/**
* @param int $courseId
* @param int $owningSchoolId
* @param UserInterface $user
*
* @return bool
*/
protected function isWriteGranted($courseId, $owningSchoolId, UserInterface $user)
{
// grant CREATE/EDIT/DELETE privileges if at least one of the following
// statements is true:
// 1. the user's primary school is the course's owning school
// and the user has at least one of the 'Faculty', 'Course Director' and 'Developer' roles.
// 2. the user has WRITE rights on the course's owning school via the permissions system
// and the user has at least one of the 'Faculty', 'Course Director' and 'Developer' roles.
// 3. the user has WRITE rights on the course via the permissions system
return $this->userHasRole($user, ['Faculty', 'Course Director', 'Developer']) && ($owningSchoolId === $user->getSchool()->getId() || $this->permissionManager->userHasWritePermissionToSchool($user, $owningSchoolId)) || $this->permissionManager->userHasWritePermissionToCourse($user, $courseId);
}
/**
* @covers \Ilios\CoreBundle\Entity\Manager\PermissionManager::userHasWritePermissionToCourse
*/
public function testUserHasWritePermissionToCourse()
{
$user = new User();
$user->setId(10);
$course = new Course();
$course->setId(100);
$class = 'Ilios\\CoreBundle\\Entity\\Permission';
$em = m::mock('Doctrine\\ORM\\EntityManager');
$repository = m::mock('Doctrine\\ORM\\Repository')->shouldReceive('findOneBy')->with(['tableRowId' => 100, 'tableName' => 'course', 'canWrite' => true, 'user' => $user], null)->andReturn(new Permission())->mock();
$registry = m::mock('Doctrine\\Bundle\\DoctrineBundle\\Registry')->shouldReceive('getManagerForClass')->andReturn($em)->shouldReceive('getRepository')->andReturn($repository)->mock();
$manager = new PermissionManager($registry, $class);
$this->assertTrue($manager->userHasWritePermissionToCourse($user, $course->getId()));
$this->assertFalse($manager->userHasWritePermissionToCourse($user, null));
}
/**
* @param ObjectiveInterface $objective
* @param UserInterface $user
* @return bool
*/
protected function isCreateEditDeleteGrantedForCourseObjective($objective, $user)
{
/* @var CourseInterface $course */
$course = $objective->getCourses()->first();
// there should ever only be one
// Code below has been copy/pasted straight out of CourseVoter::isGranted().
// TODO: consolidate. [ST 2015/08/05]
// HALT!
// deny DELETE and CREATE privileges if the owning course is locked or archived.
if ($course->isArchived() || $course->isLocked()) {
return false;
}
return $this->userHasRole($user, ['Faculty', 'Course Director', 'Developer']) && ($this->schoolsAreIdentical($course->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $course->getSchool()->getId())) || $this->permissionManager->userHasWritePermissionToCourse($user, $course);
}
