/** * @param User $user the user object * @return boolean whether the rule applies to the role */ protected function matchRole($user) { if (empty($this->roles)) { return true; } foreach ($this->roles as $role) { if ($role === '?' && $user->getIsGuest()) { return true; } elseif ($role === '@' && !$user->getIsGuest()) { return true; } elseif ($user->checkAccess($role)) { return true; } } return false; }