public static function filterRoles(PersonInterface $person, FormInterface $form, array $roles, SecurityHelper $securityHelper)
{
$loggedUserLevel = $securityHelper->getLoggedInUserLevel();
$targetPersonLevel = $securityHelper->getTargetPersonLevel($person);
$isLoggedUserSuperAdmin = $securityHelper->isGranted('ROLE_SUPER_ADMIN');
$filteredRoles = array();
foreach ($roles as $role => $name) {
$isFeature = preg_match('/^FEATURE_/', $role) === 1;
if (!$isLoggedUserSuperAdmin && $isFeature) {
continue;
}
if ($loggedUserLevel < $securityHelper->getRoleLevel($role)) {
continue;
}
$filteredRoles[$role] = $name;
}
asort($filteredRoles);
$form->add('roles', 'choice', array('choices' => $filteredRoles, 'multiple' => true, 'read_only' => $targetPersonLevel > $loggedUserLevel, 'disabled' => $targetPersonLevel > $loggedUserLevel));
return $filteredRoles;
}