Gets roles by specified ID of environment
public getAclRolesByEnvironment ( integer $envId, boolean $ignoreCache = false ) : Scalr\Acl\Role\AccountRoleSuperposition | ||
$envId | integer | The ID of the client's environment |
$ignoreCache | boolean | optional Ignore cache. |
리턴 | Scalr\Acl\Role\AccountRoleSuperposition | Returns the list of the roles of account level by specified environment |
/** * Gets acl roles superposition for the request * * @return \Scalr\Acl\Role\AccountRoleSuperposition */ protected function getAclRoles() { if (!$this->aclRoles) { $this->aclRoles = $this->user->getAclRolesByEnvironment($this->Environment->id); } return $this->aclRoles; }
/** * Checks wheter access to ACL resource or unique permission is allowed. * * @param \Scalr_Account_User $user The user * @param \Scalr_Environment $environment The client's environment * @param int $resourceId The ID of the ACL resource or its symbolic name without "RESOURCE_" prefix. * @param string $permissionId optional The ID of the uniqure permission which is * related to specified resource. * @return bool Returns TRUE if access is allowed */ public function isUserAllowedByEnvironment(\Scalr_Account_User $user, $environment, $resourceId, $permissionId = null) { //Checks wheter environment and user are from the same account. if ($user->isScalrAdmin()) { return true; } else { if (!$environment instanceof \Scalr_Environment) { //If environment is not defined it will return false. return false; } else { if ($environment->clientId != $user->getAccountId()) { return false; } } } //Scalr-Admin and Account-Owner is allowed for everything if ($user->isAccountOwner()) { return true; } if (is_string($resourceId)) { $sName = 'Scalr\\Acl\\Acl::RESOURCE_' . strtoupper($resourceId); if (defined($sName)) { $resourceId = constant($sName); } else { throw new \InvalidArgumentException(sprintf('Cannot find ACL resource %s by specified symbolic name %s.', $sName, $resourceId)); } } return (bool) $user->getAclRolesByEnvironment($environment->id)->isAllowed($resourceId, $permissionId); }