Checks whether the user is allowed to manage ACL
public canManageAcl ( ) : boolean | ||
return | boolean | Returns true if user is allowed to manage ACL |
/** * Checks if specified resource is allowed for superposition of the roles. * * If access permission is allowed at least in one role it is considered to be allowed. * Current exclude filter will be applied * * @param int $resourceId The ID of the resource. * @param string $permissionId optional The ID of the permission associated with resource. * @return bool|null Returns true if access is allowed. * If resource or permission isn't overridden it returns null. * @throws Exception\RoleObjectException */ public function isAllowed($resourceId, $permissionId = null) { $allowed = false; if ($this->user) { if ($this->user->isAccountOwner() || $this->user->isScalrAdmin()) { //Scalr Admin and Account Owner is allowed for everything, without any ACL defined for them. return true; } else { if ($resourceId === Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS && $permissionId === null && $this->user->canManageAcl()) { //Account Admin should be able to manage all relatings between environments and teams return true; } } } $iterator = $this->getIterator(); while ($iterator->valid() && !$allowed) { //If access permission is allowed at least in one role it is considered to be allowed. $allowed = $allowed || (bool) $iterator->current()->isAllowed($resourceId, $permissionId); $iterator->next(); } return $allowed; }