/**
* Performs access check for the specified group.
*
* @param AccessRole $item the item to be checked against.
* @param IPluggableUserGroup $group the concerned group.
* @param unknown $askForPrivilegeElevation whether we should check for
* privilege elevation if the group has access
* @param array $params additional params that may be used into the business
* rule execution.
* @param AccessGroupAssignment[] $assignments the assignments to the specified group
* @return boolean true if the access should be granted, false if it should be denied
*/
protected function checkGroupAccessRecursive(AccessRole $item, IPluggableUserGroup $group, $askForPrivilegeElevation, array $params = array(), array $assignments = array())
{
Yii::trace('Checking permission "' . $item->getRoleName() . '" for group "' . $group->getName() . '"', 'access.manager.auth');
if (isset($params['groupId'])) {
$params['groupId'] = $group->getId();
}
if ($this->executeBizRule($item->getBusinessRule(), $params, $item->getData())) {
if (in_array($item->getRoleName(), $this->defaultRoles)) {
return $this->checkRingLevel($item, $askForPrivilegeElevation);
}
foreach ($assignments as $assignment) {
if ($assignment->access_role_id === $item->access_role_id) {
if ($this->executeBizRule($assignment->getBusinessRule(), $params, $assignment->getData())) {
return $this->checkRingLevel($item, $askForPrivilegeElevation);
}
}
}
foreach ($item->higherAccessRoles as $parent) {
if ($this->checkGroupAccessRecursive($parent, $group, $askForPrivilegeElevation, $params, $assignments)) {
return $this->checkRingLevel($item, $askForPrivilegeElevation);
}
}
}
return false;
}
