public static function setUpBeforeClass() { parent::setUpBeforeClass(); ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures(); SecurityTestHelper::createSuperAdmin(); SecurityTestHelper::createUsers(); SecurityTestHelper::createGroups(); SecurityTestHelper::createRoles(); RedBeanModel::forgetAll(); //do the rebuild to ensure the tables get created properly. ReadPermissionsOptimizationUtil::rebuild(); //Manually build the test model munge tables. ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName('OwnedSecurableTestItem')); ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName('OwnedSecurableTestItem2')); $benny = User::getByUsername('benny'); $model = new OwnedSecurableTestItem(); $model->member = 'test'; assert($model->save()); // Not Coding Standard $model = new OwnedSecurableTestItem(); $model->member = 'test2'; assert($model->save()); // Not Coding Standard $model = new OwnedSecurableTestItem(); $model->member = 'test3'; $model->owner = $benny; assert($model->save()); // Not Coding Standard assert(OwnedSecurableTestItem::getCount() == 3); // Not Coding Standard $model = new OwnedSecurableTestItem2(); $model->member = 'test5'; assert($model->save()); // Not Coding Standard }
public static function setUpBeforeClass() { parent::setUpBeforeClass(); ZurmoDatabaseCompatibilityUtil::dropStoredFunctionsAndProcedures(); SecurityTestHelper::createSuperAdmin(); //do the rebuild to ensure the tables get created properly. AllPermissionsOptimizationUtil::rebuild(); //Manually build the test model munge tables. ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName('OwnedSecurableTestItem')); }
protected function addReadOptimizationWhereClause(&$where, $whereKey, $tableAliasName) { assert('is_array($where)'); assert('is_int($whereKey)'); assert('is_string($tableAliasName)'); $q = DatabaseCompatibilityUtil::getQuote(); $columnWithTableAlias = self::makeColumnNameWithTableAlias($tableAliasName, $this->modelAttributeToDataProviderAdapter->getColumnName()); $mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($this->modelAttributeToDataProviderAdapter->getModelClassName()); $mungeIds = ReadPermissionsOptimizationUtil::getMungeIdsByUser(Yii::app()->user->userModel); $whereContent = $columnWithTableAlias . " " . SQLOperatorUtil::getOperatorByType('equals') . " "; $whereContent .= "(select securableitem_id from {$q}{$mungeTableName}{$q} " . "where {$q}securableitem_id{$q} = {$columnWithTableAlias} and {$q}munge_id{$q}" . " in ('" . join("', '", $mungeIds) . "') limit 1)"; $where[$whereKey] = $whereContent; }
public static function setUpBeforeClass() { parent::setUpBeforeClass(); SecurityTestHelper::createSuperAdmin(); $jim = UserTestHelper::createBasicUser('jim'); $values = array('Multi 1', 'Multi 2', 'Multi 3'); $customFieldData = CustomFieldData::getByName('ImportTestMultiDropDown'); $customFieldData->serializedData = serialize($values); $saved = $customFieldData->save(); assert($saved); // Not Coding Standard $values = array('Cloud 1', 'Cloud 2', 'Cloud 3'); $customFieldData = CustomFieldData::getByName('ImportTestTagCloud'); $customFieldData->serializedData = serialize($values); $saved = $customFieldData->save(); assert($saved); // Not Coding Standard ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName('ImportModelTestItem')); }
/** * @param $requiredPermissions * @param OwnedSecurableItem $ownedSecurableItem * @param User $user * @return bool * @throws NotSupportedException * @throws AccessDeniedSecurityException */ protected static function checkPermissionsHasRead($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user) { $modelClassName = get_class($ownedSecurableItem); $moduleClassName = $modelClassName::getModuleClassName(); $permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName, $user); if ($permission == Permission::NONE) { $mungeIds = static::getMungeIdsByUser($user); if (count($mungeIds) > 0 && $permission == Permission::NONE) { $quote = DatabaseCompatibilityUtil::getQuote(); $mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName); $sql = "select id from " . $mungeTableName . " where {$quote}securableitem_id{$quote} = " . $ownedSecurableItem->getClassId('SecurableItem') . " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "') limit 1"; $id = ZurmoRedBean::getCol($sql); if (!empty($id)) { return true; } else { throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::NONE); } } else { throw new NotSupportedException(); } } elseif ($permission == Permission::DENY) { throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::DENY); } else { return true; } }
protected static function buildReadPermissionsOptimizationTableForTestModels() { foreach (static::$dependentTestModelClassNames as $modelClassName) { if (is_subclass_of($modelClassName, 'SecurableItem') && $modelClassName::hasReadPermissionsOptimization()) { ReadPermissionsOptimizationUtil::recreateTable(ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName)); } } }
/** * @param User $user * @param RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter * @param $where * @param $selectDistinct * @throws NotSupportedException */ public static function resolveReadPermissionsOptimizationToSqlQuery(User $user, RedBeanModelJoinTablesQueryAdapter $joinTablesAdapter, &$where, &$selectDistinct) { assert('$where == null || is_string($where)'); assert('is_bool($selectDistinct)'); $modelClassName = get_called_class(); $moduleClassName = $modelClassName::getModuleClassName(); //Currently only adds munge if the module is securable and this model supports it. if (static::hasReadPermissionsOptimization() && $moduleClassName != null && is_subclass_of($moduleClassName, 'SecurableModule')) { $permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName); if (($permission == Permission::NONE || $permission == Permission::DENY) && !static::bypassReadPermissionsOptimizationToSqlQueryBasedOnWhere($where)) { $quote = DatabaseCompatibilityUtil::getQuote(); $modelAttributeToDataProviderAdapter = new OwnedSecurableItemIdToDataProviderAdapter($modelClassName, null); $builder = new ModelJoinBuilder($modelAttributeToDataProviderAdapter, $joinTablesAdapter); $ownedTableAliasName = $builder->resolveJoins(); $ownerColumnName = static::getForeignKeyName('OwnedSecurableItem', 'owner'); $mungeIds = AllPermissionsOptimizationUtil::getMungeIdsByUser($user); if ($where != null) { $where = '(' . $where . ') and '; } if (count($mungeIds) > 0 && $permission == Permission::NONE) { $extraOnQueryPart = " and {$quote}munge_id{$quote} in ('" . join("', '", $mungeIds) . "')"; $mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName); $mungeTableAliasName = $joinTablesAdapter->addLeftTableAndGetAliasName($mungeTableName, 'securableitem_id', $ownedTableAliasName, 'securableitem_id', $extraOnQueryPart); $where .= "({$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id} OR "; // Not Coding Standard $where .= "{$quote}{$mungeTableName}{$quote}.{$quote}munge_id{$quote} IS NOT NULL)"; // Not Coding Standard $selectDistinct = true; //must use distinct since adding munge table query. } elseif ($permission == Permission::DENY) { $where .= "{$quote}{$ownedTableAliasName}{$quote}.{$quote}{$ownerColumnName}{$quote} = {$user->id}"; // Not Coding Standard } else { throw new NotSupportedException(); } } } }