/**
* @return array of all module rights data
*/
public static function getAllModuleRightsDataByPermitable(Permitable $permitable)
{
$data = array();
$modules = Module::getModuleObjects();
foreach ($modules as $module) {
if ($module instanceof SecurableModule) {
$moduleClassName = get_class($module);
$rights = $moduleClassName::getRightsNames();
$rightLabels = $moduleClassName::getTranslatedRightsLabels();
$reflectionClass = new ReflectionClass($moduleClassName);
if (!empty($rights)) {
$rightsData = array();
foreach ($rights as $right) {
if (!isset($rightLabels[$right])) {
throw new NotSupportedException($right);
}
$explicit = $permitable->getExplicitActualRight($moduleClassName, $right);
$inherited = $permitable->getInheritedActualRight($moduleClassName, $right);
$effective = $permitable->getEffectiveRight($moduleClassName, $right);
$constants = $reflectionClass->getConstants();
$constantId = array_search($right, $constants);
$rightsData[$constantId] = array('displayName' => $rightLabels[$right], 'explicit' => RightsUtil::getRightStringFromRight($explicit), 'inherited' => RightsUtil::getRightStringFromRight($inherited), 'effective' => RightsUtil::getRightStringFromRight($effective));
}
$data[$moduleClassName] = ArrayUtil::subValueSort($rightsData, 'displayName', 'asort');
}
}
}
return $data;
}
/**
* @return array of all policies data
*/
public static function getAllModulePoliciesDataByPermitable(Permitable $permitable)
{
$data = array();
$modules = Module::getModuleObjects();
foreach ($modules as $module) {
if ($module instanceof SecurableModule) {
$moduleClassName = get_class($module);
$policies = $moduleClassName::getPolicyNames();
$policyLabels = $moduleClassName::getTranslatedPolicyLabels();
$reflectionClass = new ReflectionClass($moduleClassName);
$constants = $reflectionClass->getConstants();
if (!empty($policies)) {
foreach ($policies as $policy) {
if (!isset($policyLabels[$policy])) {
throw new NotSupportedException();
}
$explicit = $permitable->getExplicitActualPolicy($moduleClassName, $policy);
$inherited = $permitable->getInheritedActualPolicy($moduleClassName, $policy);
$effective = $permitable->getEffectivePolicy($moduleClassName, $policy);
$constantId = array_search($policy, $constants);
$data[$moduleClassName][$constantId] = array('displayName' => $policyLabels[$policy], 'explicit' => $explicit, 'inherited' => $inherited, 'effective' => $effective);
}
}
}
}
return $data;
}
public static function cacheCombinedPermissions(SecurableItem $securableItem, Permitable $permitable, $combinedPermissions)
{
assert('is_int($combinedPermissions) || ' . 'is_numeric($combinedPermissions[0]) && is_string($combinedPermissions[0])');
if ($securableItem->getClassId('SecurableItem') == 0 || $permitable->getClassId('Permitable') == 0) {
return;
}
$securableItemModelIdentifer = $securableItem->getModelIdentifier();
$permitableModelIdentifier = $permitable->getModelIdentifier();
if (PHP_CACHING_ON) {
self::$securableItemToPermitableToCombinedPermissions[$securableItemModelIdentifer][$permitableModelIdentifier] = $combinedPermissions;
}
if (MEMCACHE_ON && Yii::app()->cache !== null) {
$prefix = self::getCachePrefix($securableItemModelIdentifer, self::$cacheType);
$permitablesCombinedPermissions = Yii::app()->cache->get($prefix . $securableItemModelIdentifer);
if ($permitablesCombinedPermissions === false) {
$permitablesCombinedPermissions = array($permitableModelIdentifier => $combinedPermissions);
Yii::app()->cache->set($prefix . $securableItemModelIdentifer, serialize($permitablesCombinedPermissions));
} else {
$permitablesCombinedPermissions = unserialize($permitablesCombinedPermissions);
assert('is_array($permitablesCombinedPermissions)');
$permitablesCombinedPermissions[$permitableModelIdentifier] = $combinedPermissions;
Yii::app()->cache->set($prefix . $securableItemModelIdentifer, serialize($permitablesCombinedPermissions));
}
}
// NOTE: the db level caches the permissions when it calculates
// them so php does not need to explicitly cache them here.
}
/**
* @param SecurableItem $securableItem
* @param Permitable $permitable
* @param boolean $hasReadPermission
*/
public static function cacheHasReadPermissionOnSecurableItem(SecurableItem $securableItem, Permitable $permitable, $hasReadPermission)
{
assert('is_bool($hasReadPermission)');
if ($securableItem->getClassId('SecurableItem') == 0 || $permitable->getClassId('Permitable') == 0) {
return;
}
$securableItemModelIdentifer = $securableItem->getClassId('SecurableItem');
$permitableModelIdentifier = $permitable->getClassId('Permitable');
if (static::supportsAndAllowsPhpCaching()) {
static::$securableItemToPermitableToReadPermissions[$securableItemModelIdentifer][$permitableModelIdentifier] = $hasReadPermission;
}
if (static::supportsAndAllowsMemcache()) {
$prefix = static::getCachePrefix($securableItemModelIdentifer) . self::READ;
$permitablesHasReadPermission = static::getCachedValueAndValidateChecksum($prefix . $securableItemModelIdentifer);
if ($permitablesHasReadPermission === false) {
$permitablesHasReadPermission = array($permitableModelIdentifier => $hasReadPermission);
static::cacheValueAndChecksum($prefix . $securableItemModelIdentifer, $permitablesHasReadPermission);
} else {
assert('is_array($permitablesHasReadPermission)');
$permitablesHasReadPermission[$permitableModelIdentifier] = $hasReadPermission;
static::cacheValueAndChecksum($prefix . $securableItemModelIdentifer, $permitablesHasReadPermission);
}
}
}
protected function beforeDelete()
{
if (!parent::beforeDelete()) {
return false;
}
ReadPermissionsOptimizationUtil::groupBeingDeleted($this);
return true;
}
public static function removeAllForPermitable(Permitable $permitable)
{
ZurmoRedBean::exec("delete from policy where permitable_id = :id;", array('id' => $permitable->getClassId('Permitable')));
}
public static function removeAllForPermitable(Permitable $permitable)
{
R::exec("delete from _right where permitable_id = :id;", array('id' => $permitable->getClassId('Permitable')));
}
/**
* Handle the search scenario for isActive, isRootUser and isSystemUser attributes.
*/
public function isAllowedToSetReadOnlyAttribute($attributeName)
{
if ($this->getScenario() == 'importModel' || $this->getScenario() == 'searchModel') {
if (in_array($attributeName, array('isActive', 'isRootUser', 'isSystemUser'))) {
return true;
} else {
return parent::isAllowedToSetReadOnlyAttribute($attributeName);
}
}
}
/**
* Used to cache all rights for a permitable. This can be done by an administrator to cache all user rights
* Then when users login, their rights are cached for improved performance
* @see DevelopmentController function actionRebuildSecurityCache
* @param Permitable $permitable
* @throws NotSupportedException
*/
public static function cacheAllRightsByPermitable(Permitable $permitable)
{
$modules = Module::getModuleObjects();
foreach ($modules as $module) {
if ($module instanceof SecurableModule) {
$moduleClassName = get_class($module);
$rights = $moduleClassName::getRightsNames();
$rightLabels = $moduleClassName::getTranslatedRightsLabels();
if (!empty($rights)) {
foreach ($rights as $right) {
if (!isset($rightLabels[$right])) {
throw new NotSupportedException($right);
}
$permitable->getActualRight($moduleClassName, $right);
}
}
}
}
}
public static function removeForPermitable(Permitable $permitable)
{
PermissionsCache::forgetAll();
R::exec("delete from permission where permitable_id = :id;", array('id' => $permitable->getClassId('Permitable')));
}
/**
* @param Permitable $permitable
* @param array $data
*/
public static function cacheAllModulePermissionsDataByPermitables($permitable, array $data)
{
assert('$permitable instanceof Permitable');
if ($permitable->getClassId('Permitable') == 0) {
return;
}
$permitableModelIdentifier = $permitable->getModelIdentifier();
if (static::supportsAndAllowsMemcache()) {
$prefix = static::getCachePrefix($permitableModelIdentifier) . static::$modulePermissionsDataCachePrefix;
Yii::app()->cache->set($prefix . $permitableModelIdentifier, serialize($data));
}
}
/**
* Overriding so when sorting by lastName it sorts bye firstName lastName
*/
public static function getSortAttributesByAttribute($attribute)
{
if ($attribute == 'firstName') {
return array('firstName', 'lastName');
}
return parent::getSortAttributesByAttribute($attribute);
}
/**
* @param Permitable $permitable
* @param array $data
*/
public static function cacheAllModulePermissionsDataByPermitables($permitable, array $data)
{
assert('$permitable instanceof Permitable');
if ($permitable->getClassId('Permitable') == 0) {
return;
}
$permitableModelIdentifier = $permitable->getModelIdentifier();
if (static::supportsAndAllowsMemcache()) {
$prefix = static::getCachePrefix($permitableModelIdentifier) . static::$modulePermissionsDataCachePrefix;
static::cacheValueAndChecksum($prefix . $permitableModelIdentifier, $data);
}
}
/**
* Returns the related id from permitable models. This is unique for every Permitable child.
* Public for tests
* @param Permitable $permitable
* @return int
*/
public function resolvePermitableKey(Permitable $permitable)
{
return $permitable->getClassId('Permitable');
}
