/** * Validate Access Control for actions * * @access private * @param Organizations\Entity\Organization $organization * @return bool is access valid or not */ private function validateAccessControl($organization) { $accessValid = true; $auth = new AuthenticationService(); $storage = $auth->getIdentity(); $query = $this->getServiceLocator()->get('wrapperQuery'); if ($auth->hasIdentity() && !in_array(Role::ADMIN_ROLE, $storage['roles'])) { $currentUserOrganizationUser = $query->findOneBy('Organizations\\Entity\\OrganizationUser', array("user" => $storage['id'], "organization" => $organization->getId())); if (!is_object($currentUserOrganizationUser) || !in_array(Role::TEST_CENTER_ADMIN_ROLE, $storage['roles']) && $organization->getType() == Organization::TYPE_ATC || !in_array(Role::TRAINING_MANAGER_ROLE, $storage['roles']) && $organization->getType() == Organization::TYPE_ATP) { $accessValid = false; } } return $accessValid; }