/**
* Checks if the combination of permission and userrole is allowed for the given attributes.
*
* @param SecurityCondition $object
* @param int $attribute
* @param Permission $permission
* @param array|null $locales
*
* @return bool
*/
private function isGranted($object, $attribute, Permission $permission, $locales)
{
if (!is_array($locales)) {
$locales = [];
}
$hasContext = $permission->getContext() == $object->getSecurityContext();
$hasLocale = $object->getLocale() == null || in_array($object->getLocale(), $locales);
// if there is a concrete object we only have to check for the locale and context
if ($object->getObjectId() || $object->getObjectType()) {
return $hasContext && $hasLocale;
}
$hasPermission = $permission->getPermissions() & $this->permissions[$attribute];
return $hasContext && $hasPermission && $hasLocale;
}
/**
* Returns the permissions for the given object for the given user.
*
* @param SecurityCondition $securityCondition The condition to check
* @param UserInterface $user The user for the check
*
* @return array
*/
private function getUserObjectPermission(SecurityCondition $securityCondition, UserInterface $user)
{
$permissions = $this->getPermissions($securityCondition->getObjectType(), $securityCondition->getObjectId());
return $this->getUserObjectPermissionByArray($permissions, $user);
}
