protected function renderNonEditableElementsForRelationsByRelationsData($relationModelClassNames) { $content = null; $formClassName = static::getRelatedItemFormClassName(); foreach ($relationModelClassNames as $relationModelClassName) { $relatedItemForm = null; //ASSUMES ONLY A SINGLE ATTACHED RELATEDITEM PER RELATION TYPE. foreach ($this->getRelatedItemsFromModel() as $item) { try { $modelDerivationPathToItem = RuntimeUtil::getModelDerivationPathToItem($relationModelClassName); $castedDownModel = $item->castDown(array($modelDerivationPathToItem)); $relatedItemForm = new $formClassName($castedDownModel); break; } catch (NotFoundException $e) { //do nothing } } if ($relatedItemForm != null) { $canAccess = true; $modelElementType = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity($relationModelClassName, Yii::app()->user->userModel, $canAccess); if ($canAccess) { $elementInformation = array('attributeName' => $relationModelClassName, 'type' => $modelElementType); FormLayoutSecurityUtil::resolveElementForNonEditableRender($relatedItemForm, $elementInformation, Yii::app()->user->userModel); if ($elementInformation['attributeName'] != null) { $elementclassname = $elementInformation['type'] . 'Element'; $element = new $elementclassname($relatedItemForm, $elementInformation['attributeName'], $this->form, array_slice($elementInformation, 2)); assert('$element instanceof ModelElement'); $element->nonEditableTemplate = $this->getRelatedItemNonEditableTemplate(); $content .= $element->render(); } } } } return $content; }
public function testresolveModelElementTypeByActionSecurity() { $super = User::getByUsername('super'); Yii::app()->user->userModel = $super; $bobby = User::getByUsername('bobby'); $this->assertEquals(Right::DENY, $bobby->getEffectiveRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS)); $this->assertEquals(Right::DENY, $bobby->getEffectiveRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS)); $this->assertEquals(Right::DENY, $bobby->getEffectiveRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS)); //test Account model where user does not have access $canAccess = true; $elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Account', $bobby, $canAccess); $this->assertFalse($canAccess); $this->assertEquals('Account', $elementName); $bobby->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS); $this->assertTrue($bobby->save()); //test Account model where user has access $canAccess = true; $elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Account', $bobby, $canAccess); $this->assertTrue($canAccess); $this->assertEquals('Account', $elementName); //test Contact model where has no access to either the leads or contacts module. $canAccess = true; $elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Contact', $bobby, $canAccess); $this->assertFalse($canAccess); $this->assertEquals('Contact', $elementName); //test Contact model where user has access to only the leads module $bobby->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS); $this->assertTrue($bobby->save()); $canAccess = true; $elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Contact', $bobby, $canAccess); $this->assertTrue($canAccess); $this->assertEquals('Lead', $elementName); //test Contact model where user has access to only the contacts module $bobby->removeRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS); $bobby->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS); $this->assertTrue($bobby->save()); $canAccess = true; $elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Contact', $bobby, $canAccess); $this->assertTrue($canAccess); $this->assertEquals('Contact', $elementName); //test Contact model where user has access to both the contacts and leads module. $bobby->setRight('LeadsModule', LeadsModule::RIGHT_ACCESS_LEADS); $this->assertTrue($bobby->save()); $canAccess = true; $elementName = RelatedItemRelationToModelElementUtil::resolveModelElementTypeByActionSecurity('Contact', $bobby, $canAccess); $this->assertTrue($canAccess); $this->assertEquals('AllStatesContact', $elementName); }