/** * Vote to see if $user can act on the user $subject * $user can do it if $subject is in a group depending on $user * * @param UserInterface $subject * @param UserInterface $user * * @return bool */ protected function voteForUser(UserInterface $subject, UserInterface $user) { foreach ($subject->getGroups() as $group) { if ($this->canActOnSite($group->getSite()->getSiteId(), $user)) { return true; } } return false; }
/** * Check if $subjectKey is in an allowed perimeter to $user * The perimeter to check is of $entityType * * @param string $subjectKey * @param UserInterface $user * @param string $entityType * * @return bool */ protected function isSubjectInPerimeter($subjectKey, UserInterface $user, $entityType) { foreach ($user->getGroups() as $group) { $perimeter = $group->getPerimeter($entityType); if ($perimeter instanceof PerimeterInterface && $this->perimeterManager->isInPerimeter($subjectKey, $perimeter)) { return true; } } return false; }
/** * Vote for $action on $node not owned by $user * A user can act on someone else's node if he has the matching super role and the node is in his perimeter * * @param string $action * @param NodeInterface $node * @param UserInterface $user * * @return bool */ protected function voteForSomeoneElseSubject($action, $node, UserInterface $user) { $requiredRole = ContributionRoleInterface::NODE_CONTRIBUTOR; switch ($action) { case ContributionActionInterface::EDIT: $requiredRole = ContributionRoleInterface::NODE_SUPER_EDITOR; break; case ContributionActionInterface::DELETE: $requiredRole = ContributionRoleInterface::NODE_SUPER_SUPRESSOR; break; } return $user->hasRole($requiredRole) && $this->isSubjectInPerimeter($node->getPath(), $user, NodeInterface::ENTITY_TYPE); }
/** * @param Request $request * @param UserInterface $user * * @return UserInterface */ protected function refreshLanguagesByAliases(UserInterface $user) { $sites = array(); $siteIds = array(); if ($user->isSuperAdmin()) { $sites = $this->container->get('open_orchestra_model.repository.site')->findByDeleted(false); } else { foreach ($user->getGroups() as $group) { /** @var SiteInterface $site */ $site = $group->getSite(); if (!$site->isDeleted() && !in_array($site->getSiteId(), $siteIds)) { $siteIds[] = $site->getSiteId(); $sites[] = $site; } } } foreach ($sites as $site) { if (!$user->hasLanguageBySite($site->getSiteId())) { $user->setLanguageBySite($site->getSiteId(), $site->getDefaultLanguage()); } } return $user; }
/** * @param UserInterface|string $user * * @return bool */ protected function isSuperAdmin($user = null) { return $user instanceof UserInterface && ($user->hasRole(ContributionRoleInterface::DEVELOPER) || $user->hasRole(ContributionRoleInterface::PLATFORM_ADMIN)); }