protected function canDo($attribute, $subject, User $user)
{
// If the user is a system administrator, they can do anything
if ($user->getSystemAdministrator() === true) {
return true;
}
// Otherwise, if the user is trying to access their own account they can do anything
if ($user->getType() === $subject->getType() && $user->getId() === $subject->getId()) {
return true;
}
return false;
}
protected function canDo($attribute, $subject, User $user)
{
// If the user is a system administrator, they can do anything
if ($user->getSystemAdministrator() === true) {
return true;
}
// If the user has no groups, they can't do anything
if ($user->getUserGroupUsers()->count() === 0) {
return false;
}
$allow = false;
foreach ($user->getUserGroupUsers() as $userGroupUsers) {
$groupPermissionsConfiguration = $userGroupUsers->getUserGroup()->getPermissions();
foreach ($groupPermissionsConfiguration as $groupPermissions) {
if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()]) === false) {
continue;
}
$entityClass = $this->getEntityClass();
if ($subject instanceof $entityClass) {
if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()], $groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute]) === true) {
if ($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute] === 'deny') {
return false;
} elseif ($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute] === 'allow') {
$allow = true;
}
}
}
if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'], $groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute]) === true) {
if ($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute] === 'deny') {
return false;
} elseif ($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute] === 'allow') {
$allow = true;
}
}
}
}
return $allow;
}
