public function getActualPermissions($permitable = null)
{
assert('$permitable === null || $permitable instanceof Permitable');
if ($permitable === null) {
$permitable = Yii::app()->user->userModel;
if (!$permitable instanceof User) {
throw new NoCurrentUserSecurityException();
}
}
if (!SECURITY_OPTIMIZED) {
// The slow way will remain here as documentation
// for what the optimized way is doing.
$allowPermissions = Permission::NONE;
$denyPermissions = Permission::NONE;
if (Group::getByName(Group::SUPER_ADMINISTRATORS_GROUP_NAME)->contains($permitable)) {
$allowPermissions = Permission::ALL;
} else {
foreach ($this->unrestrictedGet('permissions') as $permission) {
$effectivePermissions = $permission->getEffectivePermissions($permitable);
if ($permission->type == Permission::ALLOW) {
$allowPermissions |= $effectivePermissions;
} else {
$denyPermissions |= $effectivePermissions;
}
}
$allowPermissions |= $this->getPropagatedActualAllowPermissions($permitable);
if (!$this instanceof NamedSecurableItem) {
foreach (array(get_class($this), static::getModuleClassName()) as $securableItemName) {
try {
$securableType = NamedSecurableItem::getByName($securableItemName);
$typeAllowPermissions = Permission::NONE;
$typeDenyPermissions = Permission::NONE;
foreach ($securableType->unrestrictedGet('permissions') as $permission) {
$effectivePermissions = $permission->getEffectivePermissions($permitable);
if ($permission->type == Permission::ALLOW) {
$typeAllowPermissions |= $effectivePermissions;
} else {
$typeDenyPermissions |= $effectivePermissions;
}
// We shouldn't see something that isn't owned having CHANGE_OWNER.
// assert('$typeAllowPermissions & Permission::CHANGE_OWNER == Permission::NONE');
}
$allowPermissions |= $typeAllowPermissions;
$denyPermissions |= $typeDenyPermissions;
} catch (NotFoundException $e) {
}
}
}
}
} else {
try {
$combinedPermissions = PermissionsCache::getCombinedPermissions($this, $permitable);
} catch (NotFoundException $e) {
$securableItemId = $this->getClassId('SecurableItem');
$permitableId = $permitable->getClassId('Permitable');
// Optimizations work on the database,
// anything not saved will not work.
assert('$permitableId > 0');
$className = get_class($this);
$moduleName = static::getModuleClassName();
$cachingOn = DB_CACHING_ON ? 1 : 0;
$combinedPermissions = intval(ZurmoDatabaseCompatibilityUtil::callFunction("get_securableitem_actual_permissions_for_permitable({$securableItemId}, {$permitableId}, '{$className}', '{$moduleName}', {$cachingOn})"));
PermissionsCache::cacheCombinedPermissions($this, $permitable, $combinedPermissions);
}
$allowPermissions = $combinedPermissions >> 8 & Permission::ALL;
$denyPermissions = $combinedPermissions & Permission::ALL;
}
assert("({$allowPermissions} & ~Permission::ALL) == 0");
assert("({$denyPermissions} & ~Permission::ALL) == 0");
return array($allowPermissions, $denyPermissions);
}
public function testForgetAll()
{
if (MEMCACHE_ON && Yii::app()->cache !== null) {
$super = User::getByUsername('super');
Yii::app()->user->userModel = $super;
$account = new Account();
$account->name = 'Ocean Inc2.';
$this->assertTrue($account->save());
$combinedPermissions = 5;
// Set some GeneralCache, which should stay in cache after cleanup
GeneralCache::cacheEntry('somethingForTesting', 34);
$value = GeneralCache::getEntry('somethingForTesting');
$this->assertEquals(34, $value);
PermissionsCache::cacheCombinedPermissions($account, $super, $combinedPermissions);
$combinedPermissionsFromCache = PermissionsCache::getCombinedPermissions($account, $super);
$this->assertEquals($combinedPermissions, $combinedPermissionsFromCache);
PermissionsCache::forgetAll();
try {
PermissionsCache::getCombinedPermissions($account, $super);
$this->fail('NotFoundException exception is not thrown.');
} catch (NotFoundException $e) {
// Data from generalCache should still be in cache
$value = GeneralCache::getEntry('somethingForTesting');
$this->assertEquals(34, $value);
}
}
// To-Do: Add test for forgetAll with $forgetDbLevelCache = true. It could be added to testForgetAll() function.
// To-Do: Add test for forgetSecurableItem with $forgetDbLevelCache = true. . It could be added to testForgetSecurableItem() function.
}
