Beispiel #1
0
 /**
  * @param string $attribute
  * @param TopicInterface $topic
  * @param UserInterface $user
  * @return bool
  */
 protected function isGranted($attribute, $topic, $user = null)
 {
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         // grant VIEW privileges
         // if the user's primary school is the the topic's owning school
         // - or -
         // if the user has READ rights on the topic's owning school
         // via the permissions system.
         case self::VIEW:
             return $this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $topic->getSchool());
             break;
         case self::CREATE:
         case self::EDIT:
         case self::DELETE:
             // grant CREATE, EDIT and DELETE privileges
             // if the user has the 'Developer' role
             // - and -
             //   if the user's primary school is the the topic's owning school
             //   - or -
             //   if the user has WRITE rights on the topic's owning school
             // via the permissions system.
             return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $topic->getSchool()));
             break;
     }
     return false;
 }
Beispiel #2
0
 /**
  * @param string $attribute
  * @param SchoolInterface $school
  * @param UserInterface|null $user
  * @return bool
  */
 protected function isGranted($attribute, $school, $user = null)
 {
     // make sure there is a user object (i.e. that the user is logged in)
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // Only grant VIEW permissions if the given school is the given user's
             // primary school
             // - or -
             // if the given user has been granted READ right on the given school
             // via the permissions system.
             return $this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $school);
             break;
         case self::CREATE:
             // only developers can create schools.
             return $this->userHasRole($user, ['Developer']);
             break;
         case self::EDIT:
         case self::DELETE:
             // Only grant EDIT and DELETE permissions if the user has the 'Developer' role.
             // - and -
             // the user must be associated with the given school,
             // either by its primary school attribute
             //     - or - by WRITE rights for the school
             // via the permissions system.
             return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $school));
             break;
     }
     return false;
 }
Beispiel #3
0
 /**
  * @param string $attribute
  * @param InstructorGroupInterface $group
  * @param UserInterface|null $user
  * @return bool
  */
 protected function isGranted($attribute, $group, $user = null)
 {
     // make sure there is a user object (i.e. that the user is logged in)
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // grant VIEW privileges if at least one of the following
             // statements is true:
             // 1. the user's primary school is the group's owning school
             //    and has at least one of 'Course Director', 'Faculty' and 'Developer' roles.
             // 2. the user has READ rights on the group's owning school via the permissions system
             //    and has at least one of 'InstructorGroup Director', 'Faculty' and 'Developer' roles.
             return $this->userHasRole($user, ['Course Director', 'Faculty', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $group->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $group->getSchool()));
             break;
         case self::CREATE:
         case self::EDIT:
         case self::DELETE:
             // grant CREATE, EDIT and DELETE privileges if at least one of the following
             // statements is true:
             // 1. the user's primary school is the group's owning school
             //    and the user has at least one of the 'Course Director' and 'Developer' roles.
             // 2. the user has WRITE rights on the group's owning school via the permissions system
             //    and the user has at least one of the 'Course Director' and 'Developer' roles.
             return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $group->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $group->getSchool()));
             break;
     }
     return false;
 }
Beispiel #4
0
 /**
  * @param string $attribute
  * @param ProgramInterface $program
  * @param UserInterface|null $user
  * @return bool
  */
 protected function isGranted($attribute, $program, $user = null)
 {
     // make sure there is a user object (i.e. that the user is logged in)
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // the given user is granted VIEW permissions on the given program
             // when at least one of the following statements is true
             // 1. The user's primary school is the same as the program's owning school
             //    and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
             // 2. The user has READ permissions on the program's owning school
             //    and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
             // 3. The user has READ permissions on the program.
             return $this->userHasRole($user, ['Course Director', 'Developer', 'Faculty']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasReadPermissionToProgram($user, $program);
             break;
         case self::CREATE:
         case self::EDIT:
         case self::DELETE:
             // the given user is grantedC CREATE, EDIT and DELETE permissions on the given program
             // when at least one of the following statements is true
             // 1. The user's primary school is the same as the program's owning school
             //    and the user has at least one of 'Course Director' and 'Developer' role.
             // 2. The user has WRITE permissions on the program's owning school
             //    and the user has at least one of 'Course Director' and 'Developer' role.
             // 3. The user has WRITE permissions on the program.
             return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasWritePermissionToProgram($user, $program);
             break;
     }
     return false;
 }
Beispiel #5
0
 /**
  * @param CourseInterface $course
  * @param UserInterface $user
  * @return bool
  */
 protected function isViewGranted($course, $user)
 {
     // grant VIEW privileges if at least one of the following
     // statements is true:
     // 1. the user's primary school is the course's owning school
     // 2. the user has READ rights on the course's owning school via the permissions system
     // 3. the user has READ rights on the course via the permissions system
     return $this->schoolsAreIdentical($course->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $course->getSchool()) || $this->permissionManager->userHasReadPermissionToCourse($user, $course);
 }
 /**
  * @param CurriculumInventoryReportInterface $report
  * @param UserInterface $user
  * @return bool
  */
 protected function isViewGranted($report, $user)
 {
     // Only grant VIEW permissions to users with at least one of
     // 'Course Director' and 'Developer' roles.
     // - and -
     // the user must be associated with the school owning the report's program
     // either by its primary school attribute
     //     - or - by READ rights for the school
     // via the permissions system.
     return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $report->getProgram()->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $report->getProgram()->getSchool()));
 }
Beispiel #7
0
 /**
  * @param ProgramYearInterface $programYear
  * @param UserInterface $user
  * @return bool
  */
 protected function isViewGranted($programYear, $user)
 {
     // the given user is granted VIEW permissions on the given program year
     // when at least one of the following statements is true
     // 1. The user's primary school is the same as the parent program's owning school
     //    and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
     // 2. The user has READ permissions on the parent program's owning school
     //    and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
     // 3. The user's primary school matches at least one of the schools owning the
     //    program years' stewarding department
     //    and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
     // 4. The user has READ permissions on the program.
     return $this->userHasRole($user, ['Course Director', 'Developer', 'Faculty']) && ($this->schoolsAreIdentical($programYear->getProgram()->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $programYear->getProgram()->getSchool()) || $this->stewardManager->schoolIsStewardingProgramYear($user, $programYear)) || $this->permissionManager->userHasReadPermissionToProgram($user, $programYear->getProgram());
 }
Beispiel #8
0
 /**
  * @param string $attribute
  * @param SchoolEvent $event
  * @param UserInterface|null $user
  * @return bool
  */
 protected function isGranted($attribute, $event, $user = null)
 {
     // make sure there is a user object (i.e. that the user is logged in)
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // grant VIEW permissions if the event-owning school matches any of the given user's schools.
             $eventOwningSchool = $this->schoolManager->findSchoolBy(['id' => $event->school]);
             return $this->schoolsAreIdentical($eventOwningSchool, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $eventOwningSchool);
             break;
     }
     return false;
 }
 /**
  * @param string $attribute
  * @param CurriculumInventoryInstitutionInterface $institution
  * @param UserInterface $user
  * @return bool
  */
 protected function isGranted($attribute, $institution, $user = null)
 {
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
         case self::EDIT:
         case self::DELETE:
             return $this->userHasRole($user, ['Course Director', 'Developer']);
             break;
     }
     switch ($attribute) {
         case self::VIEW:
             // Only grant VIEW permissions to users with at least one of
             // 'Course Director' and 'Developer' roles.
             // - and -
             // the user must be associated with the institution's school
             // either by its primary school attribute
             //     - or - by READ rights for the school
             // via the permissions system.
             return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $institution->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $institution->getSchool()));
             break;
         case self::CREATE:
         case self::EDIT:
         case self::DELETE:
             // Only grant CREATE, EDIT and DELETE permissions to users with at least one of
             // 'Course Director' and 'Developer' roles.
             // - and -
             // the user must be associated with the institution's school
             // either by its primary school attribute
             //     - or - by WRITE rights for the school
             // via the permissions system.
             return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $institution->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $institution->getSchool()));
             break;
     }
     return false;
 }