protected static function fastContainsUserByGroupName($groupName, $userId)
{
// Optimizations work on the database,
// anything not saved will not work.
assert('$userId > 0');
// Not Coding Standard
assert('is_string($groupName) && $groupName != ""');
// Not Coding Standard
assert('is_int($userId) && $userId > 0');
// Not Coding Standard
return intval(ZurmoDatabaseCompatibilityUtil::callFunction("named_group_contains_user('{$groupName}', {$userId})")) == 1;
}
public function getActualPermissions($permitable = null)
{
assert('$permitable === null || $permitable instanceof Permitable');
if ($permitable === null) {
$permitable = Yii::app()->user->userModel;
if (!$permitable instanceof User) {
throw new NoCurrentUserSecurityException();
}
}
if (!SECURITY_OPTIMIZED) {
// The slow way will remain here as documentation
// for what the optimized way is doing.
$allowPermissions = Permission::NONE;
$denyPermissions = Permission::NONE;
if (Group::getByName(Group::SUPER_ADMINISTRATORS_GROUP_NAME)->contains($permitable)) {
$allowPermissions = Permission::ALL;
} else {
foreach ($this->unrestrictedGet('permissions') as $permission) {
$effectivePermissions = $permission->getEffectivePermissions($permitable);
if ($permission->type == Permission::ALLOW) {
$allowPermissions |= $effectivePermissions;
} else {
$denyPermissions |= $effectivePermissions;
}
}
$allowPermissions |= $this->getPropagatedActualAllowPermissions($permitable);
if (!$this instanceof NamedSecurableItem) {
foreach (array(get_class($this), static::getModuleClassName()) as $securableItemName) {
try {
$securableType = NamedSecurableItem::getByName($securableItemName);
$typeAllowPermissions = Permission::NONE;
$typeDenyPermissions = Permission::NONE;
foreach ($securableType->unrestrictedGet('permissions') as $permission) {
$effectivePermissions = $permission->getEffectivePermissions($permitable);
if ($permission->type == Permission::ALLOW) {
$typeAllowPermissions |= $effectivePermissions;
} else {
$typeDenyPermissions |= $effectivePermissions;
}
// We shouldn't see something that isn't owned having CHANGE_OWNER.
// assert('$typeAllowPermissions & Permission::CHANGE_OWNER == Permission::NONE');
}
$allowPermissions |= $typeAllowPermissions;
$denyPermissions |= $typeDenyPermissions;
} catch (NotFoundException $e) {
}
}
}
}
} else {
try {
$combinedPermissions = PermissionsCache::getCombinedPermissions($this, $permitable);
} catch (NotFoundException $e) {
$securableItemId = $this->getClassId('SecurableItem');
$permitableId = $permitable->getClassId('Permitable');
// Optimizations work on the database,
// anything not saved will not work.
assert('$permitableId > 0');
$className = get_class($this);
$moduleName = static::getModuleClassName();
$cachingOn = DB_CACHING_ON ? 1 : 0;
$combinedPermissions = intval(ZurmoDatabaseCompatibilityUtil::callFunction("get_securableitem_actual_permissions_for_permitable({$securableItemId}, {$permitableId}, '{$className}', '{$moduleName}', {$cachingOn})"));
PermissionsCache::cacheCombinedPermissions($this, $permitable, $combinedPermissions);
}
$allowPermissions = $combinedPermissions >> 8 & Permission::ALL;
$denyPermissions = $combinedPermissions & Permission::ALL;
}
assert("({$allowPermissions} & ~Permission::ALL) == 0");
assert("({$denyPermissions} & ~Permission::ALL) == 0");
return array($allowPermissions, $denyPermissions);
}
public function getInheritedActualRight($moduleName, $rightName)
{
assert('is_string($moduleName)');
assert('is_string($rightName)');
assert('$moduleName != ""');
assert('$rightName != ""');
if ($this->isEveryone) {
return Right::NONE;
}
if (!SECURITY_OPTIMIZED) {
return parent::getInheritedActualRight($moduleName, $rightName);
} else {
// Optimizations work on the database,
// anything not saved will not work.
assert('$this->id > 0');
return intval(ZurmoDatabaseCompatibilityUtil::callFunction("get_group_inherited_actual_right({$this->id}, '{$moduleName}', '{$rightName}')"));
}
}
/**
* @param string $moduleName
* @param string $policyName
* @return mixed|null|string
*/
public function getExplicitActualPolicy($moduleName, $policyName)
{
assert('is_string($moduleName)');
assert('is_string($policyName)');
assert('$moduleName != ""');
assert('$policyName != ""');
if (!SECURITY_OPTIMIZED) {
// The slow way will remain here as documentation
// for what the optimized way is doing.
foreach ($this->policies as $policy) {
if ($policy->moduleName == $moduleName && $policy->name == $policyName) {
return $policy->value;
}
}
return null;
} else {
$permitableId = $this->getClassId('Permitable');
try {
// not using $default because computing default value would involve extra cpu cycles each time.
return PoliciesCache::getEntry($permitableId . $moduleName . $policyName . 'ExplicitActualPolicy');
} catch (NotFoundException $e) {
$explictActualPolicy = ZurmoDatabaseCompatibilityUtil::callFunction("get_permitable_explicit_actual_policy(\n {$permitableId}, '{$moduleName}', '{$policyName}')");
}
PoliciesCache::cacheEntry($permitableId . $moduleName . $policyName . 'ExplicitActualPolicy', $explictActualPolicy);
return $explictActualPolicy;
}
}
