Maps provided SPI Policy value object to API Policy value object.
| public buildDomainPolicyObject ( eZ\Publish\SPI\Persistence\User\Policy $spiPolicy ) : eZ\Publish\API\Repository\Values\User\Policy | eZ\Publish\API\Repository\Values\User\PolicyDraft | ||
| $spiPolicy | eZ\Publish\SPI\Persistence\User\Policy | |
| return | eZ\Publish\API\Repository\Values\User\Policy | eZ\Publish\API\Repository\Values\User\PolicyDraft | |
/**
* Loads all policies from roles which are assigned to a user or to user groups to which the user belongs.
*
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a user with the given id was not found
*
* @param mixed $userId
*
* @return \eZ\Publish\API\Repository\Values\User\Policy[]
*/
public function loadPoliciesByUserId($userId)
{
$spiPolicies = $this->userHandler->loadPoliciesByUserId($userId);
$policies = array();
foreach ($spiPolicies as $spiPolicy) {
$policies[] = $this->roleDomainMapper->buildDomainPolicyObject($spiPolicy);
}
if (empty($policies)) {
$this->userHandler->load($userId);
}
// For NotFoundException in case userId is invalid
return $policies;
}
public function hasAccess($module, $function, APIUserReference $userReference = null)
{
// Full access if sudo nesting level is set by {@see sudo()}
if ($this->sudoNestingLevel > 0) {
return true;
}
if ($userReference === null) {
$userReference = $this->getCurrentUserReference();
}
// Uses SPI to avoid triggering permission checks in Role/User service
$permissionSets = array();
$spiRoleAssignments = $this->userHandler->loadRoleAssignmentsByGroupId($userReference->getUserId(), true);
foreach ($spiRoleAssignments as $spiRoleAssignment) {
$permissionSet = array('limitation' => null, 'policies' => array());
$spiRole = $this->userHandler->loadRole($spiRoleAssignment->roleId);
foreach ($spiRole->policies as $spiPolicy) {
if ($spiPolicy->module === '*' && $spiRoleAssignment->limitationIdentifier === null) {
return true;
}
if ($spiPolicy->module !== $module && $spiPolicy->module !== '*') {
continue;
}
if ($spiPolicy->function === '*' && $spiRoleAssignment->limitationIdentifier === null) {
return true;
}
if ($spiPolicy->function !== $function && $spiPolicy->function !== '*') {
continue;
}
if ($spiPolicy->limitations === '*' && $spiRoleAssignment->limitationIdentifier === null) {
return true;
}
$permissionSet['policies'][] = $this->roleDomainMapper->buildDomainPolicyObject($spiPolicy);
}
if (!empty($permissionSet['policies'])) {
if ($spiRoleAssignment->limitationIdentifier !== null) {
$permissionSet['limitation'] = $this->limitationService->getLimitationType($spiRoleAssignment->limitationIdentifier)->buildValue($spiRoleAssignment->values);
}
$permissionSets[] = $permissionSet;
}
}
if (!empty($permissionSets)) {
return $permissionSets;
}
return false;
// No policies matching $module and $function, or they contained limitations
}
