/**
* Is the requested action allowed for this user?
* If the permission applies to content, the "obj" cannot be empty. Owner-
* dependent permissions use the {@link OBJECT_IN_FOLDER::owner()} to
* determine the full permission. {@link APPLICATION_USER_OPTIONS} defines a
* few settings that control which permissions are owner-dependent. If the
* permission set is {@link Privilege_set_user}, the "obj" must be a {@link
* USER} instead.
* @param string $set_name Check this set of permissions.
* @param integer $type Check this permission (or permissions).
* @param OBJECT_IN_FOLDER|USER $obj
* @see OBJECT_IN_FOLDER
* @return boolean
*/
public function is_allowed($set_name, $type, $obj = null)
{
$this->assert(!$this->ad_hoc_login, 'Cannot use an ad-hoc login.', 'is_allowed', 'USER');
$user_options = $this->app->user_options;
$user_permissions = $this->permissions();
if ($user_permissions->global_privileges->supports($set_name)) {
$Result = $user_permissions->global_privileges->enabled($set_name, $type);
if ($set_name == Privilege_set_user) {
switch ($type) {
case Privilege_view:
if ($obj) {
$Result = $Result || $obj->equals($this);
}
break;
case Privilege_modify:
$Result = $Result || $user_options->users_can_edit_self && $obj->equals($this);
break;
}
}
if ($set_name == Privilege_set_global) {
switch ($type) {
case Privilege_subscribe:
case Privilege_password:
if ($obj) {
$Result = $Result || $obj->equals($this);
}
break;
}
}
} else {
if ($user_permissions->allow_privileges->enabled($set_name, $type)) {
$Result = true;
} else {
if ($user_permissions->deny_privileges->enabled($set_name, $type)) {
$Result = false;
} else {
/** @var FOLDER $folder */
$folder = $obj->security_context();
$folder_permissions = $folder->permissions();
$Result = $folder_permissions->enabled($set_name, $type);
if (!$Result) {
/** @var USER $owner */
$owner = $obj->owner();
switch ($type) {
case Privilege_view:
case Privilege_view_history:
$Result |= $owner->equals($this);
break;
case Privilege_modify:
$Result |= $user_options->users_can_modify_own_content && $owner->equals($this);
break;
case Privilege_delete:
$Result |= $user_options->users_can_delete_own_content && $owner->equals($this);
break;
case Privilege_purge:
$Result |= $user_options->users_can_purge_own_content && $owner->equals($this);
break;
}
}
}
}
}
return $Result;
}