/**
  * @param SecurableItem $securableItem
  */
 public static function forgetSecurableItemForChange(SecurableItem $securableItem)
 {
     if ($securableItem->getClassId('SecurableItem') == 0) {
         return;
     }
     $securableItemModelIdentifer = $securableItem->getClassId('SecurableItem');
     if (static::supportsAndAllowsPhpCaching()) {
         static::$securableItemToPermitableToChangePermissions[$securableItemModelIdentifer] = array();
     }
     if (static::supportsAndAllowsMemcache()) {
         $prefix = static::getCachePrefix($securableItemModelIdentifer) . static::CHANGE;
         Yii::app()->cache->delete($prefix . $securableItemModelIdentifer);
     }
 }
 public function checkPermissionsHasAnyOf($requiredPermissions, User $user = null)
 {
     assert('is_int($requiredPermissions)');
     assert('in_array($requiredPermissions,
                          array(Permission::READ, Permission::WRITE, Permission::DELETE,
                                Permission::CHANGE_PERMISSIONS, Permission::CHANGE_OWNER))');
     if ($user == null) {
         $user = Yii::app()->user->userModel;
     }
     if (Permission::ALL == $this->resolveEffectivePermissionsForOwnerAndCreatedByUser($user)) {
         return;
     } elseif ($this->isDeleting) {
         //Avoid potential problems with accessing information already removed from munge.
         //Potentially there could be some gap with doing this, but it improves performance on complex
         //role/group setups.
         return;
     } else {
         if (SECURITY_OPTIMIZED) {
             $modelClassName = get_called_class();
             $moduleClassName = $modelClassName::getModuleClassName();
             if (static::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule') && AllPermissionsOptimizationUtil::checkPermissionsHasAnyOf($requiredPermissions, $this, $user)) {
                 return;
             }
         }
         parent::checkPermissionsHasAnyOf($requiredPermissions, $user);
     }
 }
 public static function getAccountMungeRows(SecurableItem $securableItem = null)
 {
     if ($securableItem === null) {
         $rows = ZurmoRedBean::getAll('select   name, munge_id, count
                                from     account_read, ownedsecurableitem, account
                                where    account_read.securableitem_id = ownedsecurableitem.securableitem_id and
                                         ownedsecurableitem.id         = account.ownedsecurableitem_id
                                order by name, munge_id, account_read.securableitem_id, count');
     } else {
         $securableItemId = $securableItem->getClassId('SecurableItem');
         $rows = ZurmoRedBean::getAll("select   munge_id, count\n                                   from     account_read\n                                   where    securableitem_id = {$securableItemId}\n                                   order by munge_id, count");
     }
     $rowsWithValues = array();
     foreach ($rows as $row) {
         $row = array_values($row);
         array_walk($row, array('self', 'stripFullStops'));
         $rowsWithValues[] = $row;
     }
     return $rowsWithValues;
 }
 /**
  * Given a SecurableItem, add and remove permissions just on the securableItem.  Since this method
  * is called when the SecurableItem is not being saved and just for display purposes in the user interface.
  * @param SecurableItem $securableItem
  * @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions
  * @return boolean
  * @throws NotSupportedException()
  */
 public static function resolveExplicitReadWriteModelPermissionsForDisplay(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions)
 {
     assert('$securableItem->id < 0');
     if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) {
         foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) {
             $securableItem->addPermissions($permitable, Permission::READ);
         }
     }
     if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) {
         foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) {
             $securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
         }
     }
     return true;
 }
 protected static function getGroupMungeCount(SecurableItem $securableItem, Group $group)
 {
     $count = 0;
     list($allowPermissions, $denyPermissions) = $securableItem->getExplicitActualPermissions($group);
     $effectiveExplicitPermissions = $allowPermissions & ~$denyPermissions;
     if (($effectiveExplicitPermissions & Permission::READ) == Permission::READ) {
         $count++;
     }
     if ($group->group->id > 0 && !(!RedBeanDatabase::isFrozen() && $group->group->isSame($group))) {
         $count += self::getGroupMungeCount($securableItem, $group->group);
     }
     return $count;
 }
Esempio n. 6
0
 protected static function translatedAttributeLabels($language)
 {
     return array_merge(parent::translatedAttributeLabels($language), array('owner' => Zurmo::t('ZurmoModule', 'Owner', array(), null, $language)));
 }
Esempio n. 7
0
 /**
  * Override for the 'name' attribute since 'name' can be retrieved regardless of permissions of the user asking
  * for it.
  * @see SecurableItem::__get()
  */
 public function __get($attributeName)
 {
     if ($attributeName == 'name') {
         return $this->unrestrictedGet('name');
     }
     return parent::__get($attributeName);
 }
Esempio n. 8
0
 public static function forgetSecurableItem(SecurableItem $securableItem, $forgetDbLevelCache = true)
 {
     if ($securableItem->getClassId('SecurableItem') == 0) {
         return;
     }
     $securableItemModelIdentifer = $securableItem->getModelIdentifier();
     if (PHP_CACHING_ON) {
         self::$securableItemToPermitableToCombinedPermissions[$securableItemModelIdentifer] = array();
     }
     if (MEMCACHE_ON && Yii::app()->cache !== null) {
         $prefix = self::getCachePrefix($securableItemModelIdentifer, self::$cacheType);
         Yii::app()->cache->delete($prefix . $securableItemModelIdentifer);
     }
     if (SECURITY_OPTIMIZED && DB_CACHING_ON && $forgetDbLevelCache) {
         $securableItemId = $securableItem->getClassID('SecurableItem');
         ZurmoDatabaseCompatibilityUtil::callProcedureWithoutOuts("clear_cache_securableitem_actual_permissions({$securableItemId})");
     }
 }
 /**
  * Update all account read permissions items when permissions for item is removed from user
  */
 public static function securableItemLostPermissionsForUser(SecurableItem $securableItem)
 {
     if ($securableItem instanceof Account) {
         $modelDerivationPathToItem = RuntimeUtil::getModelDerivationPathToItem('Account');
         $account = $securableItem->castDown(array($modelDerivationPathToItem));
         self::updateAccountReadSubscriptionTableBasedOnBuildTable($account->id);
     }
 }
Esempio n. 10
0
 public static function forgetSecurableItem(SecurableItem $securableItem, $forgetDbLevelCache = true)
 {
     if ($securableItem->getClassId('SecurableItem') == 0) {
         return;
     }
     $securableItemModelIdentifer = $securableItem->getModelIdentifier();
     if (static::supportsAndAllowsPhpCaching()) {
         static::$securableItemToPermitableToCombinedPermissions[$securableItemModelIdentifer] = array();
     }
     if (static::supportsAndAllowsMemcache()) {
         $prefix = static::getCachePrefix($securableItemModelIdentifer);
         Yii::app()->cache->delete($prefix . $securableItemModelIdentifer);
     }
     if (SECURITY_OPTIMIZED && static::supportsAndAllowsDatabaseCaching() && $forgetDbLevelCache) {
         $securableItemId = $securableItem->getClassID('SecurableItem');
         ZurmoDatabaseCompatibilityUtil::callProcedureWithoutOuts("clear_cache_securableitem_actual_permissions({$securableItemId})");
     }
 }