protected static function fastContainsUserByGroupName($groupName, $userId) { // Optimizations work on the database, // anything not saved will not work. assert('$userId > 0'); // Not Coding Standard assert('is_string($groupName) && $groupName != ""'); // Not Coding Standard assert('is_int($userId) && $userId > 0'); // Not Coding Standard return intval(ZurmoDatabaseCompatibilityUtil::callFunction("named_group_contains_user('{$groupName}', {$userId})")) == 1; }
public function getActualPermissions($permitable = null) { assert('$permitable === null || $permitable instanceof Permitable'); if ($permitable === null) { $permitable = Yii::app()->user->userModel; if (!$permitable instanceof User) { throw new NoCurrentUserSecurityException(); } } if (!SECURITY_OPTIMIZED) { // The slow way will remain here as documentation // for what the optimized way is doing. $allowPermissions = Permission::NONE; $denyPermissions = Permission::NONE; if (Group::getByName(Group::SUPER_ADMINISTRATORS_GROUP_NAME)->contains($permitable)) { $allowPermissions = Permission::ALL; } else { foreach ($this->unrestrictedGet('permissions') as $permission) { $effectivePermissions = $permission->getEffectivePermissions($permitable); if ($permission->type == Permission::ALLOW) { $allowPermissions |= $effectivePermissions; } else { $denyPermissions |= $effectivePermissions; } } $allowPermissions |= $this->getPropagatedActualAllowPermissions($permitable); if (!$this instanceof NamedSecurableItem) { foreach (array(get_class($this), static::getModuleClassName()) as $securableItemName) { try { $securableType = NamedSecurableItem::getByName($securableItemName); $typeAllowPermissions = Permission::NONE; $typeDenyPermissions = Permission::NONE; foreach ($securableType->unrestrictedGet('permissions') as $permission) { $effectivePermissions = $permission->getEffectivePermissions($permitable); if ($permission->type == Permission::ALLOW) { $typeAllowPermissions |= $effectivePermissions; } else { $typeDenyPermissions |= $effectivePermissions; } // We shouldn't see something that isn't owned having CHANGE_OWNER. // assert('$typeAllowPermissions & Permission::CHANGE_OWNER == Permission::NONE'); } $allowPermissions |= $typeAllowPermissions; $denyPermissions |= $typeDenyPermissions; } catch (NotFoundException $e) { } } } } } else { try { $combinedPermissions = PermissionsCache::getCombinedPermissions($this, $permitable); } catch (NotFoundException $e) { $securableItemId = $this->getClassId('SecurableItem'); $permitableId = $permitable->getClassId('Permitable'); // Optimizations work on the database, // anything not saved will not work. assert('$permitableId > 0'); $className = get_class($this); $moduleName = static::getModuleClassName(); $cachingOn = DB_CACHING_ON ? 1 : 0; $combinedPermissions = intval(ZurmoDatabaseCompatibilityUtil::callFunction("get_securableitem_actual_permissions_for_permitable({$securableItemId}, {$permitableId}, '{$className}', '{$moduleName}', {$cachingOn})")); PermissionsCache::cacheCombinedPermissions($this, $permitable, $combinedPermissions); } $allowPermissions = $combinedPermissions >> 8 & Permission::ALL; $denyPermissions = $combinedPermissions & Permission::ALL; } assert("({$allowPermissions} & ~Permission::ALL) == 0"); assert("({$denyPermissions} & ~Permission::ALL) == 0"); return array($allowPermissions, $denyPermissions); }
public function getInheritedActualRight($moduleName, $rightName) { assert('is_string($moduleName)'); assert('is_string($rightName)'); assert('$moduleName != ""'); assert('$rightName != ""'); if ($this->isEveryone) { return Right::NONE; } if (!SECURITY_OPTIMIZED) { return parent::getInheritedActualRight($moduleName, $rightName); } else { // Optimizations work on the database, // anything not saved will not work. assert('$this->id > 0'); return intval(ZurmoDatabaseCompatibilityUtil::callFunction("get_group_inherited_actual_right({$this->id}, '{$moduleName}', '{$rightName}')")); } }
/** * @param string $moduleName * @param string $policyName * @return mixed|null|string */ public function getExplicitActualPolicy($moduleName, $policyName) { assert('is_string($moduleName)'); assert('is_string($policyName)'); assert('$moduleName != ""'); assert('$policyName != ""'); if (!SECURITY_OPTIMIZED) { // The slow way will remain here as documentation // for what the optimized way is doing. foreach ($this->policies as $policy) { if ($policy->moduleName == $moduleName && $policy->name == $policyName) { return $policy->value; } } return null; } else { $permitableId = $this->getClassId('Permitable'); try { // not using $default because computing default value would involve extra cpu cycles each time. return PoliciesCache::getEntry($permitableId . $moduleName . $policyName . 'ExplicitActualPolicy'); } catch (NotFoundException $e) { $explictActualPolicy = ZurmoDatabaseCompatibilityUtil::callFunction("get_permitable_explicit_actual_policy(\n {$permitableId}, '{$moduleName}', '{$policyName}')"); } PoliciesCache::cacheEntry($permitableId . $moduleName . $policyName . 'ExplicitActualPolicy', $explictActualPolicy); return $explictActualPolicy; } }