/**
* Returns if a role can be added to a RoleSubject.
*
* @param AbstractRoleSubject $ars
* @param Role $role
* @return bool
*/
public function validateRoleInsert(AbstractRoleSubject $ars, Role $role)
{
$total = $this->countUsersByRoleIncludingGroup($role);
//cli always win!
if ($role->getName() === 'ROLE_ADMIN' && php_sapi_name() === 'cli' || $this->container->get('security.token_storage')->getToken() === null) {
return true;
}
if ($role->getName() === 'ROLE_ADMIN' && !$this->container->get('security.authorization_checker')->isGranted('ROLE_ADMIN')) {
return false;
}
//if we already have the role, then it's ok
if ($ars->hasRole($role->getName())) {
return true;
}
if ($role->getWorkspace()) {
$maxUsers = $role->getWorkspace()->getMaxUsers();
$countByWorkspace = $this->container->get('claroline.manager.workspace_manager')->countUsers($role->getWorkspace(), true);
if ($maxUsers <= $countByWorkspace) {
return false;
}
}
if ($ars instanceof User) {
return $total < $role->getMaxUsers();
}
if ($ars instanceof Group) {
$userCount = $this->userRepo->countUsersOfGroup($ars);
$userWithRoleCount = $this->userRepo->countUsersOfGroupByRole($ars, $role);
return $total + $userCount - $userWithRoleCount < $role->getMaxUsers();
}
return false;
}
