     $resolvedPortlets = PortletsSecurityUtil::resolvePortletsForCurrentUser($portlets);
     $comparePortlets = array();
     $comparePortlets[0][0] = $portlet3;
     $comparePortlets[1][0] = $portlet3;
     $comparePortlets[1][1] = $portlet3;
     $this->assertEquals(0, count($resolvedPortlets));
     Yii::app()->user->userModel = User::getByUsername('super');
     $resolvedPortlets = PortletsSecurityUtil::resolvePortletsForCurrentUser($portlets);
     $this->assertEquals($portlets, $resolvedPortlets);
 }
Esempio n. 7
0
 /**
  * @return array of all module rights data
  */
 public static function getAllModuleRightsDataByPermitable(Permitable $permitable)
 {
     $data = array();
     $modules = Module::getModuleObjects();
     foreach ($modules as $module) {
         if ($module instanceof SecurableModule) {
             $moduleClassName = get_class($module);
             $rights = $moduleClassName::getRightsNames();
             $rightLabels = $moduleClassName::getTranslatedRightsLabels();
             $reflectionClass = new ReflectionClass($moduleClassName);
             if (!empty($rights)) {
                 $rightsData = array();
                 foreach ($rights as $right) {
                     if (!isset($rightLabels[$right])) {
                         throw new NotSupportedException($right);
                     }
                     $explicit = $permitable->getExplicitActualRight($moduleClassName, $right);
                     $inherited = $permitable->getInheritedActualRight($moduleClassName, $right);
                     $effective = $permitable->getEffectiveRight($moduleClassName, $right);
                     $constants = $reflectionClass->getConstants();
                     $constantId = array_search($right, $constants);
                     $rightsData[$constantId] = array('displayName' => $rightLabels[$right], 'explicit' => RightsUtil::getRightStringFromRight($explicit), 'inherited' => RightsUtil::getRightStringFromRight($inherited), 'effective' => RightsUtil::getRightStringFromRight($effective));
                 }
                 $data[$moduleClassName] = ArrayUtil::subValueSort($rightsData, 'displayName', 'asort');
             }
         }
     }
     return $data;
 }
Esempio n. 8
0
 /**
  * In order for a user to have access to an accountContactAffiliation portlet, the user must have access rights
  * to the Accounts and Contacts module as well as rights to the AccountContactAffiliations module.
  * @param User $user
  * @return bool
  */
 public function canUserAccessPortlet(User $user)
 {
     if (RightsUtil::canUserAccessModule('AccountsModule', $user) && RightsUtil::canUserAccessModule('ContactsModule', $user)) {
         return true;
     }
     return false;
 }
Esempio n. 9
0
 /**
  * @return string
  */
 protected function getDefaultRoute()
 {
     if (RightsUtil::doesUserHaveAllowByRightName('ContactWebFormsModule', ContactWebFormsModule::getCreateRight(), Yii::app()->user->userModel)) {
         return Yii::app()->createUrl('contactWebForms/default/create/');
     }
     return null;
 }
Esempio n. 10
0
 /**
  * Override so it only render if to recipient is a Contact
  * and the user has the right to access Email Templates
  * @return string
  */
 protected function renderControlEditable()
 {
     if ($this->shouldUseTemplate() && RightsUtil::canUserAccessModule('EmailTemplatesModule', Yii::app()->user->userModel)) {
         return parent::renderControlEditable();
     }
     return null;
 }
Esempio n. 11
0
 /**
  * @param string $modelClassName
  * @param User $user
  * @param $canAccess
  * @return string
  */
 public static function resolveModelElementTypeByActionSecurity($modelClassName, $user, &$canAccess)
 {
     assert('is_string($modelClassName)');
     assert('$user instanceof User && $user->id > 0');
     if ($modelClassName == 'Contact') {
         $canAccessContacts = RightsUtil::canUserAccessModule('ContactsModule', $user);
         $canAccessLeads = RightsUtil::canUserAccessModule('LeadsModule', $user);
         if ($canAccessContacts && $canAccessLeads) {
             return 'AllStatesContact';
         } elseif (!$canAccessContacts && $canAccessLeads) {
             return 'Lead';
         } elseif ($canAccessContacts && !$canAccessLeads) {
             return 'Contact';
         } else {
             $canAccess = false;
             return 'Contact';
         }
     } else {
         $moduleClassName = $modelClassName::getModuleClassName();
         if (!RightsUtil::canUserAccessModule($moduleClassName, $user)) {
             $canAccess = false;
         }
         return $modelClassName;
     }
 }
Esempio n. 12
0
 /**
  * @param User $user
  * @return bool
  */
 public static function canUserAccessModuleInAVariableState(User $user)
 {
     assert('$user->id > 0');
     if (RightsUtil::canUserAccessModule('ContactsModule', $user) || RightsUtil::canUserAccessModule('LeadsModule', $user)) {
         return true;
     }
     return false;
 }
Esempio n. 13
0
 /**
  * @return string
  */
 public function render()
 {
     if (RightsUtil::canUserAccessModule('ProductTemplatesModule', Yii::app()->user->userModel)) {
         return ZurmoHtml::link($this->resolveLabelAndWrap(), $this->route, $this->getHtmlOptions());
     } else {
         return '';
     }
 }
Esempio n. 14
0
 protected function preFilter($filterChain)
 {
     if (RightsUtil::doesUserHaveAllowByRightName($this->moduleClassName, $this->rightName, Yii::app()->user->userModel)) {
         return true;
     }
     static::processAccessFailure();
     Yii::app()->end(0, false);
 }
Esempio n. 15
0
 protected function getMenuItems()
 {
     $items = array();
     if (RightsUtil::doesUserHaveAllowByRightName('CampaignsModule', CampaignsModule::getCreateRight(), Yii::app()->user->userModel)) {
         $items[] = array('label' => Zurmo::t('CampaignsModule', 'Create Campaign'), 'url' => Yii::app()->createUrl('campaigns/default/create'));
         return $items;
     }
     return null;
 }
Esempio n. 16
0
 public function getMenuItems()
 {
     $items = array();
     if (RightsUtil::doesUserHaveAllowByRightName('WorkflowsModule', WorkflowsModule::getCreateRight(), Yii::app()->user->userModel)) {
         $items[] = array('label' => Zurmo::t('WorkflowsModule', 'Create Workflow'), 'url' => Yii::app()->createUrl('workflows/default/create'));
         return $items;
     }
     return null;
 }
Esempio n. 17
0
 /**
  * Override to handle special cases for the user status attribute.
  * @see DetailsView::resolveElementInformationDuringFormLayoutRender()
  */
 protected function resolveElementInformationDuringFormLayoutRender(&$elementInformation)
 {
     if ($elementInformation['type'] == 'DerivedUserStatus' && !UserStatusUtil::canUserEditStatusOnAnotherUser(Yii::app()->user->userModel, $this->model)) {
         $elementInformation['type'] = 'ReadOnlyDerivedUserStatus';
     }
     if ($elementInformation['attributeName'] == 'role' && !RightsUtil::canUserAccessModule('RolesModule', Yii::app()->user->userModel)) {
         $elementInformation['type'] = 'ReadOnlyModel';
     }
 }
Esempio n. 18
0
 public function getMenuItems()
 {
     $items = array();
     if (RightsUtil::doesUserHaveAllowByRightName('EmailTemplatesModule', EmailTemplatesModule::getCreateRight(), Yii::app()->user->userModel)) {
         $items[] = array('label' => Zurmo::t('EmailTemplatesModule', 'Create Template'), 'url' => Yii::app()->createUrl('emailTemplates/default/create', array('type' => EmailTemplate::TYPE_WORKFLOW)));
         return $items;
     }
     return null;
 }
Esempio n. 19
0
 /**
  * @param string $moduleClassName
  * @return bool
  */
 public static function canCurrentUserCanAccessModule($moduleClassName)
 {
     assert('is_string($moduleClassName)');
     if ($moduleClassName::getStateMetadataAdapterClassName() != null) {
         $workflowRules = WorkflowRules::makeByModuleClassName($moduleClassName);
         return $workflowRules->canUserAccessModuleInAVariableState(Yii::app()->user->userModel);
     } else {
         return RightsUtil::canUserAccessModule($moduleClassName, Yii::app()->user->userModel);
     }
 }
Esempio n. 20
0
 protected static function resolveAndRenderPostingAndContinueLinksContent(GameNotification $notification, $index)
 {
     if (!RightsUtil::canUserAccessModule('SocialItemsModule', Yii::app()->user->userModel)) {
         return ZurmoHtml::link(Zurmo::t('Core', 'Continue'), '#', array('class' => 'close-ModalGameNotification default-btn', 'onclick' => '$("#ModalGameNotification' . $index . '").dialog("close"); return false;'));
     } else {
         $content = ZurmoHtml::link(Zurmo::t('Core', 'Skip'), '#', array('class' => 'close-ModalGameNotification simple-link', 'onclick' => '$("#ModalGameNotification' . $index . '").dialog("close"); return false;'));
         $content .= static::renderPostToProfileLinkContent($notification, $index);
         return $content;
     }
 }
Esempio n. 21
0
 protected static function resolveRelatedItemIdsByModelAndUser(Item $model, &$relatedItemIds, User $user)
 {
     assert('is_array($relatedItemIds)');
     if (RightsUtil::canUserAccessModule($model::getModuleClassName(), $user)) {
         $itemId = $model->getClassId('Item');
         if (!in_array($itemId, $relatedItemIds)) {
             $relatedItemIds[] = $itemId;
         }
     }
 }
Esempio n. 22
0
 /**
  * @param int $userId
  */
 public static function resolveCanCurrentUserAccessAction($userId)
 {
     if (Yii::app()->user->userModel->id == $userId || RightsUtil::canUserAccessModule('SendGridModule', Yii::app()->user->userModel)) {
         return;
     }
     $messageView = new AccessFailureView();
     $view = new AccessFailurePageView($messageView);
     echo $view->render();
     Yii::app()->end(0, false);
 }
Esempio n. 23
0
 public function testCanUserAccessModule()
 {
     $user = User::getByUsername('billy');
     $this->assertTrue(RightsUtil::canUserAccessModule('HomeModule', $user));
     $this->assertFalse(RightsUtil::canUserAccessModule('AccountsModule', $user));
     $user->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS);
     $saved = $user->save();
     $this->assertTrue($saved);
     $this->assertTrue(RightsUtil::canUserAccessModule('AccountsModule', $user));
 }
Esempio n. 24
0
 /**
  * Checks if the user has permission to add portlet from modal
  * @param Object $portletRules
  * @return bool
  */
 public static function doesCurrentUserHavePermissionToAddPortlet($portletRules)
 {
     $user = Yii::app()->user->userModel;
     $viewClassName = $portletRules->getType() . 'View';
     $moduleClassName = $viewClassName::getModuleClassName();
     if ($portletRules->canUserAccessPortlet($user) && RightsUtil::canUserAccessModule($moduleClassName, $user)) {
         return true;
     }
     return false;
 }
Esempio n. 25
0
 protected function preFilter($filterChain)
 {
     if (!RightsUtil::canUserAccessModule('MarketingListsModule', Yii::app()->user->userModel)) {
         $messageView = new UserIsMissingMarketingListAccessSplashView();
         $pageViewClassName = $this->controller->getModule()->getPluralCamelCasedName() . 'PageView';
         $view = new $pageViewClassName(ZurmoDefaultAdminViewUtil::makeStandardViewForCurrentUser($this->controller, $messageView));
         echo $view->render();
         return false;
     }
     return true;
 }
Esempio n. 26
0
 protected function renderContent()
 {
     $url = $this->getCreateMeetingUrl();
     $content = ZurmoHtml::openTag('div', array('class' => $this->getIconName()));
     $content .= $this->getMessageContent();
     if (RightsUtil::doesUserHaveAllowByRightName('MeetingsModule', MeetingsModule::getCreateRight(), Yii::app()->user->userModel)) {
         $content .= ZurmoHtml::link(ZurmoHtml::wrapLabel($this->getCreateLinkDisplayLabel()), $url, array('class' => 'z-button green-button'));
     }
     $content .= ZurmoHtml::closeTag('div');
     return $content;
 }
Esempio n. 27
0
 /**
  * @return null or string containing create link
  */
 public function getMenuItems()
 {
     $items = array();
     if (RightsUtil::doesUserHaveAllowByRightName('ProductTemplatesModule', ProductTemplatesModule::getCreateRight(), Yii::app()->user->userModel)) {
         $items[] = array('label' => Zurmo::t('ProductTemplatesModule', 'Create Category'), 'url' => Yii::app()->createUrl('productTemplates/category/create'));
     }
     if (!empty($items)) {
         return $items;
     }
     return null;
 }
Esempio n. 28
0
 protected function getMenuItems()
 {
     $items = array();
     if (RightsUtil::doesUserHaveAllowByRightName('ProductsModule', ProductsModule::getCreateRight(), Yii::app()->user->userModel)) {
         $items[] = array('label' => Zurmo::t('ProductsModule', 'Create ProductsModuleSingularLabel', LabelUtil::getTranslationParamsForAllModules()), 'url' => Yii::app()->createUrl('products/default/create'));
     }
     if (!empty($items)) {
         return $items;
     }
     return null;
 }
Esempio n. 29
0
 /**
  * Runs through relations and makes sure the user can access at least one relation. If at least one is
  * accessible, true is returned.
  */
 public function canUserPerformAction()
 {
     $metadata = Activity::getMetadata();
     foreach ($metadata['Activity']['activityItemsModelClassNames'] as $modelClassName) {
         if (is_subclass_of($modelClassName, 'Item') && $modelClassName::getModuleClassName() != null) {
             if (RightsUtil::canUserAccessModule($modelClassName::getModuleClassName(), $this->user)) {
             }
             return true;
         }
     }
     return false;
 }
Esempio n. 30
0
 public function render()
 {
     if (!RightsUtil::canUserAccessModule('SocialItemsModule', Yii::app()->user->userModel)) {
         return parent::render();
     }
     $postToProfileContent = ZurmoHtml::tag('span', array(), Zurmo::t('ZurmoModule', 'Post to Profile'));
     $postToProfileContent .= static::renderHelpSpan();
     $postToProfileContent .= ZurmoHtml::checkBox('postToProfile', false);
     $content = parent::render();
     $content .= ZurmoHtml::tag('div', array('class' => 'post-to-profile clearfix'), $postToProfileContent);
     return $content;
 }