/** * @param Ticket $ticket */ private function removePrivateComments(Ticket $ticket) { $user = $this->authorizationService->getLoggedUser(); if (!$user instanceof ApiUser) { return; } $comments = $ticket->getComments(); foreach ($comments as $comment) { if ($comment->isPrivate()) { $comments->removeElement($comment); } } }
/** * @param Ticket $ticket */ private function removePrivateComments(Ticket $ticket) { $user = $this->authorizationService->getLoggedUser(); if (!$user instanceof ApiUser) { return; } $comments = $ticket->getComments(); $commentsList = $comments->toArray(); $comments->clear(); foreach ($commentsList as $comment) { if (!$comment->isPrivate()) { $comments->add($comment); } } $comments->takeSnapshot(); }
/** * Update Diamante and Api users related to current session * * @ApiDoc( * description="Update current user", * uri="/users/current.{_format}", * method={ * "PATCH", * "PUT" * }, * resource=true, * statusCodes={ * 200="Returned when successful", * 403="Returned when the user is not authorized to update user", * 404="Returned when the user is not found" * } * ) * * @param UpdateUserCommand $command * @return DiamanteUser */ public function update(UpdateUserCommand $command) { $apiUser = $this->authorizationService->getLoggedUser(); $diamanteUser = $this->loadDiamanteUser($apiUser); if ($command->firstName) { $diamanteUser->setFirstName($command->firstName); } if ($command->lastName) { $diamanteUser->setLastName($command->lastName); } if ($command->password) { $apiUser->setPassword($command->password); } $this->diamanteUserRepository->store($diamanteUser); $this->apiUserRepository->store($apiUser); return $diamanteUser; }
/** * Verify permissions through Oro Platform security bundle * * @param string $operation * @param Comment|string $entity * @throws ForbiddenException */ private function isGranted($operation, $entity) { // User should have ability to view all comments (except private) // if he is an owner of a ticket if ($operation === 'VIEW' && is_object($entity)) { if ($this->authorizationService->getLoggedUser()) { $loggedUser = $this->authorizationService->getLoggedUser(); if ($loggedUser instanceof ApiUser) { $loggedUser = $this->userService->getUserFromApiUser($loggedUser); } /** @var User $reporter */ $reporter = $entity->getTicket()->getReporter(); if ($loggedUser && $reporter && $loggedUser->getId() == $reporter->getId()) { return; } } } if (!$this->authorizationService->isActionPermitted($operation, $entity)) { throw new ForbiddenException("Not enough permissions."); } }