public function getEffectivePermissions($permitable = null) { assert('$permitable === null || $permitable instanceof Permitable'); if ($permitable === null) { $permitable = Yii::app()->user->userModel; if (!$permitable instanceof User) { throw new NoCurrentUserSecurityException(); } } if (Permission::ALL == $this->resolveEffectivePermissionsForOwnerAndCreatedByUser($permitable)) { return Permission::ALL; } else { return parent::getEffectivePermissions($permitable); } }
public function getEffectivePermissions($permitable = null) { assert('$permitable === null || $permitable instanceof Permitable'); if ($permitable === null) { $permitable = Yii::app()->user->userModel; if (!$permitable instanceof User) { throw new NoCurrentUserSecurityException(); } } $owner = $this->unrestrictedGet('owner'); $createdByUser = $this->unrestrictedGet('createdByUser'); # If an owned securable item doesn't yet have an owner # then whoever is creating it has full access to it. If they # save it with the owner being someone else they are giving # it away and potentially lose access to it. if ($owner->id < 0 || $owner->isSame($permitable)) { return Permission::ALL; } elseif ($this->id < 0 && ($createdByUser->id > 0 && $createdByUser->isSame($permitable) || $createdByUser->id < 0) || $this->treatCurrentUserAsOwnerForPermissions) { return Permission::ALL; } else { return parent::getEffectivePermissions($permitable); } }