protected function clearAllCaches()
{
ForgetAllCacheUtil::forgetAllCaches();
PermissionsCache::forgetAll(true);
RightsCache::forgetAll(true);
Role::forgetRoleIdToRoleCache();
}
public static function forgetAllCaches()
{
RedBeanModelsCache::forgetAll();
RedBeansCache::forgetAll();
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
GeneralCache::forgetAll();
BeanModelCache::forgetAll();
Currency::resetCaches();
//php only cache
}
public static function tearDownAfterClass()
{
if (static::$activateDefaultLanguages) {
Yii::app()->languageHelper->deactivateLanguagesForTesting();
}
TestDatabaseUtil::deleteRowsFromAllTablesExceptLog();
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
RedBeanModel::forgetAll();
RedBeanDatabase::close();
assert('!RedBeanDatabase::isSetup()');
// Not Coding Standard
GeneralCache::forgetAll();
BeanModelCache::forgetAll();
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
ZurmoDatabaseCompatibilityUtil::createActualPermissionsCacheTable();
ZurmoDatabaseCompatibilityUtil::createNamedSecurableActualPermissionsCacheTable();
ZurmoDatabaseCompatibilityUtil::createActualRightsCacheTable();
ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures();
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
Currency::resetCaches();
//php only cache
Permission::resetCaches();
//php only cache
self::$activitiesObserver = new ActivitiesObserver();
self::$activitiesObserver->init();
//runs init();
self::$conversationsObserver = new ConversationsObserver();
self::$conversationsObserver->init();
//runs init();
self::$emailMessagesObserver = new EmailMessagesObserver();
self::$emailMessagesObserver->init();
//runs init();
self::$contactLatestActivityDateTimeObserver = new ContactLatestActivityDateTimeObserver();
self::$contactLatestActivityDateTimeObserver->init();
//runs init();
self::$accountLatestActivityDateTimeObserver = new AccountLatestActivityDateTimeObserver();
self::$accountLatestActivityDateTimeObserver->init();
//runs init();
self::$accountContactAffiliationObserver = new AccountContactAffiliationObserver();
self::$accountContactAffiliationObserver->init();
//runs init();
Yii::app()->gameHelper;
Yii::app()->gamificationObserver;
//runs init();
Yii::app()->gameHelper->resetDeferredPointTypesAndValuesByUserIdToAdd();
Yii::app()->emailHelper->sendEmailThroughTransport = false;
Yii::app()->jobQueue->deleteAll();
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
ZurmoDatabaseCompatibilityUtil::createActualPermissionsCacheTable();
ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures();
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
Currency::resetCaches();
//php only cache
$activitiesObserver = new ActivitiesObserver();
$activitiesObserver->init();
//runs init();
$conversationsObserver = new ConversationsObserver();
$conversationsObserver->init();
//runs init();
Yii::app()->gameHelper;
Yii::app()->gamificationObserver;
//runs init();
Yii::app()->gameHelper->resetDeferredPointTypesAndValuesByUserIdToAdd();
Yii::app()->emailHelper->sendEmailThroughTransport = false;
}
protected function forgetPermissionsRightsAndPoliciesCache()
{
PermissionsCache::forgetAll();
Permission::resetCaches();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
}
public function testPermissionsCachingHitsAndMisses2()
{
if (!SECURITY_OPTIMIZED) {
return;
}
// Like the test above by averaging over many loops.
$loops = 100;
$accounts = Account::getAll();
$account = $accounts[0];
$user = User::getByUsername('bobby');
$this->assertNotEquals($account->owner->id, $user->id);
$this->setSomePermissions();
$firstTime = $secondTime = $thirdTime = $fourthTime = 0;
for ($i = 0; $i < $loops; $i++) {
$startTime = microtime(true);
$permissions = $account->getEffectivePermissions($user);
$endTime = microtime(true);
$firstTime += $endTime - $startTime;
$startTime = microtime(true);
$permissions = $account->getEffectivePermissions($user);
$endTime = microtime(true);
$secondTime += $endTime - $startTime;
// The false tells it to not forget the
// db level cached permissions.
PermissionsCache::forgetAll(false);
$startTime = microtime(true);
$permissions = $account->getEffectivePermissions($user);
$endTime = microtime(true);
$thirdTime += $endTime - $startTime;
// Will forget the db level cached permissions.
PermissionsCache::forgetAll();
$startTime = microtime(true);
$permissions = $account->getEffectivePermissions($user);
$endTime = microtime(true);
$fourthTime += $endTime - $startTime;
// Will forget the db level cached permissions
// to leave it clean for the next loop.
PermissionsCache::forgetAll();
}
$firstTime /= $loops;
$secondTime /= $loops;
$thirdTime /= $loops;
$fourthTime /= $loops;
// The first time is at least 10 times faster than
// the second time because it will get it from the
// php cached permissions.
if ($secondTime > 0) {
$this->assertGreaterThan(10, $firstTime / $secondTime);
}
// The first time is at least 2 times faster than
// the third time even though the php level permissions
// cache is cleared (or it's a different request)
// because it will get it from the db cached permissions.
if ($thirdTime > 0) {
$this->assertGreaterThan(2, $firstTime / $thirdTime);
}
// The first time is at least 10 times faster than
// the third time even though the php level permissions
// cache is cleared (or it's a different request)
// because it will get it from the db cached permissions.
$this->assertWithinTolerance($firstTime, $fourthTime, 0.005);
Permission::removeAll();
}
public function removeAllPermissions()
{
$this->checkPermissionsHasAnyOf(Permission::CHANGE_PERMISSIONS);
PermissionsCache::forgetAll();
$this->permissions->removeAll();
}
/**
* Override to add caching capabilities of this information.
* @see SecurableItem::getActualPermissions()
*/
public function getActualPermissions($permitable = null)
{
assert('$permitable === null || $permitable instanceof Permitable');
if ($permitable === null) {
$permitable = Yii::app()->user->userModel;
if (!$permitable instanceof User) {
throw new NoCurrentUserSecurityException();
}
}
if ($this->name != null) {
try {
return PermissionsCache::getNamedSecurableItemActualPermissions($this->name, $permitable);
} catch (NotFoundException $e) {
$actualPermissions = parent::getActualPermissions($permitable);
}
PermissionsCache::cacheNamedSecurableItemActualPermissions($this->name, $permitable, $actualPermissions);
return $actualPermissions;
}
return parent::getActualPermissions($permitable);
}
/**
* @param Permitable $permitable
* @return array of all module permissions data
* Example of a return just for the accounts module.
* Normally all the applicable modules permissions
* would be returned in the array.
* @code
<?php
$compareData = array(
'AccountsModule' => array(
'CREATE' => array(
'explicit' => null,
'inherited' => null,
),
'CHANGE_OWNER' => array(
'explicit' => null,
'inherited' => null,
),
'CHANGE_PERMISSIONS' => array(
'explicit' => null,
'inherited' => null,
),
'DELETE' => array(
'explicit' => null,
'inherited' => null,
),
'READ' => array(
'explicit' => null,
'inherited' => null,
),
'WRITE' => array(
'explicit' => null,
'inherited' => null,
),
),
);
?>
* @endcode
*/
public static function getAllModulePermissionsDataByPermitable(Permitable $permitable)
{
$data = array();
try {
$data = PermissionsCache::getAllModulePermissionsDataByPermitable($permitable);
} catch (NotFoundException $e) {
$modules = Module::getModuleObjects();
$permissions = PermissionsUtil::getPermissions();
foreach ($modules as $module) {
if ($module instanceof SecurableModule) {
$moduleClassName = get_class($module);
$moduleName = $module->getName();
$item = NamedSecurableItem::getByName($moduleClassName);
if (!empty($permissions)) {
foreach ($permissions as $permission) {
$explicit = PermissionsUtil::resolveExplicitOrInheritedPermission($item->getExplicitActualPermissions($permitable), $permission);
$inherited = PermissionsUtil::resolveExplicitOrInheritedPermission($item->getInheritedActualPermissions($permitable), $permission);
$actual = PermissionsUtil::resolveActualPermission($item->getActualPermissions($permitable), $permission);
$data[$moduleClassName][$permission] = array('explicit' => PermissionsUtil::resolvePermissionForData($explicit), 'inherited' => PermissionsUtil::resolvePermissionForData($inherited), 'actual' => PermissionsUtil::resolvePermissionForData($actual));
}
}
}
}
PermissionsCache::cacheAllModulePermissionsDataByPermitables($permitable, $data);
}
return $data;
}
protected function clearCaches()
{
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
}
public static function forgetAll($forgetDbLevelCache = true)
{
if (PHP_CACHING_ON) {
self::$securableItemToPermitableToCombinedPermissions = array();
self::$namedSecurableItemActualPermissions = array();
}
if (SECURITY_OPTIMIZED && DB_CACHING_ON && $forgetDbLevelCache) {
ZurmoDatabaseCompatibilityUtil::callProcedureWithoutOuts("clear_cache_all_actual_permissions()");
}
if (MEMCACHE_ON && Yii::app()->cache !== null) {
self::incrementCacheIncrementValue(static::$cacheType);
}
}
public function testForgetAll()
{
if (MEMCACHE_ON && Yii::app()->cache !== null) {
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$account = new Account();
$account->name = 'Ocean Inc2.';
$this->assertTrue($account->save());
$combinedPermissions = 5;
// Set some GeneralCache, which should stay in cache after cleanup
GeneralCache::cacheEntry('somethingForTesting', 34);
$value = GeneralCache::getEntry('somethingForTesting');
$this->assertEquals(34, $value);
PermissionsCache::cacheCombinedPermissions($account, $super, $combinedPermissions);
$combinedPermissionsFromCache = PermissionsCache::getCombinedPermissions($account, $super);
$this->assertEquals($combinedPermissions, $combinedPermissionsFromCache);
PermissionsCache::forgetAll();
try {
PermissionsCache::getCombinedPermissions($account, $super);
$this->fail('NotFoundException exception is not thrown.');
} catch (NotFoundException $e) {
// Data from generalCache should still be in cache
$value = GeneralCache::getEntry('somethingForTesting');
$this->assertEquals(34, $value);
}
}
// To-Do: Add test for forgetAll with $forgetDbLevelCache = true. It could be added to testForgetAll() function.
// To-Do: Add test for forgetSecurableItem with $forgetDbLevelCache = true. . It could be added to testForgetSecurableItem() function.
}
public static function removeAll()
{
PermissionsCache::forgetAll();
R::exec("delete from permission;");
}
public static function deleteAll()
{
PermissionsCache::forgetAll();
AllPermissionsOptimizationCache::forgetAll();
parent::deleteAll();
}
public function testOnCreateOwnerChangeAndDeleteAccountModel()
{
$super = User::getByUsername('super');
$billy = self::$billy;
Yii::app()->user->userModel = $super;
$job = new ReadPermissionSubscriptionUpdateForAccountFromBuildTableJob();
Yii::app()->jobQueue->deleteAll();
// Clean contact table
$sql = "SELECT * FROM account_read_subscription";
$rows = ZurmoRedBean::getAll($sql);
$this->assertTrue(empty($rows));
$account1 = AccountTestHelper::createAccountByNameForOwner('First Account', $super);
sleep(1);
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account1->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($billy->id, $rows[1]['userid']);
$this->assertEquals($account1->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
sleep(1);
// Test deletion
$account1->delete();
sleep(1);
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows2 = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows2));
$this->assertEquals($super->id, $rows2[0]['userid']);
$this->assertEquals($account1->id, $rows2[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows2[0]['subscriptiontype']);
$this->assertNotEquals($rows[0]['modifieddatetime'], $rows2[0]['modifieddatetime']);
$this->assertEquals($billy->id, $rows2[1]['userid']);
$this->assertEquals($account1->id, $rows2[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows2[1]['subscriptiontype']);
$this->assertNotEquals($rows[1]['modifieddatetime'], $rows2[1]['modifieddatetime']);
// Test owner change, but when both users have permissions to access the account
$sql = "DELETE FROM account_read_subscription";
ZurmoRedBean::exec($sql);
$sql = "SELECT * FROM account_read_subscription";
$rows = ZurmoRedBean::getAll($sql);
$this->assertTrue(empty($rows));
$account2 = AccountTestHelper::createAccountByNameForOwner('Second Account', $super);
sleep(1);
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account2->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($billy->id, $rows[1]['userid']);
$this->assertEquals($account2->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
sleep(1);
$account2->owner = self::$billy;
$this->assertTrue($account2->save());
sleep(1);
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(2, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account2->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals(self::$billy->id, $rows[1]['userid']);
$this->assertEquals($account2->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
// Clean account table
$accounts = Account::getAll();
foreach ($accounts as $account) {
$account->delete();
}
$sql = "DELETE FROM account_read_subscription";
ZurmoRedBean::exec($sql);
$johnny = self::$johnny;
$account3 = AccountTestHelper::createAccountByNameForOwner('Third Account', $johnny);
sleep(1);
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(3, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account3->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($billy->id, $rows[1]['userid']);
$this->assertEquals($account3->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[2]['userid']);
$this->assertEquals($account3->id, $rows[2]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[2]['subscriptiontype']);
$account3Id = $account3->id;
$account3->forgetAll();
$account3 = Account::getById($account3Id);
$this->assertTrue($account3->save());
$account3->forgetAll();
PermissionsCache::forgetAll();
$account3 = Account::getById($account3Id);
$account3->owner = $super;
$this->assertTrue($account3->save());
sleep(1);
$queuedJobs = Yii::app()->jobQueue->getAll();
$this->assertEquals(1, count($queuedJobs[5]));
$this->assertEquals('ReadPermissionSubscriptionUpdateForAccountFromBuildTable', $queuedJobs[5][0]['jobType']);
Yii::app()->jobQueue->deleteAll();
$this->assertTrue($job->run());
$sql = "SELECT * FROM account_read_subscription order by userid";
$rows = ZurmoRedBean::getAll($sql);
$this->assertEquals(3, count($rows));
$this->assertEquals($super->id, $rows[0]['userid']);
$this->assertEquals($account3->id, $rows[0]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[0]['subscriptiontype']);
$this->assertEquals($billy->id, $rows[1]['userid']);
$this->assertEquals($account3->id, $rows[1]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_ADD, $rows[1]['subscriptiontype']);
$this->assertEquals($johnny->id, $rows[2]['userid']);
$this->assertEquals($account3->id, $rows[2]['modelid']);
$this->assertEquals(ReadPermissionsSubscriptionUtil::TYPE_DELETE, $rows[2]['subscriptiontype']);
}
protected function afterDelete()
{
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
}
/**
* Override to ensure the permissions cache is forgotten since if it is not, other users logged in will not
* get the effective changes until the cache is cleared across the application.
* (non-PHPdoc)
* @see ZurmoBaseController::actionAfterSuccessfulModelSave()
*/
protected function actionAfterSuccessfulModelSave($model, $modelToStringValue, $redirectUrlParams = null)
{
PermissionsCache::forgetAll();
RightsCache::forgetAll();
PoliciesCache::forgetAll();
parent::actionAfterSuccessfulModelSave($model, $modelToStringValue, $redirectUrlParams);
}
/**
*
* The constructor for the permissions object, a Collection, Version, Area or Block object is passed
* and a special sub-object is returned, which can then be checked against to see the if the user can
* view it, edit it, etc...
* @param mixed $unknownObj
*
*/
function Permissions(&$unknownObj)
{
// The permissions object is given another, and it basically checks to see if the logged-in
// user has given permissions for that object, whatever it may be
$this->u = new User();
$this->originalObj = $unknownObj;
/*
if ($unknownObj->getError()) {
// inherit the error from the object
$this->permError = $unknownObj->getError();
}*/
if (PermissionsCache::exists($unknownObj)) {
$po = PermissionsCache::getObject($unknownObj);
$this->loadPermissionSet($po);
return;
}
$po = PermissionsProxy::get($unknownObj);
$this->loadPermissionSet($po);
PermissionsCache::add($unknownObj, $po);
}
public function testForgetAll()
{
if (PermissionsCache::supportsAndAllowsMemcache()) {
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$account = new Account();
$account->name = 'Ocean Inc2.';
$this->assertTrue($account->save());
$combinedPermissions = 5;
// Set some GeneralCache, which should stay in cache after cleanup
GeneralCache::cacheEntry('somethingForTesting', 34);
$value = GeneralCache::getEntry('somethingForTesting');
$this->assertEquals(34, $value);
AllPermissionsOptimizationCache::cacheHasReadPermissionOnSecurableItem($account, $super, true);
$hasReadPermission = AllPermissionsOptimizationCache::getHasReadPermissionOnSecurableItem($account, $super);
$this->assertTrue($hasReadPermission);
AllPermissionsOptimizationCache::forgetAll();
try {
AllPermissionsOptimizationCache::getHasReadPermissionOnSecurableItem($account, $super);
$this->fail('NotFoundException exception is not thrown.');
} catch (NotFoundException $e) {
// Data from generalCache should still be in cache
$value = GeneralCache::getEntry('somethingForTesting');
$this->assertEquals(34, $value);
}
}
// To-Do: Add test for forgetAll with $forgetDbLevelCache = true. It could be added to testForgetAll() function.
// To-Do: Add test for forgetSecurableItem with $forgetDbLevelCache = true. . It could be added to testForgetSecurableItem() function.
}
