public function checkEntityRead(User $user, Entity $entity, $data) { if ($user->isAdmin()) { return true; } if ($entity->get('parentId') && $entity->get('parentType')) { $parent = $this->getEntityManager()->getEntity($entity->get('parentType'), $entity->get('parentId')); if ($parent) { if ($parent->getEntityType() === 'Note') { if ($parent->get('parentId') && $parent->get('parentType')) { $parentOfParent = $this->getEntityManager()->getEntity($parent->get('parentType'), $parent->get('parentId')); if ($this->getAclManager()->checkEntity($user, $parentOfParent)) { return true; } } else { return true; } } else { if ($this->getAclManager()->checkEntity($user, $parent)) { return true; } } } } else { return true; } if ($this->checkEntity($user, $entity, $data, 'read')) { return true; } return false; }
public function checkReadOnlyContact(User $user, $scope) { if ($user->isAdmin()) { return false; } $data = $this->getTable($user)->getScopeData($scope); return $this->getImplementation($scope)->checkReadOnlyContact($user, $data); }
public function checkEntityDelete(User $user, Entity $entity, $data) { if ($user->isAdmin()) { return true; } if ($this->checkEntity($user, $entity, $data, 'delete')) { return true; } if (is_object($data)) { if ($data->edit !== 'no') { if ($entity->has('createdById') && $entity->get('createdById') == $user->id) { if (!$entity->has('assignedUserId')) { return true; } else { if (!$entity->get('assignedUserId')) { return true; } if ($entity->get('assignedUserId') == $entity->get('createdById')) { return true; } } } } } return false; }
public function getScopeForbiddenFieldList(User $user, $scope, $action = 'read', $thresholdLevel = 'no') { if ($user->isAdmin()) { return []; } return $this->getTable($user)->getScopeForbiddenFieldList($scope, $action, $thresholdLevel); }
public function checkScope(User $user, $scope, $action = null, $isOwner = null, $inTeam = null, $entity = null) { if ($user->isAdmin()) { return true; } $data = $this->getTable($user)->getScopeData($scope); return $this->getImplementation($scope)->checkScope($user, $data, $scope, $action, $isOwner, $inTeam, $entity); }
public function checkScope(User $user, $data, $action = null, Entity $entity = null, $entityAccessData = array()) { if ($user->isAdmin()) { return true; } if (is_null($data)) { return false; } if ($data === false) { return false; } if ($data === true) { return true; } if (is_string($data)) { return true; } $isOwner = null; if (isset($entityAccessData['isOwner'])) { $isOwner = $entityAccessData['isOwner']; } $inAccount = null; if (isset($entityAccessData['inAccount'])) { $inAccount = $entityAccessData['inAccount']; } $isOwnContact = null; if (isset($entityAccessData['isOwnContact'])) { $isOwnContact = $entityAccessData['isOwnContact']; } if (is_null($action)) { return true; } if (!isset($data->{$action})) { return true; } $value = $data->{$action}; if ($value === 'all' || $value === 'yes' || $value === true) { return true; } if (!$value || $value === 'no') { return false; } if (is_null($isOwner)) { if ($entity) { $isOwner = $this->checkIsOwner($user, $entity); } else { return true; } } if ($isOwner) { if ($value === 'own' || $value === 'account' || $value === 'contact') { return true; } } if ($value === 'account') { if (is_null($inAccount) && $entity) { $inAccount = $this->checkInAccount($user, $entity); } if ($inAccount) { return true; } } if ($value === 'contact') { if (is_null($isOwnContact) && $entity) { $isOwnContact = $this->checkIsOwnContact($user, $entity); } if ($isOwnContact) { return true; } } return false; }
public function checkUser(User $user, $permission, User $entity) { if ($user->isAdmin()) { return true; } if ($this->get($user, $permission) === 'no') { if ($entity->id !== $user->id) { return false; } } else { if ($this->get($user, $permission) === 'team') { if ($entity->id != $user->id) { $teamIdList1 = $user->getTeamIdList(); $teamIdList2 = $entity->getTeamIdList(); $inTeam = false; foreach ($teamIdList1 as $id) { if (in_array($id, $teamIdList2)) { $inTeam = true; break; } } if (!$inTeam) { return false; } } } } return true; }