public function isAllowed(Entity $entity, $privilege)
{
// These checks are run within the user context.
$user = $this->getUser();
// Then we check if a user has the 'admin' role. If they do they're
// allowed access to everything (all entities and all privileges)
if ($this->isUserAdmin($user)) {
return true;
}
// Non-admin users are not allowed to make sets featured
if (in_array($privilege, ['create', 'update']) and $entity->hasChanged('featured')) {
return false;
}
// If the user is the owner of this set, they can do anything
if ($this->isUserOwner($entity, $user)) {
return true;
}
// Check if the Set is only visible to specific roles.
if ($this->isVisibleToUser($entity, $user) and $privilege === 'read') {
return true;
}
// All *logged in* users can create sets
if ($user->getId() and $privilege === 'create') {
return true;
}
// Finally, all users can search sets
if ($privilege === 'search') {
return true;
}
// If no other access checks succeed, we default to denying access
return false;
}
public function update(Entity $entity)
{
$state = ['updated' => time()];
if ($entity->hasChanged('password')) {
$state['password'] = $this->hasher->hash($entity->password);
}
return parent::update($entity->setState($state));
}
public function update(Entity $entity)
{
$post = $entity->getChanged();
$post['updated'] = time();
// Remove attribute values and tags
unset($post['values'], $post['tags'], $post['completed_stages']);
// Update the post
$count = $this->executeUpdate(['id' => $entity->id], $post);
if ($entity->hasChanged('tags')) {
// Update post-tags
$this->updatePostTags($entity->id, $entity->tags);
}
if ($entity->hasChanged('values')) {
// Update post-values
$this->updatePostValues($entity->id, $entity->values);
}
if ($entity->hasChanged('completed_stages')) {
// Update post-stages
$this->updatePostStages($entity->id, $entity->form_id, $entity->completed_stages);
}
return $count;
}
public function update(Entity $entity)
{
$role = $entity->getChanged();
// Remove permissions
unset($role['permissions']);
// ... Update the post
$count = $this->executeUpdate(['id' => $entity->id], $role);
// ... Update permissions
if ($entity->hasChanged('permissions')) {
$this->updatePermissions($entity->name, $entity->permissions);
}
return $count;
}
public function update(Entity $entity)
{
$post = $entity->getChanged();
$post['updated'] = time();
// Remove attribute values and tags
unset($post['values'], $post['tags'], $post['completed_stages'], $post['sets'], $post['source'], $post['color']);
// Convert post_date to mysql format
if (!empty($post['post_date'])) {
$post['post_date'] = $post['post_date']->format("Y-m-d H:i:s");
}
$count = $this->executeUpdate(['id' => $entity->id], $post);
if ($entity->hasChanged('tags')) {
// Update post-tags
$this->updatePostTags($entity->id, $entity->tags);
}
if ($entity->hasChanged('values')) {
// Update post-values
$this->updatePostValues($entity->id, $entity->values);
}
if ($entity->hasChanged('completed_stages')) {
// Update post-stages
$this->updatePostStages($entity->id, $entity->form_id, $entity->completed_stages);
}
return $count;
}
