/** * @param string $attribute * @param ProgramInterface $program * @param TokenInterface $token * @return bool */ protected function voteOnAttribute($attribute, $program, TokenInterface $token) { $user = $token->getUser(); if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // do not enforce special views permissions on programs. return true; break; case self::CREATE: case self::EDIT: case self::DELETE: // the given user is granted CREATE, EDIT and DELETE permissions on the given program // when at least one of the following statements is true // 1. The user's primary school is the same as the program's owning school // and the user has at least one of 'Course Director' and 'Developer' role. // 2. The user has WRITE permissions on the program's owning school // and the user has at least one of 'Course Director' and 'Developer' role. // 3. The user has WRITE permissions on the program. return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $program->getSchool()->getId())) || $this->permissionManager->userHasWritePermissionToProgram($user, $program); break; } return false; }
/** * @param string $attribute * @param ProgramInterface $program * @param UserInterface|null $user * @return bool */ protected function isGranted($attribute, $program, $user = null) { // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // the given user is granted VIEW permissions on the given program // when at least one of the following statements is true // 1. The user's primary school is the same as the program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 2. The user has READ permissions on the program's owning school // and the user has at least one of 'Course Director', 'Faculty' and 'Developer' role. // 3. The user has READ permissions on the program. return $this->userHasRole($user, ['Course Director', 'Developer', 'Faculty']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasReadPermissionToProgram($user, $program); break; case self::CREATE: case self::EDIT: case self::DELETE: // the given user is grantedC CREATE, EDIT and DELETE permissions on the given program // when at least one of the following statements is true // 1. The user's primary school is the same as the program's owning school // and the user has at least one of 'Course Director' and 'Developer' role. // 2. The user has WRITE permissions on the program's owning school // and the user has at least one of 'Course Director' and 'Developer' role. // 3. The user has WRITE permissions on the program. return $this->userHasRole($user, ['Course Director', 'Developer']) && ($this->schoolsAreIdentical($program->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $program->getSchool())) || $this->permissionManager->userHasWritePermissionToProgram($user, $program); break; } return false; }
/** * {@inheritdoc} */ public function userHasWritePermissionToProgram(UserInterface $user, ProgramInterface $program) { return $this->userHasPermission($user, self::CAN_WRITE, 'program', $program->getId()); }
/** * @return ProgramInterface */ public function getProgram() { if ($this->program && !$this->program->isDeleted()) { return $this->program; } return null; }
/** * {@inheritdoc} */ public function deleteProgram(ProgramInterface $program) { $program->setDeleted(true); $this->updateProgram($program); }