Exemplo n.º 1
0
 /**
  * @param string $attribute
  * @param LearnerGroupInterface $group
  * @param TokenInterface $token
  * @return bool
  */
 protected function voteOnAttribute($attribute, $group, TokenInterface $token)
 {
     $user = $token->getUser();
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // do not enforce special views permissions on learner groups.
             return true;
             break;
         case self::CREATE:
         case self::EDIT:
         case self::DELETE:
             // grant CREATE, EDIT and DELETE privileges if at least one of the following
             // statements is true:
             // 1. the user's primary school is the group's owning school
             //    and the user has at least one of the 'Course Director' and 'Developer' roles.
             // 2. the user has WRITE rights on the group's owning school via the permissions system
             //    and the user has at least one of the 'Course Director' and 'Developer' roles.
             // 3. the user has WRITE rights to the group's owning program.
             return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $group->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $group->getSchool()->getId())) || $this->permissionManager->userHasWritePermissionToProgram($user, $group->getProgram());
             break;
     }
     return false;
 }
Exemplo n.º 2
0
 /**
  * @param string $attribute
  * @param LearnerGroupInterface $group
  * @param UserInterface|null $user
  * @return bool
  */
 protected function isGranted($attribute, $group, $user = null)
 {
     // make sure there is a user object (i.e. that the user is logged in)
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // grant VIEW privileges if at least one of the following
             // statements is true:
             // 1. the user's primary school is the group's owning school
             //    and has at least one of 'Course Director', 'Faculty' and 'Developer' roles.
             // 2. the user has READ rights on the group's owning school via the permissions system
             //    and has at least one of 'Course Director', 'Faculty' and 'Developer' roles.
             // 3. the user has READ rights to the group's owning program.
             return $this->userHasRole($user, ['Course Director', 'Faculty', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $group->getCohort()->getProgramYear()->getProgram()->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $group->getCohort()->getProgramYear()->getProgram()->getSchool())) || $this->permissionManager->userHasReadPermissionToProgram($user, $group->getCohort()->getProgramYear()->getProgram());
             break;
         case self::CREATE:
         case self::EDIT:
         case self::DELETE:
             // grant CREATE, EDIT and DELETE privileges if at least one of the following
             // statements is true:
             // 1. the user's primary school is the group's owning school
             //    and the user has at least one of the 'Course Director' and 'Developer' roles.
             // 2. the user has WRITE rights on the group's owning school via the permissions system
             //    and the user has at least one of the 'Course Director' and 'Developer' roles.
             // 3. the user has WRITE rights to the group's owning program.
             return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $group->getCohort()->getProgramYear()->getProgram()->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $group->getCohort()->getProgramYear()->getProgram()->getSchool())) || $this->permissionManager->userHasWritePermissionToProgram($user, $group->getCohort()->getProgramYear()->getProgram());
             break;
     }
     return false;
 }