/**
* Verify permissions through Oro Platform security bundle
*
* @param string $operation
* @param Comment|string $entity
* @throws ForbiddenException
*/
private function isGranted($operation, $entity)
{
// User should have ability to view all comments (except private)
// if he is an owner of a ticket
if ($operation === 'VIEW' && is_object($entity)) {
if ($this->authorizationService->getLoggedUser()) {
$loggedUser = $this->authorizationService->getLoggedUser();
if ($loggedUser instanceof ApiUser) {
$loggedUser = $this->userService->getUserFromApiUser($loggedUser);
}
/** @var User $reporter */
$reporter = $entity->getTicket()->getReporter();
if ($loggedUser && $reporter && $loggedUser->getId() == $reporter->getId()) {
return;
}
}
}
if (!$this->authorizationService->isActionPermitted($operation, $entity)) {
throw new ForbiddenException("Not enough permissions.");
}
}
/**
* Verify permissions through Oro Platform security bundle
*
* @param string $operation
* @param $entity
* @throws \Oro\Bundle\SecurityBundle\Exception\ForbiddenException
*/
private function isGranted($operation, $entity)
{
if (!$this->authorizationService->isActionPermitted($operation, $entity)) {
throw new ForbiddenException("Not enough permissions.");
}
}
