/** * Checks if the combination of permission and userrole is allowed for the given attributes. * * @param SecurityCondition $object * @param int $attribute * @param Permission $permission * @param array|null $locales * * @return bool */ private function isGranted($object, $attribute, Permission $permission, $locales) { if (!is_array($locales)) { $locales = []; } $hasContext = $permission->getContext() == $object->getSecurityContext(); $hasLocale = $object->getLocale() == null || in_array($object->getLocale(), $locales); // if there is a concrete object we only have to check for the locale and context if ($object->getObjectId() || $object->getObjectType()) { return $hasContext && $hasLocale; } $hasPermission = $permission->getPermissions() & $this->permissions[$attribute]; return $hasContext && $hasPermission && $hasLocale; }
/** * Returns the permissions for the given object for the given user. * * @param SecurityCondition $securityCondition The condition to check * @param UserInterface $user The user for the check * * @return array */ private function getUserObjectPermission(SecurityCondition $securityCondition, UserInterface $user) { $permissions = $this->getPermissions($securityCondition->getObjectType(), $securityCondition->getObjectId()); return $this->getUserObjectPermissionByArray($permissions, $user); }