public function isGranted(User $user, $attributes, $object = null)
{
if (is_array($attributes) === false) {
$attributes = [$attributes];
}
return self::$accessDecisionManager->decide(new UsernamePasswordToken($user, 'none', 'none', $user->getRoles()), $attributes, $object);
}
protected function canDo($attribute, $subject, User $user)
{
// If the user is trying to access their own participant entry record they can do anything
if ($user->getId() === $subject->getParticipant()->getUser()->getId()) {
return true;
}
return parent::canDo($attribute, $subject, $user);
}
protected function canDo($attribute, $subject, User $user)
{
// If the user is trying to access their own answers they can do anything
if ($user->getId() === $subject->getServerUser()->getUser()->getId()) {
return true;
}
return parent::canDo($attribute, $subject, $user);
}
protected function canDo($attribute, $subject, User $user)
{
// If the user is a system administrator, they can do anything
if ($user->getSystemAdministrator() === true) {
return true;
}
// Otherwise, if the user is trying to access their own account they can do anything
if ($user->getType() === $subject->getType() && $user->getId() === $subject->getId()) {
return true;
}
return false;
}
protected function canDo($attribute, $subject, User $user)
{
// If the user is a system administrator, they can do anything
if ($user->getSystemAdministrator() === true) {
return true;
}
// If the user has no groups, they can't do anything
if ($user->getUserGroupUsers()->count() === 0) {
return false;
}
$allow = false;
foreach ($user->getUserGroupUsers() as $userGroupUsers) {
$groupPermissionsConfiguration = $userGroupUsers->getUserGroup()->getPermissions();
foreach ($groupPermissionsConfiguration as $groupPermissions) {
if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()]) === false) {
continue;
}
$entityClass = $this->getEntityClass();
if ($subject instanceof $entityClass) {
if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()], $groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute]) === true) {
if ($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute] === 'deny') {
return false;
} elseif ($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute] === 'allow') {
$allow = true;
}
}
}
if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'], $groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute]) === true) {
if ($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute] === 'deny') {
return false;
} elseif ($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute] === 'allow') {
$allow = true;
}
}
}
}
return $allow;
}
protected function adjustUserTwitchSubscriberGroup(UserResponseInterface $userResponse, User $user)
{
if (self::$configurationService->has('core.twitch.access.subscriber.access_group') === true) {
$subscriber = false;
foreach (self::$configurationService->get('core.twitch.access.site_owners') as $siteOwner) {
if (empty($siteOwner['username']) === true) {
continue;
}
try {
$response = self::$twitchClient->get(vsprintf(self::SUBSCRIBES_TO_TWITCH_CHANNEL_ENDPOINT, [$user->getUsernameWithoutPrefix(), $siteOwner['username']]), ['headers' => ['Authorization' => 'OAuth ' . $userResponse->getAccessToken()]]);
if ($response->getStatusCode() === 200) {
$decodedResponse = json_decode($response->getBody()->getContents());
if (isset($decodedResponse->created_at) === true) {
$subscriber = true;
break;
}
}
} catch (ClientException $exception) {
// Do nothing
}
}
$subscriberUserGroup = self::$userGroupManager->findOneBy(['id' => self::$configurationService->get('core.twitch.access.subscriber.access_group')]);
$this->adjustUserGroup($user, $subscriberUserGroup, $subscriber);
}
}
