/** * allowed * * @param User $adminUser * @param User $targetUser * * @return bool */ public function allowed(User $adminUser, User $targetUser) { $isAllowed = $this->rcmUserService->isUserAllowed($this->aclConfig['resourceId'], $this->aclConfig['privilege'], $this->aclConfig['providerId'], $targetUser); if ($isAllowed) { return new RestrictionResult(false, 'Cannot switch to this user'); } return new RestrictionResult(true); }
/** * isImpersonatorUserAllowed * * @param $resourceId * @param $privilege * @param $providerId * @param $user * * @return bool|mixed */ public function isImpersonatorUserAllowed($resourceId, $privilege, $providerId, $user) { $user = $this->switchUserService->getImpersonatorUser($user); if (empty($user)) { return false; } return $this->rcmUserService->isUserAllowed($resourceId, $privilege, $providerId, $user); }
/** * @deprecated use SwitchUserAclService::isSuAllowed * isAllowed * * this is only a basic access check, * the restrictions should catch and log any access attempts * * @param $suUser * * @return bool|mixed */ public function isAllowed($suUser) { if (empty($suUser)) { return false; } $aclConfig = $this->aclConfig; return $this->rcmUserService->isUserAllowed($aclConfig['resourceId'], $aclConfig['privilege'], $aclConfig['providerId'], $suUser); }