private function GrantOnUser(BackendAction $action, User $user)
{
$allowed = false;
switch ($action) {
case BackendAction::Delete():
case BackendAction::ChangeIsAdmin():
$allowed = $this->IsAdministrator() && !$this->GetUser()->Equals($user);
break;
case BackendAction::AssignGroups():
$allowed = $this->IsAdministrator() && !$user->GetIsAdmin();
break;
case BackendAction::Edit():
case BackendAction::Read():
$allowed = $this->IsAdministrator() || $this->GetUser()->Equals($user);
break;
case BackendAction::Create():
$allowed = $this->IsAdministrator();
break;
}
return $allowed ? GrantResult::Allowed() : GrantResult::NoAccess();
}
protected function CanChangeIsAdmin()
{
return self::Guard()->Allow(BackendAction::ChangeIsAdmin(), $this->user);
}
/**
*
* True if user can lock modules
* @return bool Returns true if current user can lock (backend) modules for a group
*/
protected function CanLockModules(Usergroup $group)
{
return self::Guard()->Allow(BackendAction::ChangeIsAdmin(), $group);
}
