/**
* Performs access check for the specified user.
*
* @param AccessRole $item the item to be checked against.
* @param IPluggableUserProfile $profile the concerned user.
* @param boolean $askForPrivilegeElevation whether we should check for
* privilege elevation if the user has access
* @param array $params additional params that may be used into the business
* rule execution.
* @param AccessAssignment[] $assignments the assignments to specified user
* @return boolean true if the access should be granted, false if it should be denied
*/
protected function checkAccessRecursive(AccessRole $item, IPluggableUserProfile $profile, $askForPrivilegeElevation, array $params = array(), array $assignments = array())
{
Yii::trace('Checking permission "' . $item->getRoleName() . '" for user "' . $profile->getName() . '"', 'access.manager.auth');
if (!isset($params['userId'])) {
$params['userId'] = $profile->getId();
}
if ($this->executeBizRule($item->getBusinessRule(), $params, $item->getData())) {
if (in_array($item->getRoleName(), $this->defaultRoles)) {
return $this->checkRingLevel($item, $askForPrivilegeElevation);
}
foreach ($assignments as $assignment) {
if ($assignment->access_role_id === $item->access_role_id) {
if ($this->executeBizRule($assignment->getBusinessRule(), $params, $assignment->getData())) {
return $this->checkRingLevel($item, $askForPrivilegeElevation);
}
}
}
foreach ($item->higherAccessRoles as $parent) {
if ($this->checkAccessRecursive($parent, $profile, $askForPrivilegeElevation, $params, $assignments)) {
return $this->checkRingLevel($item, $askForPrivilegeElevation);
}
}
}
return false;
}
