public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures();
SecurityTestHelper::createSuperAdmin();
SecurityTestHelper::createUsers();
SecurityTestHelper::createGroups();
SecurityTestHelper::createRoles();
RedBeanModel::forgetAll();
//do the rebuild to ensure the tables get created properly.
ReadPermissionsOptimizationUtil::rebuild();
//Manually build the test model munge tables.
ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName('OwnedSecurableTestItem'));
ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName('OwnedSecurableTestItem2'));
$benny = User::getByUsername('benny');
$model = new OwnedSecurableTestItem();
$model->member = 'test';
assert($model->save());
// Not Coding Standard
$model = new OwnedSecurableTestItem();
$model->member = 'test2';
assert($model->save());
// Not Coding Standard
$model = new OwnedSecurableTestItem();
$model->member = 'test3';
$model->owner = $benny;
assert($model->save());
// Not Coding Standard
assert(OwnedSecurableTestItem::getCount() == 3);
// Not Coding Standard
$model = new OwnedSecurableTestItem2();
$model->member = 'test5';
assert($model->save());
// Not Coding Standard
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures();
SecurityTestHelper::createSuperAdmin();
//do the rebuild to ensure the tables get created properly.
AllPermissionsOptimizationUtil::rebuild();
//Manually build the test model munge tables.
ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName('OwnedSecurableTestItem'));
}
protected function addReadOptimizationWhereClause(&$where, $whereKey, $tableAliasName)
{
assert('is_array($where)');
assert('is_int($whereKey)');
assert('is_string($tableAliasName)');
$q = DatabaseCompatibilityUtil::getQuote();
$columnWithTableAlias = self::makeColumnNameWithTableAlias($tableAliasName, $this->modelAttributeToDataProviderAdapter->getColumnName());
$mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($this->modelAttributeToDataProviderAdapter->getModelClassName());
$mungeIds = ReadPermissionsOptimizationUtil::getMungeIdsByUser(Yii::app()->user->userModel);
$whereContent = $columnWithTableAlias . " " . SQLOperatorUtil::getOperatorByType('equals') . " ";
$whereContent .= "(select securableitem_id from {$q}{$mungeTableName}{$q} " . "where {$q}securableitem_id{$q} = {$columnWithTableAlias} and {$q}munge_id{$q}" . " in ('" . join("', '", $mungeIds) . "') limit 1)";
$where[$whereKey] = $whereContent;
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
SecurityTestHelper::createSuperAdmin();
$jim = UserTestHelper::createBasicUser('jim');
$values = array('Multi 1', 'Multi 2', 'Multi 3');
$customFieldData = CustomFieldData::getByName('ImportTestMultiDropDown');
$customFieldData->serializedData = serialize($values);
$saved = $customFieldData->save();
assert($saved);
// Not Coding Standard
$values = array('Cloud 1', 'Cloud 2', 'Cloud 3');
$customFieldData = CustomFieldData::getByName('ImportTestTagCloud');
$customFieldData->serializedData = serialize($values);
$saved = $customFieldData->save();
assert($saved);
// Not Coding Standard
ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName('ImportModelTestItem'));
}
/**
* @param $requiredPermissions
* @param OwnedSecurableItem $ownedSecurableItem
* @param User $user
* @return bool
* @throws NotSupportedException
* @throws AccessDeniedSecurityException
*/
protected static function checkPermissionsHasRead($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user)
{
$modelClassName = get_class($ownedSecurableItem);
$moduleClassName = $modelClassName::getModuleClassName();
$permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName, $user);
if ($permission == Permission::NONE) {
$mungeIds = static::getMungeIdsByUser($user);
if (count($mungeIds) > 0 && $permission == Permission::NONE) {
$quote = DatabaseCompatibilityUtil::getQuote();
$mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName);
$sql = "select id from " . $mungeTableName . " where {$quote}securableitem_id{$quote} = " . $ownedSecurableItem->getClassId('SecurableItem') . " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "') limit 1";
$id = ZurmoRedBean::getCol($sql);
if (!empty($id)) {
return true;
} else {
throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::NONE);
}
} else {
throw new NotSupportedException();
}
} elseif ($permission == Permission::DENY) {
throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::DENY);
} else {
return true;
}
}
protected static function buildReadPermissionsOptimizationTableForTestModels()
{
foreach (static::$dependentTestModelClassNames as $modelClassName) {
if (is_subclass_of($modelClassName, 'SecurableItem') && $modelClassName::hasReadPermissionsOptimization()) {
ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName));
}
}
}
/**
* @param User $user
* @param RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter
* @param $where
* @param $selectDistinct
* @throws NotSupportedException
*/
public static function resolveReadPermissionsOptimizationToSqlQuery(User $user, RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter, &$where, &$selectDistinct)
{
assert('$where == null || is_string($where)');
assert('is_bool($selectDistinct)');
$modelClassName = get_called_class();
$moduleClassName = $modelClassName::getModuleClassName();
//Currently only adds munge if the module is securable and this model supports it.
if (static::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule')) {
$permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName);
if (($permission == Permission::NONE || $permission == Permission::DENY) && !static::bypassReadPermissionsOptimizationToSqlQueryBasedOnWhere($where)) {
$quote = DatabaseCompatibilityUtil::getQuote();
$modelAttributeToDataProviderAdapter = new OwnedSecurableItemIdToDataProviderAdapter($modelClassName, null);
$builder = new ModelJoinBuilder($modelAttributeToDataProviderAdapter, $joinTablesAdapter);
$ownedTableAliasName = $builder->resolveJoins();
$ownerColumnName = static::getForeignKeyName('OwnedSecurableItem', 'owner');
$mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser($user);
if ($where != null) {
$where = '(' . $where . ') and ';
}
if (count($mungeIds) > 0 && $permission == Permission::NONE) {
$extraOnQueryPart = " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "')";
$mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName);
$mungeTableAliasName = $joinTablesAdapter->addLeftTableAndGetAliasName($mungeTableName, 'securableitem_id', $ownedTableAliasName, 'securableitem_id', $extraOnQueryPart);
$where .= "({$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id} OR ";
// Not Coding Standard
$where .= "{$quote}{$mungeTableName}{$quote}.{$quote}munge_id{$quote} IS NOT NULL)";
// Not Coding Standard
$selectDistinct = true;
//must use distinct since adding munge table query.
} elseif ($permission == Permission::DENY) {
$where .= "{$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id}";
// Not Coding Standard
} else {
throw new NotSupportedException();
}
}
}
}
