private function canEdit(Comment $comment, User $user) { // this assumes that the data object has a getOwner() method // to get the entity of the user who owns this data object if ($comment->getUser()->getIsAdmin() and !$user->getIsAdmin()) { return false; } return $user === $comment->getUser() or $user->getIsAdmin() or $user === $comment->getPost()->getAuthor(); }
private function canEdit(Post $post, User $user) { // this assumes that the data object has a getOwner() method // to get the entity of the user who owns this data object //if ($post->getAuthor()->getIsAdmin() and !$user->getIsAdmin()) { // return false; //} return $user === $post->getAuthor() or $user->getIsAdmin(); }
public function getCommentsWithDeleteForms(Request $request, User $user) { $currentPage = $request->query->getInt('page', 1); $repository = $this->doctrine->getManager()->getRepository('AppBundle:Comment'); $count = $repository->countAllComments(); $nextPage = $count > $this->limit * $currentPage ? $currentPage + 1 : false; if ($user->getIsAdmin()) { $comments = $repository->findAllCommentsWithDependencies($currentPage, $this->limit); } else { $comments = $repository->findAllCommentsByUserAndUserPosts($currentPage, $this->limit, $user); } $nextPageUrl = $nextPage ? $nextPageUrl = $this->router->generate('manage_comments', ['page' => $nextPage]) : false; $deleteForms = []; foreach ($comments as $comment) { $deleteForms[$comment->getId()] = $this->formManager->createCommentDeleteForm($comment)->createView(); } $pagination['comments'] = $comments; $pagination['nextPageUrl'] = $nextPageUrl; $pagination['nextPage'] = $nextPage; $pagination['deleteForms'] = $deleteForms; return $pagination; }