private function GrantOnUser(BackendAction $action, User $user) { $allowed = false; switch ($action) { case BackendAction::Delete(): case BackendAction::ChangeIsAdmin(): $allowed = $this->IsAdministrator() && !$this->GetUser()->Equals($user); break; case BackendAction::AssignGroups(): $allowed = $this->IsAdministrator() && !$user->GetIsAdmin(); break; case BackendAction::Edit(): case BackendAction::Read(): $allowed = $this->IsAdministrator() || $this->GetUser()->Equals($user); break; case BackendAction::Create(): $allowed = $this->IsAdministrator(); break; } return $allowed ? GrantResult::Allowed() : GrantResult::NoAccess(); }
protected function CanChangeIsAdmin() { return self::Guard()->Allow(BackendAction::ChangeIsAdmin(), $this->user); }
/** * * True if user can lock modules * @return bool Returns true if current user can lock (backend) modules for a group */ protected function CanLockModules(Usergroup $group) { return self::Guard()->Allow(BackendAction::ChangeIsAdmin(), $group); }