/** * @param string $attribute * @param ProgramInterface $program * @param UserInterface|null $user * @return bool */ protected function isGranted($attribute, $program, $user = null) { // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // the given user is granted VIEW permissions on the given program // when at least one of the following statements is true // 1. The user's primary school is the same as the program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 2. The user has READ permissions on the program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 3. The user has READ permissions on the program. return $this->userHasRole($user, ['Course Director', 'Developer', 'Faculty']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasReadPermissionToProgram($user, $program); break; case self::CREATE: case self::EDIT: case self::DELETE: // the given user is grantedC CREATE, EDIT and DELETE permissions on the given program // when at least one of the following statements is true // 1. The user's primary school is the same as the program's owning school // and the user has at least one of 'Course Director' and 'Developer' role. // 2. The user has WRITE permissions on the program's owning school // and the user has at least one of 'Course Director' and 'Developer' role. // 3. The user has WRITE permissions on the program. return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasWritePermissionToProgram($user, $program); break; } return false; }
/** * @param string $attribute * @param LearnerGroupInterface $group * @param UserInterface|null $user * @return bool */ protected function isGranted($attribute, $group, $user = null) { // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // grant VIEW privileges if at least one of the following // statements is true: // 1. the user's primary school is the group's owning school // and has at least one of 'Course Director', 'Faculty' and 'Developer' roles. // 2. the user has READ rights on the group's owning school via the permissions system // and has at least one of 'Course Director', 'Faculty' and 'Developer' roles. // 3. the user has READ rights to the group's owning program. return $this->userHasRole($user, ['Course Director', 'Faculty', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $group->getCohort()->getProgramYear()->getProgram()->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $group->getCohort()->getProgramYear()->getProgram()->getSchool())) || $this->permissionManager->userHasReadPermissionToProgram($user, $group->getCohort()->getProgramYear()->getProgram()); break; case self::CREATE: case self::EDIT: case self::DELETE: // grant CREATE, EDIT and DELETE privileges if at least one of the following // statements is true: // 1. the user's primary school is the group's owning school // and the user has at least one of the 'Course Director' and 'Developer' roles. // 2. the user has WRITE rights on the group's owning school via the permissions system // and the user has at least one of the 'Course Director' and 'Developer' roles. // 3. the user has WRITE rights to the group's owning program. return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $group->getCohort()->getProgramYear()->getProgram()->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $group->getCohort()->getProgramYear()->getProgram()->getSchool())) || $this->permissionManager->userHasWritePermissionToProgram($user, $group->getCohort()->getProgramYear()->getProgram()); break; } return false; }
/** * @param ProgramYearInterface $programYear * @param UserInterface $user * @return bool */ protected function isViewGranted($programYear, $user) { // the given user is granted VIEW permissions on the given program year // when at least one of the following statements is true // 1. The user's primary school is the same as the parent program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 2. The user has READ permissions on the parent program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 3. The user's primary school matches at least one of the schools owning the // program years' stewarding department // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 4. The user has READ permissions on the program. return $this->userHasRole($user, ['Course Director', 'Developer', 'Faculty']) && ($this->schoolsAreIdentical($programYear->getProgram()->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $programYear->getProgram()->getSchool()) || $this->stewardManager->schoolIsStewardingProgramYear($user, $programYear)) || $this->permissionManager->userHasReadPermissionToProgram($user, $programYear->getProgram()); }