public function testGetMungeIdsByUserIncludesEveryoneGroup()
{
Yii::app()->user->userModel = User::getByUsername('super');
$mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser(Yii::app()->user->userModel);
$this->assertEquals(2, count($mungeIds));
$group = Group::getByName(Group::EVERYONE_GROUP_NAME);
$group->save();
AllPermissionsOptimizationCache::forgetAll();
$mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser(Yii::app()->user->userModel);
$this->assertEquals(3, count($mungeIds));
}
public static function forgetAllCaches()
{
RedBeanModelsCache::forgetAll();
RedBeansCache::forgetAll();
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
GeneralCache::forgetAll();
BeanModelCache::forgetAll();
Currency::resetCaches();
//php only cache
}
public static function tearDownAfterClass()
{
if (static::$activateDefaultLanguages) {
Yii::app()->languageHelper->deactivateLanguagesForTesting();
}
TestDatabaseUtil::deleteRowsFromAllTablesExceptLog();
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
RedBeanModel::forgetAll();
RedBeanDatabase::close();
assert('!RedBeanDatabase::isSetup()');
// Not Coding Standard
GeneralCache::forgetAll();
BeanModelCache::forgetAll();
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
ZurmoDatabaseCompatibilityUtil::createActualPermissionsCacheTable();
ZurmoDatabaseCompatibilityUtil::createNamedSecurableActualPermissionsCacheTable();
ZurmoDatabaseCompatibilityUtil::createActualRightsCacheTable();
ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures();
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
Currency::resetCaches();
//php only cache
Permission::resetCaches();
//php only cache
self::$activitiesObserver = new ActivitiesObserver();
self::$activitiesObserver->init();
//runs init();
self::$conversationsObserver = new ConversationsObserver();
self::$conversationsObserver->init();
//runs init();
self::$emailMessagesObserver = new EmailMessagesObserver();
self::$emailMessagesObserver->init();
//runs init();
self::$contactLatestActivityDateTimeObserver = new ContactLatestActivityDateTimeObserver();
self::$contactLatestActivityDateTimeObserver->init();
//runs init();
self::$accountLatestActivityDateTimeObserver = new AccountLatestActivityDateTimeObserver();
self::$accountLatestActivityDateTimeObserver->init();
//runs init();
self::$accountContactAffiliationObserver = new AccountContactAffiliationObserver();
self::$accountContactAffiliationObserver->init();
//runs init();
Yii::app()->gameHelper;
Yii::app()->gamificationObserver;
//runs init();
Yii::app()->gameHelper->resetDeferredPointTypesAndValuesByUserIdToAdd();
Yii::app()->emailHelper->sendEmailThroughTransport = false;
Yii::app()->jobQueue->deleteAll();
}
/**
* @param User $user
* @return array
*/
public static function getMungeIdsByUser(User $user)
{
try {
return AllPermissionsOptimizationCache::getMungeIdsByUser($user);
} catch (NotFoundException $e) {
list($roleId, $groupIds) = self::getUserRoleIdAndGroupIds($user);
$mungeIds = array("U{$user->id}");
if ($roleId != null) {
$mungeIds[] = "R{$roleId}";
}
foreach ($groupIds as $groupId) {
$mungeIds[] = "G{$groupId}";
}
//Add everyone group
$everyoneGroupId = Group::getByName(Group::EVERYONE_GROUP_NAME)->id;
if (!in_array("G" . $everyoneGroupId, $mungeIds) && $everyoneGroupId > 0) {
$mungeIds[] = "G" . $everyoneGroupId;
}
AllPermissionsOptimizationCache::cacheMungeIdsByUser($user, $mungeIds);
}
return $mungeIds;
}
protected function clearCaches()
{
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
}
protected function afterDelete()
{
$this->forgetPermissionsRightsAndPoliciesCache();
ReadPermissionsSubscriptionUtil::roleHasBeenDeleted();
AllPermissionsOptimizationCache::forgetAll();
static::forgetRoleIdToRoleCache();
}
public function removeAllPermissions()
{
$this->checkPermissionsHasAnyOf(Permission::CHANGE_PERMISSIONS);
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
$this->permissions->removeAll();
}
/**
* Override to ensure the permissions cache is forgotten since if it is not, other users logged in will not
* get the effective changes until the cache is cleared across the application.
* (non-PHPdoc)
* @see ZurmoBaseController::actionAfterSuccessfulModelSave()
*/
protected function actionAfterSuccessfulModelSave($model, $modelToStringValue, $redirectUrlParams = null)
{
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
parent::actionAfterSuccessfulModelSave($model, $modelToStringValue, $redirectUrlParams);
}
public static function deleteAll()
{
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
parent::deleteAll();
}
public function testForgetSecurableItem()
{
if (PermissionsCache::supportsAndAllowsMemcache()) {
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$account = new Account();
$account->name = 'Ocean Inc.';
$this->assertTrue($account->save());
$combinedPermissions = 5;
PermissionsCache::cacheCombinedPermissions($account, $super, $combinedPermissions);
$combinedPermissionsFromCache = PermissionsCache::getCombinedPermissions($account, $super);
$this->assertEquals($combinedPermissions, $combinedPermissionsFromCache);
PermissionsCache::forgetSecurableItem($account);
AllPermissionsOptimizationCache::forgetSecurableItemForRead($account);
try {
PermissionsCache::getCombinedPermissions($account, $super);
$this->fail('NotFoundException exception is not thrown.');
} catch (NotFoundException $e) {
$this->assertTrue(true);
}
}
}
/**
* Remove user from group, and in this case user and account should still exist in table but with TYPE_DELETE
* Also in this scenario test when user is added again to the group, after it is removed from group
* @depends testGroupChangeOrDeleteScenario1
*/
public function testGroupChangeOrDeleteScenario2()
{
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$job = new ReadPermissionSubscriptionUpdateForAccountJob();
$jobBasedOnBuildTable = new ReadPermissionSubscriptionUpdateForAccountFromBuildTableJob();
Yii::app()->jobQueue->deleteAll();
$this->deleteAllModelsAndRecordsFromReadPermissionTable('Account');
$johnny = self::$johnny;
$account = AccountTestHelper::createAccountByNameForOwner('Second Account', $super);
Yii::app()->jobQueue->deleteAll();
sleep(1);
$group = new Group();
$group->name = 'Group2';
$this->assertTrue($group->save());
$group->users->add($johnny);
$this->assertTrue($group->save());
$account->addPermissions($group, Permission::READ);
$this->assertTrue($account->save());
RedBeanModel::forgetAll();
ReadPermissionsOptimizationUtil::rebuild();
AllPermissionsOptimizationCache::forgetAll();
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($jobBasedOnBuildTable->run());
// Check if everything is added correctly
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[1]['userid']);
$this->assertEquals($account->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
// Remove user from group
//$group->users->remove($johnny);
//$this->assertTrue($group->save());
$form = new GroupUserMembershipForm();
$fakePostData = array('userMembershipData' => array(), 'userNonMembershipData' => array());
$form = GroupUserMembershipFormUtil::setFormFromCastedPost($form, $fakePostData);
$saved = GroupUserMembershipFormUtil::setMembershipFromForm($form, $group);
$this->assertTrue($saved);
RedBeanModel::forgetAll();
ReadPermissionsOptimizationUtil::rebuild();
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
// Because user is added to group, and group have read access to account, this account should be in
// read permission table for user
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[1]['userid']);
$this->assertEquals($account->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows[1]['subscriptiontype']);
// Now add user to group again and test
//$group->users->add($johnny);
//$this->assertTrue($group->save());
// We need to add user to group using GroupUserMembershipForm, so ReadPermissionsSubscriptionUtil::userAddedToGroup(); will be triggered
$form = new GroupUserMembershipForm();
$fakePostData = array('userMembershipData' => array(0 => $johnny->id), 'userNonMembershipData' => array());
$form = GroupUserMembershipFormUtil::setFormFromCastedPost($form, $fakePostData);
$saved = GroupUserMembershipFormUtil::setMembershipFromForm($form, $group);
$this->assertTrue($saved);
RedBeanModel::forgetAll();
ReadPermissionsOptimizationUtil::rebuild();
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
// Because user is added to group, and group have read access to account, this account should be in
// read permission table for user
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[1]['userid']);
$this->assertEquals($account->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
}
public function testPermissionsCachingHitsAndMisses2()
{
if (!SECURITY_OPTIMIZED) {
return;
}
// Like the test above by averaging over many loops.
$loops = 100;
$accounts = Account::getAll();
$account = $accounts[0];
$user = User::getByUsername('bobby');
$this->assertNotEquals($account->owner->id, $user->id);
$this->setSomePermissions();
$firstTime = $secondTime = $thirdTime = $fourthTime = 0;
for ($i = 0; $i < $loops; $i++) {
$startTime = microtime(true);
$permissions = $account->getEffectivePermissions($user);
$endTime = microtime(true);
$firstTime += $endTime - $startTime;
$startTime = microtime(true);
$permissions = $account->getEffectivePermissions($user);
$endTime = microtime(true);
$secondTime += $endTime - $startTime;
// The false tells it to not forget the
// db level cached permissions.
PermissionsCache::forgetAll(false);
AllPermissionsOptimizationCache::forgetAll();
$startTime = microtime(true);
$permissions = $account->getEffectivePermissions($user);
$endTime = microtime(true);
$thirdTime += $endTime - $startTime;
// Will forget the db level cached permissions.
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
$startTime = microtime(true);
$permissions = $account->getEffectivePermissions($user);
$endTime = microtime(true);
$fourthTime += $endTime - $startTime;
// Will forget the db level cached permissions
// to leave it clean for the next loop.
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
}
$firstTime /= $loops;
$secondTime /= $loops;
$thirdTime /= $loops;
$fourthTime /= $loops;
// The first time is at least 10 times faster than
// the second time because it will get it from the
// php cached permissions.
if ($secondTime > 0) {
$this->assertGreaterThan(10, $firstTime / $secondTime);
}
// The first time is at least 2 times faster than
// the third time even though the php level permissions
// cache is cleared (or it's a different request)
// because it will get it from the db cached permissions.
if ($thirdTime > 0) {
$this->assertGreaterThan(2, $firstTime / $thirdTime);
}
// The first time is at least 10 times faster than
// the third time even though the php level permissions
// cache is cleared (or it's a different request)
// because it will get it from the db cached permissions.
$this->assertWithinTolerance($firstTime, $fourthTime, 0.005);
Permission::deleteAll();
}
public function testForgetAll()
{
if (PermissionsCache::supportsAndAllowsMemcache()) {
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$account = new Account();
$account->name = 'Ocean Inc2.';
$this->assertTrue($account->save());
$combinedPermissions = 5;
// Set some GeneralCache, which should stay in cache after cleanup
GeneralCache::cacheEntry('somethingForTesting', 34);
$value = GeneralCache::getEntry('somethingForTesting');
$this->assertEquals(34, $value);
AllPermissionsOptimizationCache::cacheHasReadPermissionOnSecurableItem($account, $super, true);
$hasReadPermission = AllPermissionsOptimizationCache::getHasReadPermissionOnSecurableItem($account, $super);
$this->assertTrue($hasReadPermission);
AllPermissionsOptimizationCache::forgetAll();
try {
AllPermissionsOptimizationCache::getHasReadPermissionOnSecurableItem($account, $super);
$this->fail('NotFoundException exception is not thrown.');
} catch (NotFoundException $e) {
// Data from generalCache should still be in cache
$value = GeneralCache::getEntry('somethingForTesting');
$this->assertEquals(34, $value);
}
}
// To-Do: Add test for forgetAll with $forgetDbLevelCache = true. It could be added to testForgetAll() function.
// To-Do: Add test for forgetSecurableItem with $forgetDbLevelCache = true. . It could be added to testForgetSecurableItem() function.
}
