public function testCachingNamedSecurableItemActualPermissions()
{
if (PermissionsCache::supportsAndAllowsMemcache() || PermissionsCache::supportsAndAllowsDatabaseCaching()) {
Yii::app()->user->userModel = User::getByUsername('super');
$super = User::getByUsername('super');
$namedSecurableItem = 'AccountsModule';
$item = NamedSecurableItem::getByName('AccountsModule');
$actualPermissions = $item->getActualPermissions();
PermissionsCache::cacheNamedSecurableItemActualPermissions($namedSecurableItem, $super, $actualPermissions);
$actualPermissionsFromCache = PermissionsCache::getNamedSecurableItemActualPermissions($namedSecurableItem, $super);
$this->assertEquals($actualPermissions, $actualPermissionsFromCache);
}
}
/**
* @param null|Permitable $permitable
* @return array
* @throws NoCurrentUserSecurityException
*/
public function getActualPermissions($permitable = null)
{
assert('$permitable === null || $permitable instanceof Permitable');
if ($permitable === null) {
$permitable = Yii::app()->user->userModel;
if (!$permitable instanceof User) {
throw new NoCurrentUserSecurityException();
}
}
if (!SECURITY_OPTIMIZED || $this->processGetActualPermissionsAsNonOptimized()) {
// The slow way will remain here as documentation
// for what the optimized way is doing.
$allowPermissions = Permission::NONE;
$denyPermissions = Permission::NONE;
if (Group::getByName(Group::SUPER_ADMINISTRATORS_GROUP_NAME)->contains($permitable)) {
$allowPermissions = Permission::ALL;
} else {
foreach ($this->unrestrictedGet('permissions') as $permission) {
$effectivePermissions = $permission->getEffectivePermissions($permitable);
if ($permission->type == Permission::ALLOW) {
$allowPermissions |= $effectivePermissions;
} else {
$denyPermissions |= $effectivePermissions;
}
}
$allowPermissions |= $this->getPropagatedActualAllowPermissions($permitable);
if (!$this instanceof NamedSecurableItem) {
foreach (array(get_class($this), static::getModuleClassName()) as $securableItemName) {
try {
$securableType = NamedSecurableItem::getByName($securableItemName);
$typeAllowPermissions = Permission::NONE;
$typeDenyPermissions = Permission::NONE;
foreach ($securableType->unrestrictedGet('permissions') as $permission) {
$effectivePermissions = $permission->getEffectivePermissions($permitable);
if ($permission->type == Permission::ALLOW) {
$typeAllowPermissions |= $effectivePermissions;
} else {
$typeDenyPermissions |= $effectivePermissions;
}
// We shouldn't see something that isn't owned having CHANGE_OWNER.
// assert('$typeAllowPermissions & Permission::CHANGE_OWNER == Permission::NONE');
}
$allowPermissions |= $typeAllowPermissions;
$denyPermissions |= $typeDenyPermissions;
} catch (NotFoundException $e) {
}
}
}
}
} else {
try {
$combinedPermissions = PermissionsCache::getCombinedPermissions($this, $permitable);
} catch (NotFoundException $e) {
$securableItemId = $this->getClassId('SecurableItem');
$permitableId = $permitable->getClassId('Permitable');
// Optimizations work on the database,
// anything not saved will not work.
assert('$permitableId > 0');
$className = get_class($this);
$moduleName = static::getModuleClassName();
$cachingOn = PermissionsCache::supportsAndAllowsDatabaseCaching() ? 1 : 0;
$combinedPermissions = intval(ZurmoDatabaseCompatibilityUtil::callFunction("get_securableitem_actual_permissions_for_permitable({$securableItemId}, {$permitableId}, '{$className}', '{$moduleName}', {$cachingOn})"));
PermissionsCache::cacheCombinedPermissions($this, $permitable, $combinedPermissions);
}
$allowPermissions = $combinedPermissions >> 8 & Permission::ALL;
$denyPermissions = $combinedPermissions & Permission::ALL;
}
assert("({$allowPermissions} & ~Permission::ALL) == 0");
assert("({$denyPermissions} & ~Permission::ALL) == 0");
return array($allowPermissions, $denyPermissions);
}
