/** * @param CourseInterface $course * @param UserInterface $user * @return bool */ protected function isWriteGranted($course, $user) { // grant CREATE/EDIT/DELETE privileges if at least one of the following // statements is true: // 1. the user's primary school is the course's owning school // and the user has at least one of the 'Faculty', 'Course Director' and 'Developer' roles. // 2. the user has WRITE rights on the course's owning school via the permissions system // and the user has at least one of the 'Faculty', 'Course Director' and 'Developer' roles. // 3. the user has WRITE rights on the course via the permissions system return $this->userHasRole($user, ['Faculty', 'Course Director', 'Developer']) && ($this->schoolsAreIdentical($course->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $course->getSchool())) || $this->permissionManager->userHasWritePermissionToCourse($user, $course); }
/** * @param string $attribute * @param CourseInterface $course * @param TokenInterface $token * @return bool */ protected function voteOnAttribute($attribute, $course, TokenInterface $token) { $user = $token->getUser(); if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: return $this->isViewGranted($course->getId(), $course->getSchool()->getId(), $user); break; case self::CREATE: case self::EDIT: case self::DELETE: return $this->isWriteGranted($course->getId(), $course->getSchool()->getId(), $user); break; } return false; }