protected function canDo($attribute, $subject, User $user) { // If the user is a system administrator, they can do anything if ($user->getSystemAdministrator() === true) { return true; } // Otherwise, if the user is trying to access their own account they can do anything if ($user->getType() === $subject->getType() && $user->getId() === $subject->getId()) { return true; } return false; }
protected function canDo($attribute, $subject, User $user) { // If the user is a system administrator, they can do anything if ($user->getSystemAdministrator() === true) { return true; } // If the user has no groups, they can't do anything if ($user->getUserGroupUsers()->count() === 0) { return false; } $allow = false; foreach ($user->getUserGroupUsers() as $userGroupUsers) { $groupPermissionsConfiguration = $userGroupUsers->getUserGroup()->getPermissions(); foreach ($groupPermissionsConfiguration as $groupPermissions) { if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()]) === false) { continue; } $entityClass = $this->getEntityClass(); if ($subject instanceof $entityClass) { if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()], $groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute]) === true) { if ($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute] === 'deny') { return false; } elseif ($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute] === 'allow') { $allow = true; } } } if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'], $groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute]) === true) { if ($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute] === 'deny') { return false; } elseif ($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute] === 'allow') { $allow = true; } } } } return $allow; }