Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.
 All Data Structures Functions Variables Pages
AllPermissionsOptimizationUtil.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
41  {
53  public static function checkPermissionsHasAnyOf($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user)
54  {
55  assert('is_int($requiredPermissions)');
56  if ($requiredPermissions == Permission::READ)
57  {
58  return static::resolveAndCheckPermissionsForRead($requiredPermissions, $ownedSecurableItem, $user);
59  }
60  elseif (in_array($requiredPermissions, array(Permission::READ, Permission::WRITE, Permission::DELETE,
61  Permission::CHANGE_PERMISSIONS, Permission::CHANGE_OWNER)))
62  {
63  if ((bool)Yii::app()->params['processReadMungeAsWriteMunge'])
64  {
65  //Forcing use of Permission::READ since it is expected you are always using read/write together
66  //as explicit permissions if processReadMungeAsWriteMunge is true
67  return static::resolveAndCheckPermissionsForRead(Permission::READ, $ownedSecurableItem, $user);
68  }
69  else
70  {
71  //todo: in future refactor split read munge into read munge and write munge to separate out
72  //the read and write logic. But for now this is done together since the use of read without write
73  //is not exposed in the user interface. @see ExplicitReadWriteModelPermissions addReadOnlyPermitable
74  //removeReadOnlyPermitable
75  return false;
76  }
77  }
78  else
79  {
80  //ideally we should throw an exception, but just in case there is some custom scenario with a permission
81  //not supported, we should just return false.
82  return false;
83  }
84  }
85 
93  protected static function resolveAndCheckPermissionsForRead($requiredPermissions,
94  OwnedSecurableItem $ownedSecurableItem, User $user)
95  {
96  try
97  {
99  {
100  return true;
101  }
102  else
103  {
104  throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::NONE);
105  }
106  }
107  catch (NotFoundException $e)
108  {
109  try
110  {
111  $hasReadPermission = self::checkPermissionsHasRead($requiredPermissions, $ownedSecurableItem, $user);
113  $ownedSecurableItem, $user, $hasReadPermission);
114  return $hasReadPermission;
115  }
117  {
118  $hasReadPermission = false;
120  $ownedSecurableItem, $user, $hasReadPermission);
121  throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::NONE);
122  }
123  }
124  }
125 
134  protected static function checkPermissionsHasRead($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user)
135  {
136  $modelClassName = get_class($ownedSecurableItem);
137  $moduleClassName = $modelClassName::getModuleClassName();
138  $permission = PermissionsUtil::getActualPermissionDataForReadByModuleNameForUser($moduleClassName, $user);
139  if ($permission == Permission::NONE)
140  {
141  $mungeIds = static::getMungeIdsByUser($user);
142  if (count($mungeIds) > 0 && $permission == Permission::NONE)
143  {
145  $mungeTableName = ReadPermissionsOptimizationUtil::getMungeTableName($modelClassName);
146  $sql = "select id from " . $mungeTableName . " where {$quote}securableitem_id{$quote} = " .
147  $ownedSecurableItem->getClassId('SecurableItem') . " and {$quote}munge_id{$quote} in ('" .
148  join("', '", $mungeIds) . "') limit 1";
149  $id = ZurmoRedBean::getCol($sql);
150  if (!empty($id))
151  {
152  return true;
153  }
154  else
155  {
156  throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::NONE);
157  }
158  }
159  else
160  {
161  throw new NotSupportedException();
162  }
163  }
164  elseif ($permission == Permission::DENY)
165  {
166  throw new AccessDeniedSecurityException($user, $requiredPermissions, Permission::DENY);
167  }
168  else
169  {
170  return true;
171  }
172  }
173 
179  public static function rebuild($overwriteExistingTables = true, $forcePhp = false, $messageStreamer = null)
180  {
181  ReadPermissionsOptimizationUtil::rebuild($overwriteExistingTables, $forcePhp, $messageStreamer);
182  }
183 
187  public static function ownedSecurableItemCreated(OwnedSecurableItem $ownedSecurableItem)
188  {
189  ReadPermissionsOptimizationUtil::ownedSecurableItemCreated($ownedSecurableItem);
190  }
191 
196  public static function ownedSecurableItemOwnerChanged(OwnedSecurableItem $ownedSecurableItem, User $oldUser = null)
197  {
200  }
201 
205  public static function securableItemBeingDeleted(SecurableItem $securableItem)
206  {
207  ReadPermissionsOptimizationUtil::securableItemBeingDeleted($securableItem);
209  }
210 
215  public static function securableItemGivenPermissionsForUser(SecurableItem $securableItem, User $user)
216  {
217  self::securableItemGivenReadPermissionsForUser($securableItem, $user);
218  }
219 
224  public static function securableItemGivenPermissionsForGroup(SecurableItem $securableItem, Group $group)
225  {
226  self::securableItemGivenReadPermissionsForGroup($securableItem, $group);
227  }
228 
233  public static function securableItemLostPermissionsForUser(SecurableItem $securableItem, User $user)
234  {
235  self::securableItemLostReadPermissionsForUser($securableItem, $user);
236  }
237 
242  public static function securableItemLostPermissionsForGroup(SecurableItem $securableItem, Group $group)
243  {
244  self::securableItemLostReadPermissionsForGroup($securableItem, $group);
245  }
246 
251  public static function securableItemGivenReadPermissionsForUser(SecurableItem $securableItem, User $user)
252  {
255  }
256 
261  public static function securableItemGivenReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
262  {
265  }
266 
271  public static function securableItemLostReadPermissionsForUser(SecurableItem $securableItem, User $user)
272  {
275  }
276 
281  public static function securableItemLostReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
282  {
285  }
286 
290  public static function userBeingDeleted($user)
291  {
293  AllPermissionsOptimizationCache::forgetAll();
294  }
295 
300  public static function userAddedToGroup(Group $group, User $user)
301  {
303  AllPermissionsOptimizationCache::forgetAll();
304  }
305 
310  public static function userRemovedFromGroup(Group $group, User $user)
311  {
313  AllPermissionsOptimizationCache::forgetAll();
314  }
315 
319  public static function groupAddedToGroup(Group $group)
320  {
322  AllPermissionsOptimizationCache::forgetAll();
323  }
324 
328  public static function groupBeingRemovedFromGroup(Group $group)
329  {
331  AllPermissionsOptimizationCache::forgetAll();
332  }
333 
337  public static function groupBeingDeleted($group)
338  {
340  AllPermissionsOptimizationCache::forgetAll();
341  }
342 
346  public static function roleParentSet(Role $role)
347  {
349  AllPermissionsOptimizationCache::forgetAll();
350  }
351 
355  public static function roleParentBeingRemoved(Role $role)
356  {
358  AllPermissionsOptimizationCache::forgetAll();
359  }
360 
364  public static function roleBeingDeleted(Role $role)
365  {
367  AllPermissionsOptimizationCache::forgetAll();
368  }
369 
373  public static function userAddedToRole(User $user)
374  {
376  AllPermissionsOptimizationCache::forgetAll();
377  }
378 
383  public static function userBeingRemovedFromRole(User $user, Role $role)
384  {
386  AllPermissionsOptimizationCache::forgetAll();
387  }
388 
393  public static function getAllUpstreamGroupsRecursively(Group $group, & $groupMungeIds)
394  {
396  }
397 
402  public static function getMungeIdsByUser(User $user)
403  {
404  try
405  {
407  }
408  catch (NotFoundException $e)
409  {
410  list($roleId, $groupIds) = self::getUserRoleIdAndGroupIds($user);
411  $mungeIds = array("U$user->id");
412  if ($roleId != null)
413  {
414  $mungeIds[] = "R$roleId";
415  }
416  foreach ($groupIds as $groupId)
417  {
418  $mungeIds[] = "G$groupId";
419  }
420  //Add everyone group
421  $everyoneGroupId = Group::getByName(Group::EVERYONE_GROUP_NAME)->id;
422  if (!in_array("G" . $everyoneGroupId, $mungeIds) && $everyoneGroupId > 0)
423  {
424  $mungeIds[] = "G" . $everyoneGroupId;
425  }
427  }
428  return $mungeIds;
429  }
430 
435  protected static function getUserRoleIdAndGroupIds(User $user)
436  {
437  if ($user->role->id > 0)
438  {
439  $roleId = $user->role->id;
440  }
441  else
442  {
443  $roleId = null;
444  }
445  $groupIds = array();
446  foreach ($user->groups as $group)
447  {
448  $groupIds[] = $group->id;
449  }
450  return array($roleId, $groupIds);
451  }
452  }
453 ?>
static securableItemLostPermissionsForUser(SecurableItem $securableItem, User $user)
static securableItemGivenPermissionsForUser(SecurableItem $securableItem, User $user)
static resolveAndCheckPermissionsForRead($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user)
static securableItemLostReadPermissionsForUser(SecurableItem $securableItem, User $user)
static cacheHasReadPermissionOnSecurableItem(SecurableItem $securableItem, Permitable $permitable, $hasReadPermission)
Definition: Role.php:37
static rebuild($overwriteExistingTables=true, $forcePhp=false, $messageStreamer=null)
static userRemovedFromGroup(Group $group, User $user)
static cacheMungeIdsByUser(User $user, array $mungeIds)
static ownedSecurableItemOwnerChanged(OwnedSecurableItem $ownedSecurableItem, User $oldUser=null)
static userAddedToGroup(Group $group, User $user)
Definition: User.php:37
static userAddedToGroup(Group $group, User $user)
getClassId($modelClassName)
static securableItemGivenPermissionsForUser(SecurableItem $securableItem, User $user)
static forgetSecurableItemForRead(SecurableItem $securableItem)
static securableItemBeingDeleted(SecurableItem $securableItem)
static userBeingRemovedFromRole(User $user, Role $role)
static ownedSecurableItemOwnerChanged(OwnedSecurableItem $ownedSecurableItem, User $oldUser=null)
static securableItemGivenPermissionsForGroup(SecurableItem $securableItem, Group $group)
static userRemovedFromGroup(Group $group, User $user)
static rebuild($overwriteExistingTables=true, $forcePhp=false, $messageStreamer=null)
static securableItemLostReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
static getAllUpstreamGroupsRecursively(Group $group, &$groupMungeIds)
Definition: Group.php:37
static securableItemLostPermissionsForGroup(SecurableItem $securableItem, Group $group)
static getByName($name)
Definition: Group.php:57
static checkPermissionsHasRead($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user)
static getAllUpstreamGroupsRecursively(Group $group, &$groupMungeIds)
static securableItemGivenReadPermissionsForUser(SecurableItem $securableItem, User $user)
static getHasReadPermissionOnSecurableItem(SecurableItem $securableItem, Permitable $permitable)
static getActualPermissionDataForReadByModuleNameForUser($moduleClassName, User $user=null)
static securableItemGivenReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
static userBeingRemovedFromRole(User $user, Role $role)
static securableItemGivenPermissionsForGroup(SecurableItem $securableItem, Group $group)
static checkPermissionsHasAnyOf($requiredPermissions, OwnedSecurableItem $ownedSecurableItem, User $user)
static securableItemLostPermissionsForGroup(SecurableItem $securableItem, Group $group)
static securableItemLostPermissionsForUser(SecurableItem $securableItem, User $user)
static ownedSecurableItemCreated(OwnedSecurableItem $ownedSecurableItem)
Generated on Fri Jul 10 2020 07:10:37
Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.