/**
* Returns an access Bitmask for the given user on this post
* @param User $user The user mask to fetch
* @return Bitmask
*/
public function get_access( $user = null )
{
if ( ! $user instanceof User ) {
$user = User::identify();
}
if ( $user->can( 'super_user' ) ) {
return ACL::get_bitmask( 'full' );
}
// Collect a list of applicable tokens
$tokens = array(
'post_any',
'post_' . Post::type_name( $this->content_type ),
);
if ( $user->id == $this->user_id ) {
$tokens[] = 'own_posts';
}
$tokens = array_merge( $tokens, $this->get_tokens() );
// collect all possible token accesses on this post
$token_accesses = array();
foreach ( $tokens as $token ) {
$access = ACL::get_user_token_access( $user, $token );
if ( $access instanceof Bitmask ) {
$token_accesses[] = ACL::get_user_token_access( $user, $token )->value;
}
}
// now that we have all the accesses, loop through them to build the access to the particular post
if ( in_array( 0, $token_accesses ) ) {
return ACL::get_bitmask( 0 );
}
return ACL::get_bitmask( Utils::array_or( $token_accesses ) );
}
/**
* Returns an access Bitmask for the given user on this comment. Read access is determined
* by the associated post. Update/delete is determined by the comment management tokens.
* @param User $user The user mask to fetch
* @return Bitmask
*/
public function get_access($user = null)
{
if (!$user instanceof User) {
$user = User::identify();
}
// these tokens automatically grant full access to the comment
if ($user->can('super_user') || $user->can('manage_all_comments') || $user->id == $this->post->user_id && $user->can('manage_own_post_comments')) {
return ACL::get_bitmask('full');
}
/* If we got this far, we can't update or delete a comment. We still need to check if we have
* read access to it. Collect a list of applicable tokens
*/
$tokens = array('post_any', 'post_' . Post::type_name($this->post->content_type));
if ($user->id == $this->post->user_id) {
$tokens[] = 'own_posts';
}
$tokens = array_merge($tokens, $this->post->get_tokens());
$token_accesses = array();
// grab the access masks on these tokens
foreach ($tokens as $token) {
$access = ACL::get_user_token_access($user, $token);
if ($access instanceof Bitmask) {
$token_accesses[] = ACL::get_user_token_access($user, $token)->value;
}
}
// now that we have all the accesses, loop through them to build the access to the particular post
if (in_array(0, $token_accesses)) {
return ACL::get_bitmask(0);
}
if (ACL::get_bitmask(Utils::array_or($token_accesses))->read) {
return ACL::get_bitmask('read');
}
// if we haven't returned by this point, we can neither manage the comment nor read it
return ACL::get_bitmask(0);
}
