/**
* @param string $attribute
* @param TopicInterface $topic
* @param UserInterface $user
* @return bool
*/
protected function isGranted($attribute, $topic, $user = null)
{
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
// grant VIEW privileges
// if the user's primary school is the the topic's owning school
// - or -
// if the user has READ rights on the topic's owning school
// via the permissions system.
case self::VIEW:
return $this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $topic->getSchool());
break;
case self::CREATE:
case self::EDIT:
case self::DELETE:
// grant CREATE, EDIT and DELETE privileges
// if the user has the 'Developer' role
// - and -
// if the user's primary school is the the topic's owning school
// - or -
// if the user has WRITE rights on the topic's owning school
// via the permissions system.
return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $topic->getSchool()));
break;
}
return false;
}
/**
* @param string $attribute
* @param SchoolInterface $school
* @param UserInterface|null $user
* @return bool
*/
protected function isGranted($attribute, $school, $user = null)
{
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
case self::VIEW:
// Only grant VIEW permissions if the given school is the given user's
// primary school
// - or -
// if the given user has been granted READ right on the given school
// via the permissions system.
return $this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $school);
break;
case self::CREATE:
// only developers can create schools.
return $this->userHasRole($user, ['Developer']);
break;
case self::EDIT:
case self::DELETE:
// Only grant EDIT and DELETE permissions if the user has the 'Developer' role.
// - and -
// the user must be associated with the given school,
// either by its primary school attribute
// - or - by WRITE rights for the school
// via the permissions system.
return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $school));
break;
}
return false;
}
/**
* @param CourseInterface $course
* @param UserInterface $user
* @return bool
*/
protected function isViewGranted($course, $user)
{
// grant VIEW privileges if at least one of the following
// statements is true:
// 1. the user's primary school is the course's owning school
// 2. the user has READ rights on the course's owning school via the permissions system
// 3. the user has READ rights on the course via the permissions system
return $this->schoolsAreIdentical($course->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $course->getSchool()) || $this->permissionManager->userHasReadPermissionToCourse($user, $course);
}
/**
* @param int $courseId
* @param int $owningSchoolId
* @param UserInterface $user
*
* @return bool
*/
protected function isViewGranted($courseId, $owningSchoolId, UserInterface $user)
{
// grant VIEW privileges if at least one of the following
// statements is true:
// 1. the user's primary school is the course's owning school
// 2. the user is instructing ILMs or offerings in this course
// 3. the user is directing this course
// 4. the user has READ rights on the course's owning school via the permissions system
// 5. the user has READ rights on the course via the permissions system
return $owningSchoolId === $user->getSchool()->getId() || $this->courseManager->isUserInstructingInCourse($user, $courseId) || $user->isDirectingCourse($courseId) || $this->permissionManager->userHasReadPermissionToSchool($user, $owningSchoolId) || $this->permissionManager->userHasReadPermissionToCourse($user, $courseId);
}
/**
* @param string $attribute
* @param SchoolEvent $event
* @param UserInterface|null $user
* @return bool
*/
protected function isGranted($attribute, $event, $user = null)
{
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
case self::VIEW:
// grant VIEW permissions if the event-owning school matches any of the given user's schools.
$eventOwningSchool = $this->schoolManager->findSchoolBy(['id' => $event->school]);
return $this->schoolsAreIdentical($eventOwningSchool, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $eventOwningSchool);
break;
}
return false;
}
