예제 #1
0
 public function actionEditModulePermissions($id)
 {
     $group = Group::getById(intval($id));
     $title = Zurmo::t('ZurmoModule', 'Record Permissions');
     $breadCrumbLinks = array(strval($group) => array('group/' . static::resolveBreadCrumbActionByGroup($group), 'id' => $id), $title);
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $permissionsForm = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
     $postVariableName = get_class($permissionsForm);
     if (isset($_POST[$postVariableName])) {
         $this->clearCaches();
         $castedPostData = ModulePermissionsFormUtil::typeCastPostData($_POST[$postVariableName]);
         $readyToSetPostData = ModulePermissionsEditViewUtil::resolveWritePermissionsFromArray($castedPostData);
         if (ModulePermissionsFormUtil::setPermissionsFromCastedPost($readyToSetPostData, $group)) {
             Yii::app()->user->setFlash('notification', Zurmo::t('ZurmoModule', 'Record Permissions Saved Successfully.'));
             $action = $this->resolveActionToGoToAfterSave($group);
             $this->redirect(array($this->getId() . '/' . $action, 'id' => $group->id));
             Yii::app()->end(0, false);
         }
     }
     $permissionsData = GroupModulePermissionsDataToEditViewAdapater::resolveData($data);
     $metadata = ModulePermissionsEditViewUtil::resolveMetadataFromData($permissionsData, ModulePermissionsEditAndDetailsView::getMetadata());
     $titleBarAndEditView = new GroupActionBarAndSecurityEditView($this->getId(), $this->getModule()->getId(), $permissionsForm, $group, $this->getModule()->getPluralCamelCasedName(), $metadata, 'ModulePermissionsEditAndDetailsView', 'GroupModulePermissionsEditMenu');
     $view = new GroupsPageView(ZurmoDefaultAdminViewUtil::makeViewWithBreadcrumbsForCurrentUser($this, $titleBarAndEditView, $breadCrumbLinks, 'GroupBreadCrumbView'));
     echo $view->render();
 }
 /**
  * Should not throw an exception AccessDeniedSecurityException
  */
 public function testARegularUserWhoCanAccessGroupsCanProperlyModifyModulePermission()
 {
     $nobody = UserTestHelper::createBasicUser('nobody');
     $nobody->setRight('GroupsModule', GroupsModule::RIGHT_ACCESS_GROUPS);
     $nobody->setRight('GroupsModule', GroupsModule::RIGHT_CREATE_GROUPS);
     $nobody->setRight('GroupsModule', GroupsModule::RIGHT_DELETE_GROUPS);
     $this->assertTrue($nobody->save());
     Yii::app()->user->userModel = $nobody;
     $group = new Group();
     $group->name = 'newGroup2';
     $saved = $group->save();
     $this->assertTrue($saved);
     $group->forget();
     $newItem = NamedSecurableItem::getByName('SomeModule');
     $this->assertEquals(array(Permission::NONE, Permission::NONE), $newItem->getExplicitActualPermissions($group));
     $newItem->forget();
     $fakePost = array('SomeModule__' . Permission::CHANGE_PERMISSIONS => strval(Permission::ALLOW), 'SomeModule__' . Permission::CHANGE_OWNER => strval(Permission::ALLOW));
     $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
     $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
     $this->assertTrue($saved);
     //Success, an exception was not thrown. AccessDeniedSecurityException
 }
 public function testSetModulePermissionsFormFromExplicitDenyDirectlyToExplicitAllowFromPost()
 {
     $group = Group::getByName('modulePermissionsGroup');
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
     $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
     $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
     //Now set the read permission to deny
     $fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::DENY));
     $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
     $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
     $this->assertTrue($saved);
     //Now the read should explicitly be deny
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
     $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::DENY, 'inherited' => null, 'actual' => Permission::DENY), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
     $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
     //Now set the read to explicit All, which skips removing the permission (prior to fixing the bug here:
     //https://www.pivotaltracker.com/story/show/54420494
     $fakePost = array('AccountsModule__' . Permission::READ => strval(Permission::ALLOW));
     $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
     $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
     $this->assertTrue($saved);
     //Now the read should explicitly be deny
     $data = PermissionsUtil::getAllModulePermissionsDataByPermitable($group);
     $form = ModulePermissionsFormUtil::makeFormFromPermissionsData($data);
     $compareData = array('AccountsModule' => array(Permission::CHANGE_OWNER => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::CHANGE_PERMISSIONS => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::DELETE => array('explicit' => null, 'inherited' => null, 'actual' => null), Permission::READ => array('explicit' => Permission::ALLOW, 'inherited' => null, 'actual' => Permission::ALLOW), Permission::WRITE => array('explicit' => null, 'inherited' => null, 'actual' => null)));
     $this->assertEquals($compareData['AccountsModule'], $form->data['AccountsModule']);
 }
 public function testGroupChangeOrDeleteScenario5()
 {
     $super = User::getByUsername('super');
     Yii::app()->user->userModel = $super;
     $job = new ReadPermissionSubscriptionUpdateForAccountJob();
     $jobBasedOnBuildTable = new ReadPermissionSubscriptionUpdateForAccountFromBuildTableJob();
     $johnny = self::$johnny;
     $this->deleteAllModelsAndRecordsFromReadPermissionTable('Account');
     $account = AccountTestHelper::createAccountByNameForOwner('Fifth Account', $super);
     Yii::app()->jobQueue->deleteAll();
     sleep(1);
     $group = new Group();
     $group->name = 'Group5';
     $this->assertTrue($group->save());
     $group->users->add($johnny);
     $this->assertTrue($group->save());
     Yii::app()->jobQueue->deleteAll();
     $fakePost = array('AccountsModule__' . Permission::CHANGE_PERMISSIONS => strval(Permission::ALLOW));
     $validatedPost = ModulePermissionsFormUtil::typeCastPostData($fakePost);
     $saved = ModulePermissionsFormUtil::setPermissionsFromCastedPost($validatedPost, $group);
     $this->assertTrue($saved);
     $queuedJobs = Yii::app()->jobQueue->getAll();
     $this->assertEquals(1, count($queuedJobs[5]));
     $this->assertEquals('ReadPermissionSubscriptionUpdateForAccount', $queuedJobs[5][0]['jobType']);
     Yii::app()->jobQueue->deleteAll();
     $this->assertTrue($job->run());
 }