/**
  * @param string $attribute
  * @param ProgramYearStewardInterface $steward
  * @param TokenInterface $token
  * @return bool
  */
 protected function voteOnAttribute($attribute, $steward, TokenInterface $token)
 {
     $user = $token->getUser();
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // the given user is granted VIEW permissions on the given steward
             // when at least one of the following statements is true
             // 1. The user's primary school is the same as the parent program's owning school
             //    and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
             // 2. The user has READ permissions on the parent program's owning school
             //    and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
             // 3. The user's primary school matches the stewarding school
             //    and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
             // 4. The user has READ permissions on the owning program.
             return $this->userHasRole($user, ['Course Director', 'Developer', 'Faculty']) && ($this->schoolsAreIdentical($steward->getProgramOwningSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $steward->getProgramOwningSchool()->getId()) || $this->schoolsAreIdentical($steward->getSchool(), $user->getSchool())) || $this->permissionManager->userHasReadPermissionToProgram($user, $steward->getProgram());
             break;
         case self::CREATE:
         case self::EDIT:
         case self::DELETE:
             // the given user is granted CREATE, EDIT and DELETE permissions on the given steward
             // when at least one of the following statements is true
             // 1. The user's primary school is the same as the parent program's owning school
             //    and the user has at least one of 'Course Director' and 'Developer' role.
             // 2. The user has WRITE permissions on the parent program's owning school
             //    and the user has at least one of 'Course Director' and 'Developer' role.
             // 3. The user's primary school matches the stewarding school
             //    and the user has at least one of 'Course Director' and 'Developer' role.
             // 4. The user has WRITE permissions on the parent program.
             return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($steward->getProgramOwningSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $steward->getProgramOwningSchool()->getId()) || $this->schoolsAreIdentical($steward->getSchool(), $user->getSchool())) || $this->permissionManager->userHasWritePermissionToProgram($user, $steward->getProgram());
             break;
     }
     return false;
 }
 /**
  * @covers \Ilios\CoreBundle\Entity\Manager\PermissionManager::userHasReadPermissionToProgram
  */
 public function testUserHasReadPermissionToProgram()
 {
     $user = new User();
     $user->setId(10);
     $program = new Program();
     $program->setId(100);
     $class = 'Ilios\\CoreBundle\\Entity\\Permission';
     $em = m::mock('Doctrine\\ORM\\EntityManager');
     $repository = m::mock('Doctrine\\ORM\\Repository')->shouldReceive('findOneBy')->with(['tableRowId' => 100, 'tableName' => 'program', 'canRead' => true, 'user' => $user], null)->andReturn(new Permission())->mock();
     $registry = m::mock('Doctrine\\Bundle\\DoctrineBundle\\Registry')->shouldReceive('getManagerForClass')->andReturn($em)->shouldReceive('getRepository')->andReturn($repository)->mock();
     $manager = new PermissionManager($registry, $class);
     $this->assertTrue($manager->userHasReadPermissionToProgram($user, $program));
     $this->assertFalse($manager->userHasReadPermissionToProgram($user, null));
 }