/**
* @param string $attribute
* @param UserInterface $requestedUser
* @param TokenInterface $token
* @return bool
*/
protected function voteOnAttribute($attribute, $requestedUser, TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
// at least one of these must be true.
// 1. the requested user is the current user
// 2. the current user has faculty/course director/developer role
case self::VIEW:
return $user->getId() === $requestedUser->getId() || $this->userHasRole($user, ['Course Director', 'Faculty', 'Developer']);
break;
// at least one of these must be true.
// 1. the current user has developer role
// and has the same primary school affiliation as the given user
// 2. the current user has developer role
// and has WRITE rights to one of the users affiliated schools.
// at least one of these must be true.
// 1. the current user has developer role
// and has the same primary school affiliation as the given user
// 2. the current user has developer role
// and has WRITE rights to one of the users affiliated schools.
case self::CREATE:
case self::EDIT:
case self::DELETE:
return $this->userHasRole($user, ['Developer']) && ($requestedUser->getAllSchools()->contains($user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchools($user, $requestedUser->getAllSchools()));
break;
}
return false;
}
/**
* @covers \Ilios\CoreBundle\Entity\Manager\PermissionManager::userHasReadPermissionToSchools
*/
public function testUserHasReadPermissionToSchools()
{
$schoolA = new School();
$schoolA->setId(100);
$schoolB = new School();
$schoolB->setId(200);
$schoolC = new School();
$schoolC->setId(300);
$schoolPermissionA = new Permission();
$schoolPermissionA->setTableRowId(100);
$schoolPermissionB = new Permission();
$schoolPermissionB->setTableRowId(200);
$schoolPermissionC = new Permission();
$schoolPermissionC->setTableRowId(300);
$user = new User();
$class = 'Ilios\\CoreBundle\\Entity\\Permission';
$em = m::mock('Doctrine\\ORM\\EntityManager');
$repository = m::mock('Doctrine\\ORM\\Repository')->shouldReceive('findBy')->with(['tableName' => 'school', 'canRead' => true, 'user' => $user], null, null, null)->andReturn([$schoolPermissionA, $schoolPermissionB])->mock();
$registry = m::mock('Doctrine\\Bundle\\DoctrineBundle\\Registry')->shouldReceive('getManagerForClass')->andReturn($em)->shouldReceive('getRepository')->andReturn($repository)->mock();
$manager = new PermissionManager($registry, $class);
$this->assertTrue($manager->userHasReadPermissionToSchools($user, new ArrayCollection([$schoolA])));
$this->assertTrue($manager->userHasReadPermissionToSchools($user, new ArrayCollection([$schoolA, $schoolC])));
$this->assertFalse($manager->userHasReadPermissionToSchools($user, new ArrayCollection([$schoolC])));
$this->assertFalse($manager->userHasReadPermissionToSchools($user, new ArrayCollection()));
}