public function isAuthorized($user)
{
AuthState::setAuth($this->Auth, $this->hasAuthUser());
$auths = $this->Crud->action()->config('auth') ?: ['super'];
foreach ($auths as $role) {
if (AuthState::hasRole($role)) {
return true;
}
}
return false;
}
public function ruleRoleChange($entity, $options)
{
if (!$entity->dirty('role') || AuthState::hasRole('super')) {
return true;
}
$msg = true;
// don't demote someone who is above your auth level
if (!AuthState::hasRole($entity->getOriginal('role'))) {
$msg = "Cannot demote user that has more permissions than you.";
}
// don't promote someone to above your auth level
if (!AuthState::hasRole($entity->get('role'))) {
$msg = "Cannot promote user to more permissions than you have.";
}
if ($msg !== true) {
$entity->errors('role', $msg);
return false;
}
return true;
}
public function __construct($properties = [], $options = [])
{
parent::__construct($properties, $options);
if ($this->isNew()) {
$this->set($this->_defaults, ['guard' => false]);
}
foreach ($this->_editAuth as $p => $access) {
if (is_bool($access)) {
$this->accessible($p, $access);
continue;
}
if (!is_array($access)) {
$access = [$access];
}
$this->accessible($p, false);
foreach ($access as $auth) {
if (AuthState::hasRole($auth)) {
$this->accessible($p, true);
break;
}
}
}
foreach ($this->_showAuth as $p => $access) {
if (!is_array($access)) {
$access = [$access];
}
$show = false;
foreach ($access as $auth) {
if (AuthState::hasRole($auth)) {
$show = true;
break;
}
}
if (!$show) {
$this->_hidden[] = $p;
}
}
}
