/**
* @inheritdoc
*
* @param Group $subject
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
/** @var User $user */
$user = $token->getUser();
if (!$user instanceof User) {
return false;
}
// A user is allowed to edit his own membership of grouphub groups
if ($subject->getType() === Group::TYPE_GROUPHUB) {
return true;
}
return false;
}
/**
* @param Group $group
*
* @return string
*/
private function getGroupReference(Group $group)
{
$dn = null;
switch ($group->getType()) {
case Group::TYPE_FORMAL:
$dn = $this->formalDn;
break;
case Group::TYPE_GROUPHUB:
$dn = $this->adhocDn;
break;
default:
throw new InvalidArgumentException('Invalid group');
}
$group = $this->normalizer->normalizeGroup($group);
$cn = $this->readLdap->escape($group['cn'], '', LDAP_ESCAPE_DN);
return strtolower('cn=' . $cn . ',' . $dn);
}
/**
* @param Group $group
*
* @return array
*/
public function normalizeGroup(Group $group)
{
return ['reference' => $group->getReference(), 'name' => $group->getName(), 'description' => $group->getDescription(), 'type' => $group->getType(), 'owner' => $group->getOwnerId(), 'parent' => $group->getParentId()];
}
