/** * @param string $modelClassName * @param User $user * @param $canAccess * @return string */ public static function resolveModelElementTypeByActionSecurity($modelClassName, $user, &$canAccess) { assert('is_string($modelClassName)'); assert('$user instanceof User && $user->id > 0'); if ($modelClassName == 'Contact') { $canAccessContacts = RightsUtil::canUserAccessModule('ContactsModule', $user); $canAccessLeads = RightsUtil::canUserAccessModule('LeadsModule', $user); if ($canAccessContacts && $canAccessLeads) { return 'AllStatesContact'; } elseif (!$canAccessContacts && $canAccessLeads) { return 'Lead'; } elseif ($canAccessContacts && !$canAccessLeads) { return 'Contact'; } else { $canAccess = false; return 'Contact'; } } else { $moduleClassName = $modelClassName::getModuleClassName(); if (!RightsUtil::canUserAccessModule($moduleClassName, $user)) { $canAccess = false; } return $modelClassName; } }
/** * Override so it only render if to recipient is a Contact * and the user has the right to access Email Templates * @return string */ protected function renderControlEditable() { if ($this->shouldUseTemplate() && RightsUtil::canUserAccessModule('EmailTemplatesModule', Yii::app()->user->userModel)) { return parent::renderControlEditable(); } return null; }
/** * Based on the current user, return the importRules types and their display labels. Only include import rules * that the user has a right to access its corresponding module. * @return array of import rules types and display labels. */ public static function getImportRulesTypesForCurrentUser() { //todo: cache results to improve performance if needed. $importRulesTypes = array(); $modules = Module::getModuleObjects(); foreach ($modules as $module) { $rulesClassNames = $module::getAllClassNamesByPathFolder('rules'); foreach ($rulesClassNames as $ruleClassName) { $classToEvaluate = new ReflectionClass($ruleClassName); if (is_subclass_of($ruleClassName, 'ImportRules') && !$classToEvaluate->isAbstract()) { $moduleClassNames = $ruleClassName::getModuleClassNames(); $addToArray = true; foreach ($moduleClassNames as $moduleClassNameToCheckAccess) { if (!RightsUtil::canUserAccessModule($moduleClassNameToCheckAccess, Yii::app()->user->userModel) || !RightsUtil::doesUserHaveAllowByRightName($moduleClassNameToCheckAccess, $moduleClassNameToCheckAccess::getCreateRight(), Yii::app()->user->userModel)) { $addToArray = false; } } if ($addToArray) { $importRulesTypes[$ruleClassName::getType()] = $ruleClassName::getDisplayLabel(); } } } } return $importRulesTypes; }
/** * @return string content * @param EmailMessage object $emailMessage * @param User object $user */ public static function renderEmailMessageToMatchContent(EmailMessage $emailMessage, $user) { $userCanAccessContacts = RightsUtil::canUserAccessModule('ContactsModule', $user); $userCanAccessLeads = RightsUtil::canUserAccessModule('LeadsModule', $user); $userCanCreateContact = RightsUtil::doesUserHaveAllowByRightName('ContactsModule', ContactsModule::getCreateRight(), $user); $userCanCreateLead = RightsUtil::doesUserHaveAllowByRightName('LeadsModule', LeadsModule::getCreateRight(), $user); if ($userCanAccessLeads && $userCanAccessContacts) { $selectForm = new AnyContactSelectForm(); } elseif (!$userCanAccessLeads && $userCanAccessContacts) { $selectForm = new ContactSelectForm(); } else { $selectForm = new LeadSelectForm(); } if ($userCanCreateContact && $userCanCreateLead) { $gridSize = 3; } elseif ($userCanCreateContact || $userCanCreateLead) { $gridSize = 2; } else { $gridSize = 1; } $contact = new Contact(); self::resolveEmailAddressAndNameToContact($emailMessage, $contact); $view = new ArchivedEmailMatchingView('default', 'emailMessages', $emailMessage, $contact, $selectForm, $userCanAccessLeads, $userCanAccessContacts, $userCanCreateContact, $userCanCreateLead, $gridSize); return $view->render(); }
public function testResolvePortletsForCurrentUser() { $betty = User::getByUsername('betty'); $this->assertFalse(RightsUtil::canUserAccessModule('AccountsModule', $betty)); $this->assertFalse(RightsUtil::canUserAccessModule('ContactsModule', $betty)); $this->assertFalse(RightsUtil::canUserAccessModule('TasksModule', $betty)); Yii::app()->user->userModel = $betty; $portlet1 = new Portlet(); $portlet1->viewType = 'AccountsRelatedList'; $portlet2 = new Portlet(); $portlet2->viewType = 'ContactsRelatedList'; $portlet3 = new Portlet(); $portlet3->viewType = 'TasksMyList'; $portlets = array(); $portlets[0][0] = $portlet1; $portlets[0][1] = $portlet2; $portlets[0][2] = $portlet3; $portlets[1][0] = $portlet3; $portlets[1][1] = $portlet1; $portlets[1][2] = $portlet3; $this->assertEquals(2, count($portlets)); $resolvedPortlets = PortletsSecurityUtil::resolvePortletsForCurrentUser($portlets); $comparePortlets = array(); $comparePortlets[0][0] = $portlet3; $comparePortlets[1][0] = $portlet3; $comparePortlets[1][1] = $portlet3; $this->assertEquals(0, count($resolvedPortlets)); Yii::app()->user->userModel = User::getByUsername('super'); $resolvedPortlets = PortletsSecurityUtil::resolvePortletsForCurrentUser($portlets); $this->assertEquals($portlets, $resolvedPortlets); }
/** * In order for a user to have access to an accountContactAffiliation portlet, the user must have access rights * to the Accounts and Contacts module as well as rights to the AccountContactAffiliations module. * @param User $user * @return bool */ public function canUserAccessPortlet(User $user) { if (RightsUtil::canUserAccessModule('AccountsModule', $user) && RightsUtil::canUserAccessModule('ContactsModule', $user)) { return true; } return false; }
protected static function makeModelClassNamesAndSearchAttributeData($partialTerm, User $user, $scopeData) { assert('is_string($partialTerm)'); assert('$user->id > 0'); assert('$scopeData == null || is_array($scopeData)'); $modelClassNamesAndSearchAttributeData = array(); $modelNamesAndLabels = WorkflownQueuesSearchForm::getInQueueSearchableModelNamesAndLabels(); foreach ($modelNamesAndLabels as $modelClassName => $notUsed) { $moduleClassName = $modelClassName::getModuleClassName(); $module = Yii::app()->findModule($moduleClassName::getDirectoryName()); $globalSearchFormClassName = $moduleClassName::getGlobalSearchFormClassName(); if ($globalSearchFormClassName != null && RightsUtil::canUserAccessModule(get_class($module), $user) && ($scopeData == null || in_array($modelClassName, $scopeData))) { $searchAttributes = MixedTermSearchUtil::getGlobalSearchAttributeByModuleAndPartialTerm($module, $partialTerm); if (!empty($searchAttributes)) { $model = new $modelClassName(false); assert('$model instanceof RedBeanModel'); $searchForm = new $globalSearchFormClassName($model); assert('$searchForm instanceof SearchForm'); $metadataAdapter = new SearchDataProviderMetadataAdapter($searchForm, $user->id, $searchAttributes); $metadata = $metadataAdapter->getAdaptedMetadata(false); $modelClassNamesAndSearchAttributeData[$globalSearchFormClassName] = array($modelClassName => $metadata); } } } return $modelClassNamesAndSearchAttributeData; }
protected function renderContent() { $content = $this->renderTitleContent(); $content .= '<ul class="configuration-list">'; $modules = Module::getModuleObjects(); $moduleClassNamesAndLabels = array(); foreach ($modules as $module) { $moduleTreeMenuItems = $module->getDesignerMenuItems(); if ($module->isEnabled() && !empty($moduleTreeMenuItems)) { $moduleClassNamesAndLabels[get_class($module)] = $module::getModuleLabelByTypeAndLanguage('Plural'); } } asort($moduleClassNamesAndLabels); foreach ($moduleClassNamesAndLabels as $moduleClassName => $label) { if (RightsUtil::canUserAccessModule($moduleClassName, Yii::app()->user->userModel)) { $route = $this->moduleId . '/' . $this->controllerId . '/modulesMenu/'; $content .= ZurmoHtml::openTag('li'); $content .= '<h4>' . $label . '</h4>'; $content .= ZurmoHtml::link(ZurmoHtml::wrapLabel(Zurmo::t('Core', 'Configure')), Yii::app()->createUrl($route, array('moduleClassName' => $moduleClassName)), array('class' => 'white-button')); $content .= ZurmoHtml::closeTag('li'); } } $content .= '</ul>'; return $content; }
/** * @param User $user * @return bool */ public static function canUserAccessModuleInAVariableState(User $user) { assert('$user->id > 0'); if (RightsUtil::canUserAccessModule('ContactsModule', $user) || RightsUtil::canUserAccessModule('LeadsModule', $user)) { return true; } return false; }
/** * @return string */ public function render() { if (RightsUtil::canUserAccessModule('ProductTemplatesModule', Yii::app()->user->userModel)) { return ZurmoHtml::link($this->resolveLabelAndWrap(), $this->route, $this->getHtmlOptions()); } else { return ''; } }
/** * @return string */ public function render() { if (RightsUtil::canUserAccessModule('ProductTemplatesModule', Yii::app()->user->userModel)) { return parent::render(); } else { return ''; } }
/** * Override to handle special cases for the user status attribute. * @see DetailsView::resolveElementInformationDuringFormLayoutRender() */ protected function resolveElementInformationDuringFormLayoutRender(&$elementInformation) { if ($elementInformation['type'] == 'DerivedUserStatus' && !UserStatusUtil::canUserEditStatusOnAnotherUser(Yii::app()->user->userModel, $this->model)) { $elementInformation['type'] = 'ReadOnlyDerivedUserStatus'; } if ($elementInformation['attributeName'] == 'role' && !RightsUtil::canUserAccessModule('RolesModule', Yii::app()->user->userModel)) { $elementInformation['type'] = 'ReadOnlyModel'; } }
public function testCanUserAccessModule() { $user = User::getByUsername('billy'); $this->assertTrue(RightsUtil::canUserAccessModule('HomeModule', $user)); $this->assertFalse(RightsUtil::canUserAccessModule('AccountsModule', $user)); $user->setRight('AccountsModule', AccountsModule::RIGHT_ACCESS_ACCOUNTS); $saved = $user->save(); $this->assertTrue($saved); $this->assertTrue(RightsUtil::canUserAccessModule('AccountsModule', $user)); }
/** * @param string $moduleClassName * @return bool */ public static function canCurrentUserCanAccessModule($moduleClassName) { assert('is_string($moduleClassName)'); if ($moduleClassName::getStateMetadataAdapterClassName() != null) { $workflowRules = WorkflowRules::makeByModuleClassName($moduleClassName); return $workflowRules->canUserAccessModuleInAVariableState(Yii::app()->user->userModel); } else { return RightsUtil::canUserAccessModule($moduleClassName, Yii::app()->user->userModel); } }
/** * @param int $userId */ public static function resolveCanCurrentUserAccessAction($userId) { if (Yii::app()->user->userModel->id == $userId || RightsUtil::canUserAccessModule('SendGridModule', Yii::app()->user->userModel)) { return; } $messageView = new AccessFailureView(); $view = new AccessFailurePageView($messageView); echo $view->render(); Yii::app()->end(0, false); }
protected static function resolveRelatedItemIdsByModelAndUser(Item $model, &$relatedItemIds, User $user) { assert('is_array($relatedItemIds)'); if (RightsUtil::canUserAccessModule($model::getModuleClassName(), $user)) { $itemId = $model->getClassId('Item'); if (!in_array($itemId, $relatedItemIds)) { $relatedItemIds[] = $itemId; } } }
protected static function resolveAndRenderPostingAndContinueLinksContent(GameNotification $notification, $index) { if (!RightsUtil::canUserAccessModule('SocialItemsModule', Yii::app()->user->userModel)) { return ZurmoHtml::link(Zurmo::t('Core', 'Continue'), '#', array('class' => 'close-ModalGameNotification default-btn', 'onclick' => '$("#ModalGameNotification' . $index . '").dialog("close"); return false;')); } else { $content = ZurmoHtml::link(Zurmo::t('Core', 'Skip'), '#', array('class' => 'close-ModalGameNotification simple-link', 'onclick' => '$("#ModalGameNotification' . $index . '").dialog("close"); return false;')); $content .= static::renderPostToProfileLinkContent($notification, $index); return $content; } }
/** * Checks if the user has permission to add portlet from modal * @param Object $portletRules * @return bool */ public static function doesCurrentUserHavePermissionToAddPortlet($portletRules) { $user = Yii::app()->user->userModel; $viewClassName = $portletRules->getType() . 'View'; $moduleClassName = $viewClassName::getModuleClassName(); if ($portletRules->canUserAccessPortlet($user) && RightsUtil::canUserAccessModule($moduleClassName, $user)) { return true; } return false; }
protected function preFilter($filterChain) { if (!RightsUtil::canUserAccessModule('MarketingListsModule', Yii::app()->user->userModel)) { $messageView = new UserIsMissingMarketingListAccessSplashView(); $pageViewClassName = $this->controller->getModule()->getPluralCamelCasedName() . 'PageView'; $view = new $pageViewClassName(ZurmoDefaultAdminViewUtil::makeStandardViewForCurrentUser($this->controller, $messageView)); echo $view->render(); return false; } return true; }
public function render() { if (!RightsUtil::canUserAccessModule('SocialItemsModule', Yii::app()->user->userModel)) { return parent::render(); } $postToProfileContent = ZurmoHtml::tag('span', array(), Zurmo::t('ZurmoModule', 'Post to Profile')); $postToProfileContent .= static::renderHelpSpan(); $postToProfileContent .= ZurmoHtml::checkBox('postToProfile', false); $content = parent::render(); $content .= ZurmoHtml::tag('div', array('class' => 'post-to-profile clearfix'), $postToProfileContent); return $content; }
/** * Runs through relations and makes sure the user can access at least one relation. If at least one is * accessible, true is returned. */ public function canUserPerformAction() { $metadata = Activity::getMetadata(); foreach ($metadata['Activity']['activityItemsModelClassNames'] as $modelClassName) { if (is_subclass_of($modelClassName, 'Item') && $modelClassName::getModuleClassName() != null) { if (RightsUtil::canUserAccessModule($modelClassName::getModuleClassName(), $this->user)) { } return true; } } return false; }
protected static function findGlobalSearchScopingModuleNamesAndLabelsDataByUser(User $user) { assert('$user->id > 0'); $moduleNamesAndLabels = array(); $modules = Module::getModuleObjects(); foreach ($modules as $module) { $globalSearchFormClassName = $module::getGlobalSearchFormClassName(); if (GlobalSearchUtil::resolveIfModuleShouldBeGloballySearched($module) && $globalSearchFormClassName != null && RightsUtil::canUserAccessModule(get_class($module), $user)) { $moduleNamesAndLabels[$module->getName()] = $module::getModuleLabelByTypeAndLanguage('Plural'); } } return $moduleNamesAndLabels; }
public function testResolveCanUserProperlyConvertLeadFinalStep() { $billy = User::getByUsername('billy'); $billy->setRight('ContactsModule', ContactsModule::RIGHT_ACCESS_CONTACTS, Right::ALLOW); $billy->setRight('OpportunitiesModule', OpportunitiesModule::RIGHT_ACCESS_OPPORTUNITIES, Right::ALLOW); $saved = $billy->save(); $this->assertTrue($saved); $userCanAccessContacts = RightsUtil::canUserAccessModule('ContactsModule', $billy); $userCanAccessOpportunities = RightsUtil::canUserAccessModule('OpportunitiesModule', $billy); $convertToOpportunitySetting = LeadsModule::CONVERT_OPPORTUNITY_NOT_REQUIRED; $content = LeadsControllerSecurityUtil::resolveCanUserProperlyConvertLead($userCanAccessContacts, $userCanAccessOpportunities, $convertToOpportunitySetting); $this->assertNull($content); }
protected function getDefaultRoute() { if (!empty($this->modelId)) { $convertToAccountSetting = LeadsModule::getConvertToAccountSetting(); $userCanAccessAccounts = RightsUtil::canUserAccessModule('AccountsModule', Yii::app()->user->userModel); if ($convertToAccountSetting == LeadsModule::CONVERT_NO_ACCOUNT || $convertToAccountSetting == LeadsModule::CONVERT_ACCOUNT_NOT_REQUIRED && !$userCanAccessAccounts) { return Yii::app()->createUrl($this->moduleId . '/' . $this->controllerId . '/details/', array('id' => $this->modelId)); } else { return Yii::app()->createUrl($this->moduleId . '/' . $this->controllerId . '/convert/', array('id' => $this->modelId)); } } else { throw new NotSupportedException(); } }
protected static function getActivityItemsDerivedAttributeTypesAndResolveAccessByCurrentUser() { $metadata = Activity::getMetadata(); $derivedAttributeTypes = array(); $activityItemsModelClassNames = $metadata['Activity']['activityItemsModelClassNames']; foreach ($activityItemsModelClassNames as $modelClassName) { $moduleClassName = $modelClassName::getModuleClassName(); if (RightsUtil::canUserAccessModule($moduleClassName, Yii::app()->user->userModel)) { $derivedAttributeTypes[] = $modelClassName . 'Derived'; } //todo: add support for leads. } return $derivedAttributeTypes; }
protected function renderControlNonEditable() { $avatarImage = $this->model->getAvatarImage(110); $content = '<div class="gravatar-container">'; if (Yii::app()->user->userModel->id == $this->model->id || RightsUtil::canUserAccessModule('UsersModule', Yii::app()->user->userModel)) { $span = ZurmoHtml::tag('span', array('id' => 'profile-picture-tooltip'), Zurmo::t('UsersModule', 'Change Profile Picture'), true); $url = Yii::app()->createUrl('/users/default/changeAvatar', array('id' => $this->model->id)); $modalTitle = ModalView::getAjaxOptionsForModalLink(Zurmo::t('UsersModule', 'Change Profile Picture') . ": " . strval($this->model)); $content .= ZurmoHtml::ajaxLink($span . $avatarImage, $url, $modalTitle); } else { $content .= $avatarImage; } $content .= '</div>'; return $content; }
/** * Resolve a link to a related model. Used by @see ListView * for each row of a list for example. If the current user can Permission::READ * the related model, then check if the current user has RIGHT_ACCESS_ to * the model's related module. If current user has access then * return link, otherwise return text. If current user cannot Permission::READ * then return null. * @param $model * @param $moduleClassName * @param $linkContent * @return null|string */ public static function resolveViewLinkToModelForCurrentUser($model, $moduleClassName, $linkContent) { assert('$model instanceof Item'); assert('is_string($moduleClassName)'); assert('is_string($linkContent)'); if ($model->id <= 0) { return null; } if (!ActionSecurityUtil::canCurrentUserPerformAction('Details', $model)) { return null; } if (RightsUtil::canUserAccessModule($moduleClassName, Yii::app()->user->userModel)) { return $linkContent; } return null; }
public function actionDetails($id, $runReport = false) { $savedReport = SavedReport::getById((int) $id); ControllerSecurityUtil::resolveCanCurrentUserAccessModule($savedReport->moduleClassName); ControllerSecurityUtil::resolveAccessCanCurrentUserReadModel($savedReport, true); $report = SavedReportToReportAdapter::makeReportBySavedReport($savedReport); $portlet = Portlet::getById(intval($_GET['portletId'])); $portlet->params = array('controllerId' => 'default', 'relationModuleId' => $this->getModule()->getId(), 'relationModel' => $report, 'redirectUrl' => Yii::app()->request->getRequestUri(), 'dataProvider' => $this->getDataProvider($report, $report->getId(), (bool) $runReport)); $portletView = $portlet->getView(); if (!RightsUtil::canUserAccessModule($portletView::getModuleClassName(), Yii::app()->user->userModel)) { $messageView = new AccessFailureView(); $view = new AccessFailurePageView($messageView); echo $view->render(); Yii::app()->end(0, false); } $view = new AjaxPageView($portletView); echo $view->render(); }
public static function getAvailableModelNamesArray() { $modules = Module::getModuleObjects(); $availableModels = array(); foreach ($modules as $module) { $moduleClassName = get_class($module); if ($moduleClassName::canHaveContentTemplates() && RightsUtil::canUserAccessModule($moduleClassName, Yii::app()->user->userModel) && method_exists($moduleClassName, 'getPrimaryModelName')) { try { $modelClassName = $moduleClassName::getPrimaryModelName(); if (!isset($availableModels[$modelClassName])) { $availableModels[$modelClassName] = $modelClassName::getModelLabelByTypeAndLanguage('Plural'); } } catch (NotSupportedException $e) { } } } asort($availableModels); return $availableModels; }
public function actionChangeAvatar($id) { if (Yii::app()->user->userModel->id == intval($id) || RightsUtil::canUserAccessModule('UsersModule', Yii::app()->user->userModel)) { $user = User::getById(intval($id)); if (UserAccessUtil::resolveCanCurrentUserAccessRootUser($user, false) && UserAccessUtil::resolveAccessingASystemUser($user, false)) { $userAvatarForm = new UserAvatarForm($user); $this->attemptToValidateAjaxFromPost($userAvatarForm, 'UserAvatarForm'); $viewForModal = new UserChangeAvatarView($this->getId(), $this->getModule()->getId(), $userAvatarForm); $this->attemptToSaveModelFromPost($userAvatarForm); } else { $viewForModal = new AccessFailureView(); } } else { $viewForModal = new AccessFailureView(); } $view = new ModalView($this, $viewForModal); Yii::app()->getClientScript()->setToAjaxMode(); echo $view->render(); }