Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.
 All Data Structures Functions Variables Pages
ExplicitReadWriteModelPermissionsUtil.php
1 <?php
2  /*********************************************************************************
3  * Zurmo is a customer relationship management program developed by
4  * Zurmo, Inc. Copyright (C) 2017 Zurmo Inc.
5  *
6  * Zurmo is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU Affero General Public License version 3 as published by the
8  * Free Software Foundation with the addition of the following permission added
9  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10  * IN WHICH THE COPYRIGHT IS OWNED BY ZURMO, ZURMO DISCLAIMS THE WARRANTY
11  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12  *
13  * Zurmo is distributed in the hope that it will be useful, but WITHOUT
14  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15  * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16  * details.
17  *
18  * You should have received a copy of the GNU Affero General Public License along with
19  * this program; if not, see http://www.gnu.org/licenses or write to the Free
20  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21  * 02110-1301 USA.
22  *
23  * You can contact Zurmo, Inc. with a mailing address at 27 North Wacker Drive
24  * Suite 370 Chicago, IL 60606. or at email address contact@zurmo.com.
25  *
26  * The interactive user interfaces in original and modified versions
27  * of this program must display Appropriate Legal Notices, as required under
28  * Section 5 of the GNU Affero General Public License version 3.
29  *
30  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31  * these Appropriate Legal Notices must retain the display of the Zurmo
32  * logo and Zurmo copyright notice. If the display of the logo is not reasonably
33  * feasible for technical reasons, the Appropriate Legal Notices must display the words
34  * "Copyright Zurmo Inc. 2017. All rights reserved".
35  ********************************************************************************/
36 
43  {
48  const MIXED_TYPE_EVERYONE_GROUP = 1;
49 
54  const MIXED_TYPE_NONEVERYONE_GROUP = 2;
55 
62  public static function makeByMixedPermitablesData($mixedPermitablesData)
63  {
64  assert('is_array($mixedPermitablesData)');
65  assert('isset($mixedPermitablesData["readOnly"])');
66  assert('isset($mixedPermitablesData["readWrite"])');
67  $explicitReadWriteModelPermissions = new ExplicitReadWriteModelPermissions();
68  foreach ($mixedPermitablesData['readOnly'] as $permitableData)
69  {
70  $permitableClassName = key($permitableData);
71  $permitableId = $permitableData[$permitableClassName];
72  $explicitReadWriteModelPermissions->addReadOnlyPermitable($permitableClassName::getById($permitableId));
73  }
74  foreach ($mixedPermitablesData['readWrite'] as $permitableData)
75  {
76  $permitableClassName = key($permitableData);
77  $permitableId = $permitableData[$permitableClassName];
78  $explicitReadWriteModelPermissions->addReadWritePermitable($permitableClassName::getById($permitableId));
79  }
80  return $explicitReadWriteModelPermissions;
81  }
82 
88  $explicitReadWriteModelPermissions)
89  {
90  assert('$explicitReadWriteModelPermissions instanceof ExplicitReadWriteModelPermissions ||
91  $explicitReadWriteModelPermissions == null');
92  if ($explicitReadWriteModelPermissions == null)
93  {
94  return null;
95  }
96  if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() == 0 &&
97  $explicitReadWriteModelPermissions->getReadWritePermitablesCount() == 0)
98  {
99  return null;
100  }
101  $mixedPermitablesData = array();
102  $mixedPermitablesData['readOnly'] = array();
103  $mixedPermitablesData['readWrite'] = array();
104  foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable)
105  {
106  $mixedPermitablesData['readOnly'][] = array(get_class($permitable) => $permitable->id);
107  }
108  foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable)
109  {
110  $mixedPermitablesData['readWrite'][] = array(get_class($permitable) => $permitable->id);
111  }
112  return $mixedPermitablesData;
113  }
114 
122  public static function makeByPostData($postData)
123  {
124  assert('is_array($postData)');
125  $explicitReadWriteModelPermissions = new ExplicitReadWriteModelPermissions();
126  if ($postData['type'] == null)
127  {
128  return $explicitReadWriteModelPermissions;
129  }
130  elseif ($postData['type'] == ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_EVERYONE_GROUP)
131  {
132  $explicitReadWriteModelPermissions->addReadWritePermitable(Group::getByName(Group::EVERYONE_GROUP_NAME));
133  return $explicitReadWriteModelPermissions;
134  }
135  elseif ($postData['type'] == ExplicitReadWriteModelPermissionsUtil::MIXED_TYPE_NONEVERYONE_GROUP)
136  {
137  assert('isset($postData["nonEveryoneGroup"])');
138  $explicitReadWriteModelPermissions->addReadWritePermitable(
139  Group::getById((int)$postData["nonEveryoneGroup"]));
140  return $explicitReadWriteModelPermissions;
141  }
142  else
143  {
144  throw new NotSupportedException();
145  }
146  }
147 
158  public static function resolveByPostDataAndModelThenMake($postData, SecurableItem $securableItem)
159  {
160  if (isset($postData['explicitReadWriteModelPermissions']))
161  {
162  $explicitReadWriteModelPermissions = self::
163  makeByPostData($postData['explicitReadWriteModelPermissions']);
164  self::resolveForDifferencesBySecurableItem($explicitReadWriteModelPermissions, $securableItem);
165  return $explicitReadWriteModelPermissions;
166  }
167  else
168  {
169  return null;
170  }
171  }
172 
181  protected static function resolveForDifferencesBySecurableItem($explicitReadWriteModelPermissions,
182  SecurableItem $securableItem)
183  {
184  foreach ($securableItem->permissions as $permission)
185  {
186  $permission->castDownPermitable();
187  if ($permission->permitable instanceof Group && $permission->type == Permission::ALLOW)
188  {
189  if (Permission::READ == ($permission->permissions & Permission::READ))
190  {
191  if (!$explicitReadWriteModelPermissions->isReadOrReadWritePermitable($permission->permitable))
192  {
193  $explicitReadWriteModelPermissions->addReadWritePermitableToRemove($permission->permitable);
194  }
195  }
196  elseif (Permission::WRITE == ($permission->permissions & Permission::WRITE))
197  {
198  if (!$explicitReadWriteModelPermissions->isReadOrReadWritePermitable($permission->permitable))
199  {
200  $explicitReadWriteModelPermissions->addReadWritePermitableToRemove($permission->permitable);
201  }
202  }
203  break;
204  }
205  }
206  }
207 
213  public static function removeIfExistsFromPostData($postData)
214  {
215  assert('is_array($postData)');
216  if (isset($postData['explicitReadWriteModelPermissions']))
217  {
218  unset($postData['explicitReadWriteModelPermissions']);
219  }
220  return $postData;
221  }
222 
234  public static function resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem,
235  ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate = false)
236  {
237  assert('$securableItem->id > 0');
238  $optimizeReadPermissions = $securableItem::hasReadPermissionsOptimization();
239  $securableItem->setTreatCurrentUserAsOwnerForPermissions(true);
240  $saveSecurableItem = false;
241  if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0)
242  {
243  $saveSecurableItem = true;
244  foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable)
245  {
246  if ($securableItem->addPermissions($permitable, Permission::READ) && $optimizeReadPermissions)
247  {
248  if ($permitable instanceof Group)
249  {
251  securableItemGivenReadPermissionsForGroup($securableItem, $permitable);
253  }
254  elseif ($permitable instanceof User)
255  {
257  securableItemGivenReadPermissionsForUser($securableItem, $permitable);
259  }
260  else
261  {
262  throw new NotSupportedException();
263  }
264  }
265  }
266  }
267  if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0)
268  {
269  $saveSecurableItem = true;
270  foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable)
271  {
272  if ($securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER) &&
273  $optimizeReadPermissions)
274  {
275  if ($permitable instanceof Group)
276  {
278  securableItemGivenPermissionsForGroup($securableItem, $permitable);
280  }
281  elseif ($permitable instanceof User)
282  {
284  securableItemGivenPermissionsForUser($securableItem, $permitable);
286  }
287  else
288  {
289  throw new NotSupportedException();
290  }
291  }
292  }
293  }
294  if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemoveCount() > 0)
295  {
296  $saveSecurableItem = true;
297  foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitablesToRemove() as $permitable)
298  {
299  $securableItem->removePermissions($permitable, Permission::READ, Permission::ALLOW);
300  if ($optimizeReadPermissions)
301  {
302  if ($permitable instanceof Group)
303  {
305  securableItemLostReadPermissionsForGroup($securableItem, $permitable);
307  }
308  elseif ($permitable instanceof User)
309  {
311  securableItemLostReadPermissionsForUser($securableItem, $permitable);
313  }
314  else
315  {
316  throw new NotSupportedException();
317  }
318  }
319  }
320  }
321  if ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemoveCount() > 0)
322  {
323  $saveSecurableItem = true;
324  foreach ($explicitReadWriteModelPermissions->getReadWritePermitablesToRemove() as $permitable)
325  {
326  $securableItem->removePermissions($permitable,
327  Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER, Permission::ALLOW);
328  if ($optimizeReadPermissions)
329  {
330  if ($permitable instanceof Group)
331  {
333  securableItemLostPermissionsForGroup($securableItem, $permitable);
335  }
336  elseif ($permitable instanceof User)
337  {
339  securableItemLostPermissionsForUser($securableItem, $permitable);
341  }
342  else
343  {
344  throw new NotSupportedException();
345  }
346  }
347  }
348  }
349  if ($saveSecurableItem)
350  {
351  $setBackToProcess = false;
352  if ($securableItem->shouldProcessWorkflowOnSave())
353  {
354  $securableItem->setDoNotProcessWorkflowOnSave();
355  $setBackToProcess = true;
356  }
357  $saved = $securableItem->save($validate);
358  if ($setBackToProcess)
359  {
360  $securableItem->setProcessWorkflowOnSave();
361  }
362  $securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
363  return $saved;
364  }
365  $securableItem->setTreatCurrentUserAsOwnerForPermissions(false);
366  return true;
367  }
368 
378  ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions)
379  {
380  assert('$securableItem->id < 0');
381  if ($explicitReadWriteModelPermissions->getReadOnlyPermitablesCount() > 0)
382  {
383  foreach ($explicitReadWriteModelPermissions->getReadOnlyPermitables() as $permitable)
384  {
385  $securableItem->addPermissions($permitable, Permission::READ);
386  }
387  }
388  if ($explicitReadWriteModelPermissions->getReadWritePermitablesCount() > 0)
389  {
390  foreach ($explicitReadWriteModelPermissions->getReadWritePermitables() as $permitable)
391  {
392  $securableItem->addPermissions($permitable, Permission::READ_WRITE_CHANGE_PERMISSIONS_CHANGE_OWNER);
393  }
394  }
395  return true;
396  }
397 
402  public static function makeBySecurableItem(SecurableItem $securableItem)
403  {
404  $explicitReadWriteModelPermissions = new ExplicitReadWriteModelPermissions();
405  foreach ($securableItem->permissions as $permission)
406  {
407  $permission->castDownPermitable();
408  if (($permission->permitable instanceof Group || $permission->permitable instanceof User) &&
409  $permission->type == Permission::ALLOW)
410  {
411  if (Permission::WRITE == ($permission->permissions & Permission::WRITE))
412  {
413  $explicitReadWriteModelPermissions->addReadWritePermitable($permission->permitable);
414  }
415  elseif (Permission::READ == ($permission->permissions & Permission::READ))
416  {
417  $explicitReadWriteModelPermissions->addReadOnlyPermitable($permission->permitable);
418  }
419  }
420  }
421  return $explicitReadWriteModelPermissions;
422  }
423  }
424 ?>
static securableItemLostPermissionsForUser(SecurableItem $securableItem, User $user)
static makeBySecurableItem(SecurableItem $securableItem)
static securableItemGivenPermissionsForUser(SecurableItem $securableItem, User $user)
static securableItemLostReadPermissionsForUser(SecurableItem $securableItem, User $user)
removePermissions(Permitable $permitable, $permissions=Permission::ALL, $type=Permission::ALLOW_DENY)
static resolveByPostDataAndModelThenMake($postData, SecurableItem $securableItem)
static resolveExplicitReadWriteModelPermissions(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions, $validate=false)
Definition: User.php:37
static resolveForDifferencesBySecurableItem($explicitReadWriteModelPermissions, SecurableItem $securableItem)
static resolveExplicitReadWriteModelPermissionsForDisplay(SecurableItem $securableItem, ExplicitReadWriteModelPermissions $explicitReadWriteModelPermissions)
static securableItemLostReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
static securableItemLostPermissionsForGroup(SecurableItem $securableItem)
Definition: Group.php:37
static securableItemLostPermissionsForUser(SecurableItem $securableItem)
static securableItemLostPermissionsForGroup(SecurableItem $securableItem, Group $group)
static getByName($name)
Definition: Group.php:57
addPermissions(Permitable $permitable, $permissions, $type=Permission::ALLOW)
static makeMixedPermitablesDataByExplicitReadWriteModelPermissions($explicitReadWriteModelPermissions)
static securableItemGivenReadPermissionsForUser(SecurableItem $securableItem, User $user)
static securableItemGivenPermissionsForGroup(SecurableItem $securableItem)
static securableItemGivenPermissionsForUser(SecurableItem $securableItem)
static securableItemGivenReadPermissionsForGroup(SecurableItem $securableItem, Group $group)
static securableItemGivenPermissionsForGroup(SecurableItem $securableItem, Group $group)
Generated on Fri Jul 3 2020 07:10:37
Account Suspended
Account Suspended
This Account has been suspended.
Contact your hosting provider for more information.