/** * check whether authentication level required by route is met by user * * @param Route $route * @param User $user * @return boolean */ private static function authenticateRoute(Route $route, User $user = NULL) { $auth = $route->getAuth(); if (!is_null($auth)) { if (is_null($user) && !($user = User::getSessionUser())) { return FALSE; } if (!$user->isAuthenticated()) { return FALSE; } // UserAbstract::AUTH_OBSERVE_TABLE and UserAbstract::AUTH_OBSERVE_ROW are handled by controller return $auth >= $user->getPrivilegeLevel(); } return TRUE; }