/** * @param File $file * @param string $priviledge * * @return bool */ protected function checkPermissions($file, $priviledge) { if (isset($this->user)) { // check if current user is owner of the file if ($file->getOwner() == $this->user->getUname()) { return true; } } foreach ($file->getPermissions() as $permission) { if ($permission->priviledge != $priviledge) { // provided priviledge is not requested continue; } if ($permission->context == Security_Permission::CONTEXT_ALL) { // provided priviledge applies to everyone return true; } if (!isset($this->user)) { // no user is set, can't check for user / group permissions continue; } if ($permission->context == Security_Permission::CONTEXT_USER && $permission->subject == $this->user->getUname()) { // permission is explicitly granted for this user return true; } if ($permission->context == Security_Permission::CONTEXT_GROUP && in_array($permission->subject, $this->user->getGroups())) { // permission is granted for all users in group return true; } } return false; }