public function getActualPermissions($permitable = null) { assert('$permitable === null || $permitable instanceof Permitable'); if ($permitable === null) { $permitable = Yii::app()->user->userModel; if (!$permitable instanceof User) { throw new NoCurrentUserSecurityException(); } } if (!SECURITY_OPTIMIZED) { // The slow way will remain here as documentation // for what the optimized way is doing. $allowPermissions = Permission::NONE; $denyPermissions = Permission::NONE; if (Group::getByName(Group::SUPER_ADMINISTRATORS_GROUP_NAME)->contains($permitable)) { $allowPermissions = Permission::ALL; } else { foreach ($this->unrestrictedGet('permissions') as $permission) { $effectivePermissions = $permission->getEffectivePermissions($permitable); if ($permission->type == Permission::ALLOW) { $allowPermissions |= $effectivePermissions; } else { $denyPermissions |= $effectivePermissions; } } $allowPermissions |= $this->getPropagatedActualAllowPermissions($permitable); if (!$this instanceof NamedSecurableItem) { foreach (array(get_class($this), static::getModuleClassName()) as $securableItemName) { try { $securableType = NamedSecurableItem::getByName($securableItemName); $typeAllowPermissions = Permission::NONE; $typeDenyPermissions = Permission::NONE; foreach ($securableType->unrestrictedGet('permissions') as $permission) { $effectivePermissions = $permission->getEffectivePermissions($permitable); if ($permission->type == Permission::ALLOW) { $typeAllowPermissions |= $effectivePermissions; } else { $typeDenyPermissions |= $effectivePermissions; } // We shouldn't see something that isn't owned having CHANGE_OWNER. // assert('$typeAllowPermissions & Permission::CHANGE_OWNER == Permission::NONE'); } $allowPermissions |= $typeAllowPermissions; $denyPermissions |= $typeDenyPermissions; } catch (NotFoundException $e) { } } } } } else { try { $combinedPermissions = PermissionsCache::getCombinedPermissions($this, $permitable); } catch (NotFoundException $e) { $securableItemId = $this->getClassId('SecurableItem'); $permitableId = $permitable->getClassId('Permitable'); // Optimizations work on the database, // anything not saved will not work. assert('$permitableId > 0'); $className = get_class($this); $moduleName = static::getModuleClassName(); $cachingOn = DB_CACHING_ON ? 1 : 0; $combinedPermissions = intval(ZurmoDatabaseCompatibilityUtil::callFunction("get_securableitem_actual_permissions_for_permitable({$securableItemId}, {$permitableId}, '{$className}', '{$moduleName}', {$cachingOn})")); PermissionsCache::cacheCombinedPermissions($this, $permitable, $combinedPermissions); } $allowPermissions = $combinedPermissions >> 8 & Permission::ALL; $denyPermissions = $combinedPermissions & Permission::ALL; } assert("({$allowPermissions} & ~Permission::ALL) == 0"); assert("({$denyPermissions} & ~Permission::ALL) == 0"); return array($allowPermissions, $denyPermissions); }
public function testForgetAll() { if (MEMCACHE_ON && Yii::app()->cache !== null) { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $account = new Account(); $account->name = 'Ocean Inc2.'; $this->assertTrue($account->save()); $combinedPermissions = 5; // Set some GeneralCache, which should stay in cache after cleanup GeneralCache::cacheEntry('somethingForTesting', 34); $value = GeneralCache::getEntry('somethingForTesting'); $this->assertEquals(34, $value); PermissionsCache::cacheCombinedPermissions($account, $super, $combinedPermissions); $combinedPermissionsFromCache = PermissionsCache::getCombinedPermissions($account, $super); $this->assertEquals($combinedPermissions, $combinedPermissionsFromCache); PermissionsCache::forgetAll(); try { PermissionsCache::getCombinedPermissions($account, $super); $this->fail('NotFoundException exception is not thrown.'); } catch (NotFoundException $e) { // Data from generalCache should still be in cache $value = GeneralCache::getEntry('somethingForTesting'); $this->assertEquals(34, $value); } } // To-Do: Add test for forgetAll with $forgetDbLevelCache = true. It could be added to testForgetAll() function. // To-Do: Add test for forgetSecurableItem with $forgetDbLevelCache = true. . It could be added to testForgetSecurableItem() function. }