1: <?php
2: /*****************************************************************************************
3: * X2Engine Open Source Edition is a customer relationship management program developed by
4: * X2Engine, Inc. Copyright (C) 2011-2016 X2Engine Inc.
5: *
6: * This program is free software; you can redistribute it and/or modify it under
7: * the terms of the GNU Affero General Public License version 3 as published by the
8: * Free Software Foundation with the addition of the following permission added
9: * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10: * IN WHICH THE COPYRIGHT IS OWNED BY X2ENGINE, X2ENGINE DISCLAIMS THE WARRANTY
11: * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
12: *
13: * This program is distributed in the hope that it will be useful, but WITHOUT
14: * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15: * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
16: * details.
17: *
18: * You should have received a copy of the GNU Affero General Public License along with
19: * this program; if not, see http://www.gnu.org/licenses or write to the Free
20: * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21: * 02110-1301 USA.
22: *
23: * You can contact X2Engine, Inc. P.O. Box 66752, Scotts Valley,
24: * California 95067, USA. or at email address [email protected].
25: *
26: * The interactive user interfaces in modified source and object code versions
27: * of this program must display Appropriate Legal Notices, as required under
28: * Section 5 of the GNU Affero General Public License version 3.
29: *
30: * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31: * these Appropriate Legal Notices must retain the display of the "Powered by
32: * X2Engine" logo. If the display of the logo is not reasonably feasible for
33: * technical reasons, the Appropriate Legal Notices must display the words
34: * "Powered by X2Engine".
35: *****************************************************************************************/
36:
37: /**
38: * Base class for behaviors respecting the establishment of access permissions
39: *
40: * @property boolean|string $assignmentAttr The attribute to use for assignment
41: * and ownership. False signifies that it's to be treated as if owned by the
42: * system/no one in particular.
43: * @property boolean|string $visibilityAttr The attribute to use for visibility
44: * settings. False signifies that visibility should be ignored.
45: * @package application.components.permissions
46: */
47: abstract class ModelPermissionsBehavior extends CActiveRecordBehavior {
48:
49: /**
50: * Returns a CDbCriteria containing record-level access conditions.
51: * @return CDbCriteria
52: */
53: abstract function getAccessCriteria();
54:
55: /**
56: * Returns a number from 0 to 3 representing the current user's access level using the Yii auth manager
57: * Assumes authItem naming scheme like "ContactsViewPrivate", etc.
58: * This method probably ought to overridden, as there is no reliable way to determine the module a model "belongs" to.
59: * @return integer The access level. 0=no access, 1=own records, 2=public records, 3=full access
60: */
61: abstract function getAccessLevel($uid=null);
62:
63: /**
64: * Generates SQL condition to filter out records the user doesn't have
65: * permission to see.
66: * This method is used by the 'accessControl' filter.
67: * @param integer $accessLevel The user's access level. 0=no access, 1=own
68: * records, 2=public records, 3=full access
69: * @return String The SQL conditions
70: */
71: abstract function getAccessConditions($accessLevel);
72:
73: /**
74: *
75: */
76: abstract function getAssignmentAttr();
77:
78: /**
79: *
80: */
81: abstract function getVisibilityAttr();
82:
83: /**
84: *
85: */
86: public static function getVisibilityOptions(){
87: return array();
88: }
89:
90: /*
91: * Returns regex for performing SQL assignedTo field comparisons.
92: * @return string This can be inserted (with parameter binding) into SQL queries to
93: * determine if an action is assigned to a given user.
94: */
95: public static function getUserNameRegex ($username=null) {
96: return '(^|, )'.($username===null?Yii::app()->getSuName():$username).'($|, )';
97: }
98: }
99:
100: ?>
101: