public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null) { if (!$role instanceof UserInterface || !$resource instanceof JobInterface || 'edit' != $privilege) { return false; } return $resource->getPermissions()->isGranted($role->getId(), Permissions::PERMISSION_CHANGE); }
/** * Returns true, if the user has write access to the job granted from the organization. * * @param RoleInterface $role This must be a UserInterface instance * @param ResourceInterface $resource This must be a JobInterface instance * * @return bool */ protected function checkOrganizationPermissions($role, $resource) { /* @var $resource \Jobs\Entity\JobInterface */ /* @var $role \Auth\Entity\UserInterface */ $organization = $resource->getOrganization(); if (!$organization) { return false; } if ($organization->isHiringOrganization()) { $organization = $organization->getParent(); } $orgUser = $organization->getUser(); if ($orgUser && $role->getId() == $orgUser->getId()) { return true; } $employees = $organization->getEmployees(); foreach ($employees as $emp) { /* @var $emp \Organizations\Entity\EmployeeInterface */ if ($emp->getUser()->getId() == $role->getId() && $emp->getPermissions()->isAllowed(EmployeePermissionsInterface::JOBS_CHANGE)) { return true; } } return false; }
/** * Checks write Access on attachments * * @param RoleInterface $role * @param ResourceInterface $resource * @return boolean */ protected function assertWrite($role, $resource) { $job = $resource->getJob(); return $job && $role->getId() == $job->getUser()->getId(); }