/** * @return array of all module rights data */ public static function getAllModuleRightsDataByPermitable(Permitable $permitable) { $data = array(); $modules = Module::getModuleObjects(); foreach ($modules as $module) { if ($module instanceof SecurableModule) { $moduleClassName = get_class($module); $rights = $moduleClassName::getRightsNames(); $rightLabels = $moduleClassName::getTranslatedRightsLabels(); $reflectionClass = new ReflectionClass($moduleClassName); if (!empty($rights)) { $rightsData = array(); foreach ($rights as $right) { if (!isset($rightLabels[$right])) { throw new NotSupportedException($right); } $explicit = $permitable->getExplicitActualRight($moduleClassName, $right); $inherited = $permitable->getInheritedActualRight($moduleClassName, $right); $effective = $permitable->getEffectiveRight($moduleClassName, $right); $constants = $reflectionClass->getConstants(); $constantId = array_search($right, $constants); $rightsData[$constantId] = array('displayName' => $rightLabels[$right], 'explicit' => RightsUtil::getRightStringFromRight($explicit), 'inherited' => RightsUtil::getRightStringFromRight($inherited), 'effective' => RightsUtil::getRightStringFromRight($effective)); } $data[$moduleClassName] = ArrayUtil::subValueSort($rightsData, 'displayName', 'asort'); } } } return $data; }
/** * @return array of all policies data */ public static function getAllModulePoliciesDataByPermitable(Permitable $permitable) { $data = array(); $modules = Module::getModuleObjects(); foreach ($modules as $module) { if ($module instanceof SecurableModule) { $moduleClassName = get_class($module); $policies = $moduleClassName::getPolicyNames(); $policyLabels = $moduleClassName::getTranslatedPolicyLabels(); $reflectionClass = new ReflectionClass($moduleClassName); $constants = $reflectionClass->getConstants(); if (!empty($policies)) { foreach ($policies as $policy) { if (!isset($policyLabels[$policy])) { throw new NotSupportedException(); } $explicit = $permitable->getExplicitActualPolicy($moduleClassName, $policy); $inherited = $permitable->getInheritedActualPolicy($moduleClassName, $policy); $effective = $permitable->getEffectivePolicy($moduleClassName, $policy); $constantId = array_search($policy, $constants); $data[$moduleClassName][$constantId] = array('displayName' => $policyLabels[$policy], 'explicit' => $explicit, 'inherited' => $inherited, 'effective' => $effective); } } } } return $data; }
public static function cacheCombinedPermissions(SecurableItem $securableItem, Permitable $permitable, $combinedPermissions) { assert('is_int($combinedPermissions) || ' . 'is_numeric($combinedPermissions[0]) && is_string($combinedPermissions[0])'); if ($securableItem->getClassId('SecurableItem') == 0 || $permitable->getClassId('Permitable') == 0) { return; } $securableItemModelIdentifer = $securableItem->getModelIdentifier(); $permitableModelIdentifier = $permitable->getModelIdentifier(); if (PHP_CACHING_ON) { self::$securableItemToPermitableToCombinedPermissions[$securableItemModelIdentifer][$permitableModelIdentifier] = $combinedPermissions; } if (MEMCACHE_ON && Yii::app()->cache !== null) { $prefix = self::getCachePrefix($securableItemModelIdentifer, self::$cacheType); $permitablesCombinedPermissions = Yii::app()->cache->get($prefix . $securableItemModelIdentifer); if ($permitablesCombinedPermissions === false) { $permitablesCombinedPermissions = array($permitableModelIdentifier => $combinedPermissions); Yii::app()->cache->set($prefix . $securableItemModelIdentifer, serialize($permitablesCombinedPermissions)); } else { $permitablesCombinedPermissions = unserialize($permitablesCombinedPermissions); assert('is_array($permitablesCombinedPermissions)'); $permitablesCombinedPermissions[$permitableModelIdentifier] = $combinedPermissions; Yii::app()->cache->set($prefix . $securableItemModelIdentifer, serialize($permitablesCombinedPermissions)); } } // NOTE: the db level caches the permissions when it calculates // them so php does not need to explicitly cache them here. }
/** * @param SecurableItem $securableItem * @param Permitable $permitable * @param boolean $hasReadPermission */ public static function cacheHasReadPermissionOnSecurableItem(SecurableItem $securableItem, Permitable $permitable, $hasReadPermission) { assert('is_bool($hasReadPermission)'); if ($securableItem->getClassId('SecurableItem') == 0 || $permitable->getClassId('Permitable') == 0) { return; } $securableItemModelIdentifer = $securableItem->getClassId('SecurableItem'); $permitableModelIdentifier = $permitable->getClassId('Permitable'); if (static::supportsAndAllowsPhpCaching()) { static::$securableItemToPermitableToReadPermissions[$securableItemModelIdentifer][$permitableModelIdentifier] = $hasReadPermission; } if (static::supportsAndAllowsMemcache()) { $prefix = static::getCachePrefix($securableItemModelIdentifer) . self::READ; $permitablesHasReadPermission = static::getCachedValueAndValidateChecksum($prefix . $securableItemModelIdentifer); if ($permitablesHasReadPermission === false) { $permitablesHasReadPermission = array($permitableModelIdentifier => $hasReadPermission); static::cacheValueAndChecksum($prefix . $securableItemModelIdentifer, $permitablesHasReadPermission); } else { assert('is_array($permitablesHasReadPermission)'); $permitablesHasReadPermission[$permitableModelIdentifier] = $hasReadPermission; static::cacheValueAndChecksum($prefix . $securableItemModelIdentifer, $permitablesHasReadPermission); } } }
protected function beforeDelete() { if (!parent::beforeDelete()) { return false; } ReadPermissionsOptimizationUtil::groupBeingDeleted($this); return true; }
public static function removeAllForPermitable(Permitable $permitable) { ZurmoRedBean::exec("delete from policy where permitable_id = :id;", array('id' => $permitable->getClassId('Permitable'))); }
public static function removeAllForPermitable(Permitable $permitable) { R::exec("delete from _right where permitable_id = :id;", array('id' => $permitable->getClassId('Permitable'))); }
/** * Handle the search scenario for isActive, isRootUser and isSystemUser attributes. */ public function isAllowedToSetReadOnlyAttribute($attributeName) { if ($this->getScenario() == 'importModel' || $this->getScenario() == 'searchModel') { if (in_array($attributeName, array('isActive', 'isRootUser', 'isSystemUser'))) { return true; } else { return parent::isAllowedToSetReadOnlyAttribute($attributeName); } } }
/** * Used to cache all rights for a permitable. This can be done by an administrator to cache all user rights * Then when users login, their rights are cached for improved performance * @see DevelopmentController function actionRebuildSecurityCache * @param Permitable $permitable * @throws NotSupportedException */ public static function cacheAllRightsByPermitable(Permitable $permitable) { $modules = Module::getModuleObjects(); foreach ($modules as $module) { if ($module instanceof SecurableModule) { $moduleClassName = get_class($module); $rights = $moduleClassName::getRightsNames(); $rightLabels = $moduleClassName::getTranslatedRightsLabels(); if (!empty($rights)) { foreach ($rights as $right) { if (!isset($rightLabels[$right])) { throw new NotSupportedException($right); } $permitable->getActualRight($moduleClassName, $right); } } } } }
public static function removeForPermitable(Permitable $permitable) { PermissionsCache::forgetAll(); R::exec("delete from permission where permitable_id = :id;", array('id' => $permitable->getClassId('Permitable'))); }
/** * @param Permitable $permitable * @param array $data */ public static function cacheAllModulePermissionsDataByPermitables($permitable, array $data) { assert('$permitable instanceof Permitable'); if ($permitable->getClassId('Permitable') == 0) { return; } $permitableModelIdentifier = $permitable->getModelIdentifier(); if (static::supportsAndAllowsMemcache()) { $prefix = static::getCachePrefix($permitableModelIdentifier) . static::$modulePermissionsDataCachePrefix; Yii::app()->cache->set($prefix . $permitableModelIdentifier, serialize($data)); } }
/** * Overriding so when sorting by lastName it sorts bye firstName lastName */ public static function getSortAttributesByAttribute($attribute) { if ($attribute == 'firstName') { return array('firstName', 'lastName'); } return parent::getSortAttributesByAttribute($attribute); }
/** * @param Permitable $permitable * @param array $data */ public static function cacheAllModulePermissionsDataByPermitables($permitable, array $data) { assert('$permitable instanceof Permitable'); if ($permitable->getClassId('Permitable') == 0) { return; } $permitableModelIdentifier = $permitable->getModelIdentifier(); if (static::supportsAndAllowsMemcache()) { $prefix = static::getCachePrefix($permitableModelIdentifier) . static::$modulePermissionsDataCachePrefix; static::cacheValueAndChecksum($prefix . $permitableModelIdentifier, $data); } }
/** * Returns the related id from permitable models. This is unique for every Permitable child. * Public for tests * @param Permitable $permitable * @return int */ public function resolvePermitableKey(Permitable $permitable) { return $permitable->getClassId('Permitable'); }