/** * @param string $attribute * @param TopicInterface $topic * @param UserInterface $user * @return bool */ protected function isGranted($attribute, $topic, $user = null) { if (!$user instanceof UserInterface) { return false; } switch ($attribute) { // grant VIEW privileges // if the user's primary school is the the topic's owning school // - or - // if the user has READ rights on the topic's owning school // via the permissions system. case self::VIEW: return $this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $topic->getSchool()); break; case self::CREATE: case self::EDIT: case self::DELETE: // grant CREATE, EDIT and DELETE privileges // if the user has the 'Developer' role // - and - // if the user's primary school is the the topic's owning school // - or - // if the user has WRITE rights on the topic's owning school // via the permissions system. return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $topic->getSchool())); break; } return false; }
/** * @param string $attribute * @param SchoolInterface $school * @param UserInterface|null $user * @return bool */ protected function isGranted($attribute, $school, $user = null) { // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // Only grant VIEW permissions if the given school is the given user's // primary school // - or - // if the given user has been granted READ right on the given school // via the permissions system. return $this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $school); break; case self::CREATE: // only developers can create schools. return $this->userHasRole($user, ['Developer']); break; case self::EDIT: case self::DELETE: // Only grant EDIT and DELETE permissions if the user has the 'Developer' role. // - and - // the user must be associated with the given school, // either by its primary school attribute // - or - by WRITE rights for the school // via the permissions system. return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $school)); break; } return false; }
/** * @param string $attribute * @param InstructorGroupInterface $group * @param UserInterface|null $user * @return bool */ protected function isGranted($attribute, $group, $user = null) { // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // grant VIEW privileges if at least one of the following // statements is true: // 1. the user's primary school is the group's owning school // and has at least one of 'Course Director', 'Faculty' and 'Developer' roles. // 2. the user has READ rights on the group's owning school via the permissions system // and has at least one of 'InstructorGroup Director', 'Faculty' and 'Developer' roles. return $this->userHasRole($user, ['Course Director', 'Faculty', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $group->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $group->getSchool())); break; case self::CREATE: case self::EDIT: case self::DELETE: // grant CREATE, EDIT and DELETE privileges if at least one of the following // statements is true: // 1. the user's primary school is the group's owning school // and the user has at least one of the 'Course Director' and 'Developer' roles. // 2. the user has WRITE rights on the group's owning school via the permissions system // and the user has at least one of the 'Course Director' and 'Developer' roles. return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $group->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $group->getSchool())); break; } return false; }
/** * @param string $attribute * @param ProgramInterface $program * @param UserInterface|null $user * @return bool */ protected function isGranted($attribute, $program, $user = null) { // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // the given user is granted VIEW permissions on the given program // when at least one of the following statements is true // 1. The user's primary school is the same as the program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 2. The user has READ permissions on the program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 3. The user has READ permissions on the program. return $this->userHasRole($user, ['Course Director', 'Developer', 'Faculty']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasReadPermissionToProgram($user, $program); break; case self::CREATE: case self::EDIT: case self::DELETE: // the given user is grantedC CREATE, EDIT and DELETE permissions on the given program // when at least one of the following statements is true // 1. The user's primary school is the same as the program's owning school // and the user has at least one of 'Course Director' and 'Developer' role. // 2. The user has WRITE permissions on the program's owning school // and the user has at least one of 'Course Director' and 'Developer' role. // 3. The user has WRITE permissions on the program. return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasWritePermissionToProgram($user, $program); break; } return false; }
/** * @param CourseInterface $course * @param UserInterface $user * @return bool */ protected function isViewGranted($course, $user) { // grant VIEW privileges if at least one of the following // statements is true: // 1. the user's primary school is the course's owning school // 2. the user has READ rights on the course's owning school via the permissions system // 3. the user has READ rights on the course via the permissions system return $this->schoolsAreIdentical($course->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $course->getSchool()) || $this->permissionManager->userHasReadPermissionToCourse($user, $course); }
/** * @param CurriculumInventoryReportInterface $report * @param UserInterface $user * @return bool */ protected function isViewGranted($report, $user) { // Only grant VIEW permissions to users with at least one of // 'Course Director' and 'Developer' roles. // - and - // the user must be associated with the school owning the report's program // either by its primary school attribute // - or - by READ rights for the school // via the permissions system. return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $report->getProgram()->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $report->getProgram()->getSchool())); }
/** * @param ProgramYearInterface $programYear * @param UserInterface $user * @return bool */ protected function isViewGranted($programYear, $user) { // the given user is granted VIEW permissions on the given program year // when at least one of the following statements is true // 1. The user's primary school is the same as the parent program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 2. The user has READ permissions on the parent program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 3. The user's primary school matches at least one of the schools owning the // program years' stewarding department // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 4. The user has READ permissions on the program. return $this->userHasRole($user, ['Course Director', 'Developer', 'Faculty']) && ($this->schoolsAreIdentical($programYear->getProgram()->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $programYear->getProgram()->getSchool()) || $this->stewardManager->schoolIsStewardingProgramYear($user, $programYear)) || $this->permissionManager->userHasReadPermissionToProgram($user, $programYear->getProgram()); }
/** * @param string $attribute * @param SchoolEvent $event * @param UserInterface|null $user * @return bool */ protected function isGranted($attribute, $event, $user = null) { // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // grant VIEW permissions if the event-owning school matches any of the given user's schools. $eventOwningSchool = $this->schoolManager->findSchoolBy(['id' => $event->school]); return $this->schoolsAreIdentical($eventOwningSchool, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $eventOwningSchool); break; } return false; }
/** * @param string $attribute * @param CurriculumInventoryInstitutionInterface $institution * @param UserInterface $user * @return bool */ protected function isGranted($attribute, $institution, $user = null) { if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: case self::EDIT: case self::DELETE: return $this->userHasRole($user, ['Course Director', 'Developer']); break; } switch ($attribute) { case self::VIEW: // Only grant VIEW permissions to users with at least one of // 'Course Director' and 'Developer' roles. // - and - // the user must be associated with the institution's school // either by its primary school attribute // - or - by READ rights for the school // via the permissions system. return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $institution->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $institution->getSchool())); break; case self::CREATE: case self::EDIT: case self::DELETE: // Only grant CREATE, EDIT and DELETE permissions to users with at least one of // 'Course Director' and 'Developer' roles. // - and - // the user must be associated with the institution's school // either by its primary school attribute // - or - by WRITE rights for the school // via the permissions system. return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($user->getSchool(), $institution->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $institution->getSchool())); break; } return false; }