/**
* @param string $attribute
* @param ProgramInterface $program
* @param TokenInterface $token
* @return bool
*/
protected function voteOnAttribute($attribute, $program, TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
case self::VIEW:
// do not enforce special views permissions on programs.
return true;
break;
case self::CREATE:
case self::EDIT:
case self::DELETE:
// the given user is granted CREATE, EDIT and DELETE permissions on the given program
// when at least one of the following statements is true
// 1. The user's primary school is the same as the program's owning school
// and the user has at least one of 'Course Director' and 'Developer' role.
// 2. The user has WRITE permissions on the program's owning school
// and the user has at least one of 'Course Director' and 'Developer' role.
// 3. The user has WRITE permissions on the program.
return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $program->getSchool()->getId())) || $this->permissionManager->userHasWritePermissionToProgram($user, $program);
break;
}
return false;
}
/**
* @param string $attribute
* @param ProgramInterface $program
* @param UserInterface|null $user
* @return bool
*/
protected function isGranted($attribute, $program, $user = null)
{
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
case self::VIEW:
// the given user is granted VIEW permissions on the given program
// when at least one of the following statements is true
// 1. The user's primary school is the same as the program's owning school
// and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
// 2. The user has READ permissions on the program's owning school
// and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role.
// 3. The user has READ permissions on the program.
return $this->userHasRole($user, ['Course Director', 'Developer', 'Faculty']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasReadPermissionToProgram($user, $program);
break;
case self::CREATE:
case self::EDIT:
case self::DELETE:
// the given user is grantedC CREATE, EDIT and DELETE permissions on the given program
// when at least one of the following statements is true
// 1. The user's primary school is the same as the program's owning school
// and the user has at least one of 'Course Director' and 'Developer' role.
// 2. The user has WRITE permissions on the program's owning school
// and the user has at least one of 'Course Director' and 'Developer' role.
// 3. The user has WRITE permissions on the program.
return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasWritePermissionToProgram($user, $program);
break;
}
return false;
}
/**
* {@inheritdoc}
*/
public function userHasWritePermissionToProgram(UserInterface $user, ProgramInterface $program)
{
return $this->userHasPermission($user, self::CAN_WRITE, 'program', $program->getId());
}
/**
* @return ProgramInterface
*/
public function getProgram()
{
if ($this->program && !$this->program->isDeleted()) {
return $this->program;
}
return null;
}
/**
* {@inheritdoc}
*/
public function deleteProgram(ProgramInterface $program)
{
$program->setDeleted(true);
$this->updateProgram($program);
}