public function isAllowed(Entity $entity, $privilege) { // These checks are run within the user context. $user = $this->getUser(); // Then we check if a user has the 'admin' role. If they do they're // allowed access to everything (all entities and all privileges) if ($this->isUserAdmin($user)) { return true; } // Non-admin users are not allowed to make sets featured if (in_array($privilege, ['create', 'update']) and $entity->hasChanged('featured')) { return false; } // If the user is the owner of this set, they can do anything if ($this->isUserOwner($entity, $user)) { return true; } // Check if the Set is only visible to specific roles. if ($this->isVisibleToUser($entity, $user) and $privilege === 'read') { return true; } // All *logged in* users can create sets if ($user->getId() and $privilege === 'create') { return true; } // Finally, all users can search sets if ($privilege === 'search') { return true; } // If no other access checks succeed, we default to denying access return false; }
public function update(Entity $entity) { $state = ['updated' => time()]; if ($entity->hasChanged('password')) { $state['password'] = $this->hasher->hash($entity->password); } return parent::update($entity->setState($state)); }
public function update(Entity $entity) { $post = $entity->getChanged(); $post['updated'] = time(); // Remove attribute values and tags unset($post['values'], $post['tags'], $post['completed_stages']); // Update the post $count = $this->executeUpdate(['id' => $entity->id], $post); if ($entity->hasChanged('tags')) { // Update post-tags $this->updatePostTags($entity->id, $entity->tags); } if ($entity->hasChanged('values')) { // Update post-values $this->updatePostValues($entity->id, $entity->values); } if ($entity->hasChanged('completed_stages')) { // Update post-stages $this->updatePostStages($entity->id, $entity->form_id, $entity->completed_stages); } return $count; }
public function update(Entity $entity) { $role = $entity->getChanged(); // Remove permissions unset($role['permissions']); // ... Update the post $count = $this->executeUpdate(['id' => $entity->id], $role); // ... Update permissions if ($entity->hasChanged('permissions')) { $this->updatePermissions($entity->name, $entity->permissions); } return $count; }
public function update(Entity $entity) { $post = $entity->getChanged(); $post['updated'] = time(); // Remove attribute values and tags unset($post['values'], $post['tags'], $post['completed_stages'], $post['sets'], $post['source'], $post['color']); // Convert post_date to mysql format if (!empty($post['post_date'])) { $post['post_date'] = $post['post_date']->format("Y-m-d H:i:s"); } $count = $this->executeUpdate(['id' => $entity->id], $post); if ($entity->hasChanged('tags')) { // Update post-tags $this->updatePostTags($entity->id, $entity->tags); } if ($entity->hasChanged('values')) { // Update post-values $this->updatePostValues($entity->id, $entity->values); } if ($entity->hasChanged('completed_stages')) { // Update post-stages $this->updatePostStages($entity->id, $entity->form_id, $entity->completed_stages); } return $count; }