Maps provided SPI Policy value object to API Policy value object.
public buildDomainPolicyObject ( eZ\Publish\SPI\Persistence\User\Policy $spiPolicy ) : eZ\Publish\API\Repository\Values\User\Policy | eZ\Publish\API\Repository\Values\User\PolicyDraft | ||
$spiPolicy | eZ\Publish\SPI\Persistence\User\Policy | |
return | eZ\Publish\API\Repository\Values\User\Policy | eZ\Publish\API\Repository\Values\User\PolicyDraft |
/** * Loads all policies from roles which are assigned to a user or to user groups to which the user belongs. * * @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a user with the given id was not found * * @param mixed $userId * * @return \eZ\Publish\API\Repository\Values\User\Policy[] */ public function loadPoliciesByUserId($userId) { $spiPolicies = $this->userHandler->loadPoliciesByUserId($userId); $policies = array(); foreach ($spiPolicies as $spiPolicy) { $policies[] = $this->roleDomainMapper->buildDomainPolicyObject($spiPolicy); } if (empty($policies)) { $this->userHandler->load($userId); } // For NotFoundException in case userId is invalid return $policies; }
public function hasAccess($module, $function, APIUserReference $userReference = null) { // Full access if sudo nesting level is set by {@see sudo()} if ($this->sudoNestingLevel > 0) { return true; } if ($userReference === null) { $userReference = $this->getCurrentUserReference(); } // Uses SPI to avoid triggering permission checks in Role/User service $permissionSets = array(); $spiRoleAssignments = $this->userHandler->loadRoleAssignmentsByGroupId($userReference->getUserId(), true); foreach ($spiRoleAssignments as $spiRoleAssignment) { $permissionSet = array('limitation' => null, 'policies' => array()); $spiRole = $this->userHandler->loadRole($spiRoleAssignment->roleId); foreach ($spiRole->policies as $spiPolicy) { if ($spiPolicy->module === '*' && $spiRoleAssignment->limitationIdentifier === null) { return true; } if ($spiPolicy->module !== $module && $spiPolicy->module !== '*') { continue; } if ($spiPolicy->function === '*' && $spiRoleAssignment->limitationIdentifier === null) { return true; } if ($spiPolicy->function !== $function && $spiPolicy->function !== '*') { continue; } if ($spiPolicy->limitations === '*' && $spiRoleAssignment->limitationIdentifier === null) { return true; } $permissionSet['policies'][] = $this->roleDomainMapper->buildDomainPolicyObject($spiPolicy); } if (!empty($permissionSet['policies'])) { if ($spiRoleAssignment->limitationIdentifier !== null) { $permissionSet['limitation'] = $this->limitationService->getLimitationType($spiRoleAssignment->limitationIdentifier)->buildValue($spiRoleAssignment->values); } $permissionSets[] = $permissionSet; } } if (!empty($permissionSets)) { return $permissionSets; } return false; // No policies matching $module and $function, or they contained limitations }