public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("User")'); $missions = array(); foreach (self::getMissionData() as $randomMissionData) { $postData = array(); $mission = new Mission(); $mission->setScenario('importModel'); $mission->status = Mission::STATUS_AVAILABLE; $mission->owner = $demoDataHelper->getRandomByModelName('User'); $mission->createdByUser = $mission->owner; $mission->description = $randomMissionData['description']; $mission->reward = $randomMissionData['reward']; //Add some comments foreach ($randomMissionData['comments'] as $commentDescription) { $comment = new Comment(); $comment->setScenario('importModel'); $comment->createdByUser = $demoDataHelper->getRandomByModelName('User'); $comment->description = $commentDescription; $mission->comments->add($comment); } $mission->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE); $saved = $mission->save(); assert('$saved'); $mission = Mission::getById($mission->id); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($mission, Group::getByName(Group::EVERYONE_GROUP_NAME)); $mission->save(); $missions[] = $mission->id; } $demoDataHelper->setRangeByModelName('Mission', $missions[0], $missions[count($missions) - 1]); }
protected function makeBuilderPredefinedEmailTemplate($name, $unserializedData, $subject = null, $modelClassName = null, $language = null, $type = null, $isDraft = 0, $textContent = null, $htmlContent = null) { $emailTemplate = new EmailTemplate(); $emailTemplate->type = $type; //EmailTemplate::TYPE_WORKFLOW; $emailTemplate->builtType = EmailTemplate::BUILT_TYPE_BUILDER_TEMPLATE; $emailTemplate->isDraft = $isDraft; $emailTemplate->modelClassName = $modelClassName; $emailTemplate->name = $name; if (empty($subject)) { $subject = $name; } $emailTemplate->subject = $subject; if (!isset($language)) { $language = Yii::app()->languageHelper->getForCurrentUser(); } $emailTemplate->language = $language; $emailTemplate->htmlContent = $htmlContent; $emailTemplate->textContent = $textContent; $emailTemplate->serializedData = CJSON::encode($unserializedData); $emailTemplate->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $emailTemplate->save(false); if (!$saved) { throw new FailedToSaveModelException(); } $emailTemplate = EmailTemplate::getById($emailTemplate->id); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($emailTemplate, Group::getByName(Group::EVERYONE_GROUP_NAME)); $saved = $emailTemplate->save(false); assert('$saved'); }
/** * @param DemoDataHelper $demoDataHelper */ public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("User")'); $marketingLists = array(); for ($this->index = 0; $this->index < 5; $this->index++) { $marketingList = new MarketingList(); $marketingList->owner = $demoDataHelper->getRandomByModelName('User'); $this->populateModel($marketingList); $marketingList->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $marketingList->save(); assert('$saved'); $marketingList = MarketingList::getById($marketingList->id); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($marketingList, Group::getByName(Group::EVERYONE_GROUP_NAME)); $marketingList->save(); $marketingLists[] = $marketingList->id; } $demoDataHelper->setRangeByModelName('MarketingList', $marketingLists[0], $marketingLists[count($marketingLists) - 1]); }
public static function setUpBeforeClass() { parent::setUpBeforeClass(); SecurityTestHelper::createSuperAdmin(); ReadPermissionsOptimizationUtil::rebuild(); $everyoneGroup = Group::getByName(Group::EVERYONE_GROUP_NAME); $everyoneGroup->save(); $super = User::getByUsername('super'); $steven = UserTestHelper::createBasicUser('steven'); $mission = new Mission(); $mission->owner = $super; $mission->takenByUser = $steven; $mission->description = 'My test description'; $mission->reward = 'My test reward'; $mission->status = Mission::STATUS_AVAILABLE; $mission->addPermissions($everyoneGroup, Permission::READ_WRITE); assert($mission->save()); // Not Coding Standard ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($mission, $everyoneGroup); }
public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("MarketingList")'); $campaigns = array(); for ($this->index = 0; $this->index < 10; $this->index++) { $campaign = new Campaign(); $this->populateModel($campaign); $campaign->marketingList = $demoDataHelper->getRandomByModelName('MarketingList'); $campaign->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $campaign->save(); if (!$saved) { throw new FailedToSaveModelException(); } $campaign = Campaign::getById($campaign->id); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($campaign, Group::getByName(Group::EVERYONE_GROUP_NAME)); $campaign->save(); $campaigns[] = $campaign->id; } $demoDataHelper->setRangeByModelName('Campaign', $campaigns[0], $campaigns[count($campaigns) - 1]); }
/** * @param DemoDataHelper $demoDataHelper */ public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("User")'); $emailTemplates = array(); $types = array_keys(EmailTemplate::getTypeDropDownArray()); for ($this->index = 0; $this->index < 7; $this->index++) { $emailTemplate = new EmailTemplate(); $emailTemplate->type = $types[$this->index % 2]; $emailTemplate->owner = $demoDataHelper->getRandomByModelName('User'); $this->populateModel($emailTemplate); $emailTemplate->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $emailTemplate->save(); assert('$saved'); $emailTemplate = EmailTemplate::getById($emailTemplate->id); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($emailTemplate, Group::getByName(Group::EVERYONE_GROUP_NAME)); $emailTemplate->save(); $emailTemplates[] = $emailTemplate->id; } $demoDataHelper->setRangeByModelName('EmailTemplate', $emailTemplates[0], $emailTemplates[count($emailTemplates) - 1]); }
/** * @param DemoDataHelper $demoDataHelper */ public function makeAll(&$demoDataHelper) { assert('$demoDataHelper instanceof DemoDataHelper'); assert('$demoDataHelper->isSetRange("User")'); $contactStates = ContactState::getAll(); $statesBeginningWithStartingState = ContactsDemoDataMaker::getStatesBeforeOrStartingWithStartingState($contactStates); $contactWebForms = array(); for ($this->index = 0; $this->index < 5; $this->index++) { $contactWebForm = new ContactWebForm(); $contactWebForm->owner = $demoDataHelper->getRandomByModelName('User'); $contactWebForm->defaultOwner = $contactWebForm->owner; $contactWebForm->defaultState = RandomDataUtil::getRandomValueFromArray($statesBeginningWithStartingState); $this->populateModel($contactWebForm); $contactWebForm->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $contactWebForm->save(); assert('$saved'); $contactWebForm = ContactWebForm::getById($contactWebForm->id); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($contactWebForm, Group::getByName(Group::EVERYONE_GROUP_NAME)); $contactWebForm->save(); $contactWebForms[] = $contactWebForm->id; } $demoDataHelper->setRangeByModelName('ContactWebForm', $contactWebForms[0], $contactWebForms[count($contactWebForms) - 1]); }
/** * @param SecurableItem $securableItem * @param Group $group */ public static function securableItemGivenReadPermissionsForGroup(SecurableItem $securableItem, Group $group) { ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $group); AllPermissionsOptimizationCache::forgetSecurableItemForRead($securableItem); }
/** * Given a SecurableItem, add and remove permissions * based on what the provided ExplicitReadWriteModelPermissions indicates should be done. * Sets @see SecurableItem->setTreatCurrentUserAsOwnerForPermissions as true in order to ensure the current user * can effectively add permissions even if the current user is no longer the owner. * @param SecurableItem $securableItem * @param ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions * @return boolean * @throws NotSupportedException() */ public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions) { assert('$securableItem->id > 0'); $securableItem->setTreatCurrentUserAsOwnerForPermissions(true); $saveSecurableItem = false; if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable) { $securableItem->addPermissions($permitable, Permission::READ); if ($permitable instanceof Group) { ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable); } elseif ($permitable instanceof User) { ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable); } else { throw new NotSupportedException(); } } } if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable) { $securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); if ($permitable instanceof Group) { ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($securableItem, $permitable); } elseif ($permitable instanceof User) { ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForUser($securableItem, $permitable); } else { throw new NotSupportedException(); } } } if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable) { $securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW); if ($permitable instanceof Group) { ReadPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable); } elseif ($permitable instanceof User) { ReadPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable); } else { throw new NotSupportedException(); } } } if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0) { $saveSecurableItem = true; foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable) { $securableItem->removePermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW); if ($permitable instanceof Group) { ReadPermissionsOptimizationUtil::securableItemLostPermissionsForGroup($securableItem, $permitable); } elseif ($permitable instanceof User) { ReadPermissionsOptimizationUtil::securableItemLostPermissionsForUser($securableItem, $permitable); } else { throw new NotSupportedException(); } } } if ($saveSecurableItem) { $setBackToProcess = false; if ($securableItem->shouldProcessWorkflowOnSave()) { $securableItem->setDoNotProcessWorkflowOnSave(); $setBackToProcess = true; } $saved = $securableItem->save(); if ($setBackToProcess) { $securableItem->setProcessWorkflowOnSave(); } $securableItem->setTreatCurrentUserAsOwnerForPermissions(false); return $saved; } $securableItem->setTreatCurrentUserAsOwnerForPermissions(false); return true; }
/** * @depends testUserAddedToGroup_Slide21 */ public function testUserAddedToGroup_Slide22() { $u2 = User::getByUsername('u2.'); $u99 = User::getByUsername('u99.'); Yii::app()->user->userModel = $u99; $g1 = Group::getByName('G1.'); $g2 = Group::getByName('G2.'); $g3 = Group::getByName('G3.'); $g3->groups->add($g2); $this->assertTrue($g3->save()); $g2->groups->add($g1); $this->assertTrue($g2->save()); Yii::app()->user->userModel = $u99; $a3 = new Account(); $a3->name = 'A3.'; $a3->addPermissions($g1, Permission::READ); $this->assertTrue($a3->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a3); $a2 = new Account(); $a2->name = 'A2.'; $a2->addPermissions($g2, Permission::READ); $this->assertTrue($a2->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a2); $a1 = new Account(); $a1->name = 'A1.'; $a1->addPermissions($g3, Permission::READ); $this->assertTrue($a1->save()); //Called in OwnedSecurableItem::afterSave(); //ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($a1); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a3, $g1); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a2, $g2); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($a1, $g3); //Utilize method that is used by user interface to handle removing users from a group. $form = new GroupUserMembershipForm(); $fakePostData = array('userMembershipData' => array(0 => $u2->id), 'userNonMembershipData' => array()); $form = GroupUserMembershipFormUtil::setFormFromCastedPost($form, $fakePostData); $saved = GroupUserMembershipFormUtil::setMembershipFromForm($form, $g1); //This is completed above in GroupUserMembershipFormUtil::setMembershipFromForm //$g1->users->add($u2); //$this->assertTrue($g1->save()); //ReadPermissionsOptimizationUtil::userAddedToGroup($g1, $u2); $this->assertEquals(array(array('A1', 'G1', 1), array('A1', 'G2', 1), array('A1', 'G3', 1), array('A1', 'R5', 1), array('A1', 'R6', 1), array('A2', 'G1', 1), array('A2', 'G2', 1), array('A2', 'R5', 1), array('A2', 'R6', 1), array('A3', 'G1', 1), array('A3', 'R5', 1), array('A3', 'R6', 1)), self::getAccountMungeRows()); $this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt()); //Utilize method that is used by user interface to handle removing users from a group. $form = new GroupUserMembershipForm(); $fakePostData = array('userMembershipData' => array(), 'userNonMembershipData' => array()); $form = GroupUserMembershipFormUtil::setFormFromCastedPost($form, $fakePostData); $saved = GroupUserMembershipFormUtil::setMembershipFromForm($form, $g1); //This is completed above in GroupUserMembershipFormUtil::setMembershipFromForm //$g1->users->remove($u2); //$this->assertTrue($g1->save()); //ReadPermissionsOptimizationUtil::userRemovedFromGroup($g1, $u2); $this->assertEquals(array(array('A1', 'G1', 1), array('A1', 'G2', 1), array('A1', 'G3', 1), array('A2', 'G1', 1), array('A2', 'G2', 1), array('A3', 'G1', 1)), self::getAccountMungeRows()); $this->assertTrue(self::accountMungeDoesntChangeWhenRebuilt()); $a1->delete(); $a2->delete(); $a3->delete(); $g1->group = null; $this->assertTrue($g1->save()); $g2->group = null; $this->assertTrue($g2->save()); $g3->group = null; $this->assertTrue($g3->save()); }
protected function makeEmailMessage(Contact $contact, $subject = null) { $interval = mt_rand(1, 30) * 86400; if (!isset($subject)) { $subject = 'A test archived sent email'; } //#1 Create Archived - Sent $emailMessage = new EmailMessage(); $emailMessage->setScenario('importModel'); $emailMessage->owner = $contact->owner; $emailMessage->subject = $subject; $emailContent = new EmailMessageContent(); $emailContent->textContent = 'My First Message'; $emailContent->htmlContent = 'Some fake HTML content'; $emailMessage->content = $emailContent; //Sending is current user (super) $sender = new EmailMessageSender(); $sender->fromAddress = '*****@*****.**'; $sender->fromName = 'Super User'; $sender->personOrAccount = Yii::app()->user->userModel; $emailMessage->sender = $sender; //Recipient is BobMessage $recipient = new EmailMessageRecipient(); $recipient->toAddress = '*****@*****.**'; $recipient->toName = strval($contact); $recipient->personOrAccount = $contact; $recipient->type = EmailMessageRecipient::TYPE_TO; $emailMessage->recipients->add($recipient); $emailMessage->folder = EmailFolder::getByBoxAndType($this->emailBox, EmailFolder::TYPE_SENT); $emailMessage->sentDateTime = DateTimeUtil::convertTimestampToDbFormatDateTime(time() - $interval); $emailMessage->createdDateTime = $emailMessage->sentDateTime; $emailMessage->addPermissions(Group::getByName(Group::EVERYONE_GROUP_NAME), Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER); $saved = $emailMessage->save(); if (!$saved) { throw new FailedToSaveModelException(); } $emailMessage = EmailMessage::getById($emailMessage->id); ReadPermissionsOptimizationUtil::securableItemGivenPermissionsForGroup($emailMessage, Group::getByName(Group::EVERYONE_GROUP_NAME)); $emailMessage->save(); return $emailMessage; }