public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
{
if (!$role instanceof UserInterface || !$resource instanceof JobInterface || 'edit' != $privilege) {
return false;
}
return $resource->getPermissions()->isGranted($role->getId(), Permissions::PERMISSION_CHANGE);
}
/**
* @param RoleInterface|null $role
* @return $this
*/
public function setRoleId(RoleInterface $role = null)
{
if ($role) {
$this->roleId = $role->getRoleId();
}
return $this;
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
* $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or
* privileges, respectively.
*
* @param Acl $acl
* @param RoleInterface $role
* @param ResourceInterface $resource
* @param string $privilege
* @return bool
*/
public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
{
if (!$role instanceof User) {
return false;
}
$member = $role->getMember();
foreach ($member->getBoardInstallations() as $boardInstall) {
if ($this->isCurrentBoard($boardInstall)) {
return true;
}
}
return false;
}
public function assert(\Zend\Permissions\Acl\Acl $acl, \Zend\Permissions\Acl\Role\RoleInterface $role = null, \Zend\Permissions\Acl\Resource\ResourceInterface $resource = null, $privilege = null)
{
$model = $resource->getModel();
if (!$model instanceof \Application\Authorization\HasRelationToUsersInterface) {
throw new \InvalidArgumentException('The resource being checked must implement HasRelationToUsersInterface. Either implement the interface, or modify ACL rules.');
}
// If we found the user in relations, that means there is a relation, so return false (duh!)
foreach ($model->getUsers() as $user) {
if ($user === $role->getUser()) {
return false;
}
}
return true;
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
* $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or
* privileges, respectively.
*
* @param Acl $acl
* @param RoleInterface $role
* @param ResourceInterface $resource
* @param string $privilege
* @return bool
*/
public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
{
if (!$role instanceof User) {
return false;
}
if (!$resource instanceof OrganResourceInterface) {
return false;
}
$member = $role->getMember();
$organ = $resource->getResourceOrgan();
foreach ($member->getOrganInstallations() as $organInstall) {
if ($organInstall->getOrgan()->getId() === $organ->getId() && $this->isCurrentMember($organInstall)) {
return true;
}
}
return false;
}
/**
* Returns true, if the user has write access to the job granted from the organization.
*
* @param RoleInterface $role This must be a UserInterface instance
* @param ResourceInterface $resource This must be a JobInterface instance
*
* @return bool
*/
protected function checkOrganizationPermissions($role, $resource)
{
/* @var $resource \Jobs\Entity\JobInterface */
/* @var $role \Auth\Entity\UserInterface */
$organization = $resource->getOrganization();
if (!$organization) {
return false;
}
if ($organization->isHiringOrganization()) {
$organization = $organization->getParent();
}
$orgUser = $organization->getUser();
if ($orgUser && $role->getId() == $orgUser->getId()) {
return true;
}
$employees = $organization->getEmployees();
foreach ($employees as $emp) {
/* @var $emp \Organizations\Entity\EmployeeInterface */
if ($emp->getUser()->getId() == $role->getId() && $emp->getPermissions()->isAllowed(EmployeePermissionsInterface::JOBS_CHANGE)) {
return true;
}
}
return false;
}
/**
* Returns true if and only if the Role exists in the registry
*
* The $role parameter can either be a Role or a Role identifier.
*
* @param RoleInterface|string $role
* @return bool
*/
public function has($role)
{
if ($role instanceof RoleInterface) {
$roleId = $role->getRoleId();
} else {
$roleId = (string) $role;
}
return isset($this->roles[$roleId]);
}
/**
* Checks write Access on attachments
*
* @param RoleInterface $role
* @param ResourceInterface $resource
* @return boolean
*/
protected function assertWrite($role, $resource)
{
$job = $resource->getJob();
return $job && $role->getId() == $job->getUser()->getId();
}
/**
* Returns true if and only if the assertion conditions are met
*
* This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
* $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or
* privileges, respectively.
*
* @param Acl $acl
* @param RoleInterface $role
* @param ResourceInterface $resource
* @param string $privilege
* @return bool
*/
public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
{
if ($this->inWhitelist($role->getRoleId(), $resource->getResourceId(), $privilege)) {
return false;
}
$rows = $this->getRolesAndResources($role->getRoleId(), $resource->getResourceId());
foreach ($rows as $row) {
$methods = explode(',', $row['methods']);
if (!in_array($privilege, $methods)) {
return false;
}
}
return true;
}
public function getPermissions(RoleInterface $role)
{
$final = array();
foreach ($this->permissions as $perm) {
if ($perm['role'] instanceof RoleInterface && $role->getRoleId() != $perm['role']->getRoleId()) {
continue;
} elseif (is_string($perm['role']) && $role->getRoleId() != $perm['role']) {
continue;
}
array_push($final, $perm);
}
return $final;
}
