/** * Override to handle security/access resolution on specific elements. */ protected function resolveElementInformationDuringFormLayoutRender(&$elementInformation) { if ($this->renderType == 'Edit') { FormLayoutSecurityUtil::resolveElementForEditableRender($this->model, $elementInformation, Yii::app()->user->userModel); } elseif ($this->renderType == 'Details') { FormLayoutSecurityUtil::resolveElementForNonEditableRender($this->model, $elementInformation, Yii::app()->user->userModel); } else { throw new NotSupportedException(); } }
protected function renderNonEditableElementsForRelationsByRelationsData($relationModelClassNames) { $content = null; $formClassName = static::getRelatedItemFormClassName(); foreach ($relationModelClassNames as $relationModelClassName) { $relatedItemForm = null; //ASSUMES ONLY A SINGLE ATTACHED RELATEDITEM PER RELATION TYPE. foreach ($this->getRelatedItemsFromModel() as $item) { try { $modelDerivationPathToItem = RuntimeUtil::getModelDerivationPathToItem($relationModelClassName); $castedDownModel = $item->castDown(array($modelDerivationPathToItem)); $relatedItemForm = new $formClassName($castedDownModel); break; } catch (NotFoundException $e) { //do nothing } } if ($relatedItemForm != null) { $canAccess = true; $modelElementType = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity($relationModelClassName, Yii::app()->user->userModel, $canAccess); if ($canAccess) { $elementInformation = array('attributeName' => $relationModelClassName, 'type' => $modelElementType); FormLayoutSecurityUtil::resolveElementForNonEditableRender($relatedItemForm, $elementInformation, Yii::app()->user->userModel); if ($elementInformation['attributeName'] != null) { $elementclassname = $elementInformation['type'] . 'Element'; $element = new $elementclassname($relatedItemForm, $elementInformation['attributeName'], $this->form, array_slice($elementInformation, 2)); assert('$element instanceof ModelElement'); $element->nonEditableTemplate = $this->getRelatedItemNonEditableTemplate(); $content .= $element->render(); } } } } return $content; }
/** * @depends testResolveElementForEditableRender */ public function testResolveElementForNonEditableRender() { $betty = User::getByUsername('betty'); $billy = User::getByUsername('billy'); $contactForBetty = ContactTestHelper::createContactByNameForOwner("betty's contact2", $betty); $contactForBetty->account = AccountTestHelper::createAccountByNameForOwner('BillyCompany', $billy); $this->assertTrue($contactForBetty->save()); $accountId = $contactForBetty->account->id; $nullElementInformation = array('attributeName' => null, 'type' => 'Null'); //test non ModelElement, should pass through without modification. $elementInformation = array('attributeName' => 'something', 'type' => 'Text'); $referenceElementInformation = $elementInformation; FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty); $this->assertEquals($elementInformation, $referenceElementInformation); //test Acc ModelElement //Betty will see a nullified Element because Betty cannot access read the related account $elementInformation = array('attributeName' => 'account', 'type' => 'Account'); $noLinkElementInformation = array('attributeName' => 'account', 'type' => 'Account', 'noLink' => true); $referenceElementInformation = $elementInformation; FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty); $this->assertEquals($nullElementInformation, $referenceElementInformation); $this->assertEquals(Right::ALLOW, $betty->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS)); //Betty can see the account with a link, because she has been added for Permission::READ on the account. //and she has access to the accounts tab. $account = Account::getById($accountId); $account->addPermissions($betty, Permission::READ); $this->assertTrue($account->save()); $referenceElementInformation = $elementInformation; FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty); $this->assertEquals($elementInformation, $referenceElementInformation); //Removing Betty's access to the accounts tab means she will see the element, but without a link $betty->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS, Right::DENY); $this->assertTrue($betty->save()); $referenceElementInformation = $elementInformation; FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty); $this->assertEquals($noLinkElementInformation, $referenceElementInformation); //Testing UserElement $elementInformation = array('attributeName' => 'owner', 'type' => 'User'); $noLinkElementInformation = array('attributeName' => 'owner', 'type' => 'User', 'noLink' => true); //Super can see related user picker link without a problem. $referenceElementInformation = $elementInformation; FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, User::getByUsername('super')); $this->assertEquals($elementInformation, $referenceElementInformation); //Betty can also see related user name, but not a link. $referenceElementInformation = $elementInformation; $this->assertEquals(Right::DENY, $betty->getEffectiveRight('UsersModule', UsersModule::RIGHT_ACCESS_USERS)); FormLayoutSecurityUtil::resolveElementForNonEditableRender($contactForBetty, $referenceElementInformation, $betty); $this->assertEquals($noLinkElementInformation, $referenceElementInformation); }
/** * Override to handle security/access resolution on specific elements. */ protected function resolveElementInformationDuringFormLayoutRender(&$elementInformation) { FormLayoutSecurityUtil::resolveElementForNonEditableRender($this->model, $elementInformation, Yii::app()->user->userModel); }