/**
* Get an array of Role names granted to the user that permit the requested
* action on the given OwnedEntity. If the user has no roles that
* permit the requested action, then return an empty array.
* <p>
* Supported actions: EDIT_OBJECT, NGI_ADD_SITE, GRANT_ROLE, REJECT_ROLE, REVOKE_ROLE
*
* @param string $action
* @param \OwnedEntity $entity
* @param \User $callingUser
* @return array of RoleName values
* @throws LogicException If unsupported enitity type or action is passed
*/
public function authorizeAction($action, \OwnedEntity $entity, \User $callingUser)
{
$siteService = new \org\gocdb\services\Site();
$siteService->setEntityManager($this->em);
$ngiService = new \org\gocdb\services\NGI();
$ngiService->setEntityManager($this->em);
$sgService = new \org\gocdb\services\ServiceGroup();
$sgService->setEntityManager($this->em);
$projectService = new \org\gocdb\services\Project();
$projectService->setEntityManager($this->em);
if ($entity instanceof \NGI) {
$grantingRoles = $ngiService->authorizeAction($action, $entity, $callingUser);
} else {
if ($entity instanceof \Site) {
$grantingRoles = $siteService->authorizeAction($action, $entity, $callingUser);
} else {
if ($entity instanceof \Project) {
$grantingRoles = $projectService->authorizeAction($action, $entity, $callingUser);
} else {
if ($entity instanceof \ServiceGroup) {
$grantingRoles = $sgService->authorizeAction($action, $entity, $callingUser);
} else {
throw new \LogicException('Unsuppored OwnedEntity type');
}
}
}
}
return $grantingRoles;
}
