/**
* allowed
*
* @param User $adminUser
* @param User $targetUser
*
* @return bool
*/
public function allowed(User $adminUser, User $targetUser)
{
$isAllowed = $this->rcmUserService->isUserAllowed($this->aclConfig['resourceId'], $this->aclConfig['privilege'], $this->aclConfig['providerId'], $targetUser);
if ($isAllowed) {
return new RestrictionResult(false, 'Cannot switch to this user');
}
return new RestrictionResult(true);
}
/**
* isImpersonatorUserAllowed
*
* @param $resourceId
* @param $privilege
* @param $providerId
* @param $user
*
* @return bool|mixed
*/
public function isImpersonatorUserAllowed($resourceId, $privilege, $providerId, $user)
{
$user = $this->switchUserService->getImpersonatorUser($user);
if (empty($user)) {
return false;
}
return $this->rcmUserService->isUserAllowed($resourceId, $privilege, $providerId, $user);
}
/**
* @deprecated use SwitchUserAclService::isSuAllowed
* isAllowed
*
* this is only a basic access check,
* the restrictions should catch and log any access attempts
*
* @param $suUser
*
* @return bool|mixed
*/
public function isAllowed($suUser)
{
if (empty($suUser)) {
return false;
}
$aclConfig = $this->aclConfig;
return $this->rcmUserService->isUserAllowed($aclConfig['resourceId'], $aclConfig['privilege'], $aclConfig['providerId'], $suUser);
}
