/** * @param string $attribute * @param DepartmentInterface $department * @param TokenInterface $token * @return bool */ protected function voteOnAttribute($attribute, $department, TokenInterface $token) { $user = $token->getUser(); if (!$user instanceof UserInterface) { return false; } switch ($attribute) { // grant VIEW privileges // if the user's primary school is the the departments's owning school // - or - // if the user has READ rights on the department's owning school // via the permissions system. case self::VIEW: return $this->schoolsAreIdentical($department->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $department->getSchool()->getId()); break; case self::CREATE: case self::EDIT: case self::DELETE: // grant CREATE, EDIT and DELETE privileges // if the user has the 'Developer' role // - and - // if the user's primary school is the the department's owning school // - or - // if the user has WRITE rights on the departments's owning school // via the permissions system. return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($department->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $department->getSchool()->getId())); break; } return false; }
/** * @param array $data * @param DepartmentInterface $entity */ protected function assertDataEquals(array $data, $entity) { // `department_id`,`title`,`school_id` $this->assertEquals($data[0], $entity->getId()); $this->assertEquals($data[1], $entity->getTitle()); $this->assertEquals($data[2], $entity->getSchool()->getId()); }