/** * @param string $attribute * @param TopicInterface $topic * @param UserInterface $user * @return bool */ protected function isGranted($attribute, $topic, $user = null) { if (!$user instanceof UserInterface) { return false; } switch ($attribute) { // grant VIEW privileges // if the user's primary school is the the topic's owning school // - or - // if the user has READ rights on the topic's owning school // via the permissions system. case self::VIEW: return $this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $topic->getSchool()); break; case self::CREATE: case self::EDIT: case self::DELETE: // grant CREATE, EDIT and DELETE privileges // if the user has the 'Developer' role // - and - // if the user's primary school is the the topic's owning school // - or - // if the user has WRITE rights on the topic's owning school // via the permissions system. return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $topic->getSchool())); break; } return false; }
/** * @param string $attribute * @param SchoolInterface $school * @param UserInterface|null $user * @return bool */ protected function isGranted($attribute, $school, $user = null) { // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // Only grant VIEW permissions if the given school is the given user's // primary school // - or - // if the given user has been granted READ right on the given school // via the permissions system. return $this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $school); break; case self::CREATE: // only developers can create schools. return $this->userHasRole($user, ['Developer']); break; case self::EDIT: case self::DELETE: // Only grant EDIT and DELETE permissions if the user has the 'Developer' role. // - and - // the user must be associated with the given school, // either by its primary school attribute // - or - by WRITE rights for the school // via the permissions system. return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $school)); break; } return false; }
/** * @param CourseInterface $course * @param UserInterface $user * @return bool */ protected function isViewGranted($course, $user) { // grant VIEW privileges if at least one of the following // statements is true: // 1. the user's primary school is the course's owning school // 2. the user has READ rights on the course's owning school via the permissions system // 3. the user has READ rights on the course via the permissions system return $this->schoolsAreIdentical($course->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $course->getSchool()) || $this->permissionManager->userHasReadPermissionToCourse($user, $course); }
/** * @param int $courseId * @param int $owningSchoolId * @param UserInterface $user * * @return bool */ protected function isViewGranted($courseId, $owningSchoolId, UserInterface $user) { // grant VIEW privileges if at least one of the following // statements is true: // 1. the user's primary school is the course's owning school // 2. the user is instructing ILMs or offerings in this course // 3. the user is directing this course // 4. the user has READ rights on the course's owning school via the permissions system // 5. the user has READ rights on the course via the permissions system return $owningSchoolId === $user->getSchool()->getId() || $this->courseManager->isUserInstructingInCourse($user, $courseId) || $user->isDirectingCourse($courseId) || $this->permissionManager->userHasReadPermissionToSchool($user, $owningSchoolId) || $this->permissionManager->userHasReadPermissionToCourse($user, $courseId); }
/** * @param string $attribute * @param SchoolEvent $event * @param UserInterface|null $user * @return bool */ protected function isGranted($attribute, $event, $user = null) { // make sure there is a user object (i.e. that the user is logged in) if (!$user instanceof UserInterface) { return false; } switch ($attribute) { case self::VIEW: // grant VIEW permissions if the event-owning school matches any of the given user's schools. $eventOwningSchool = $this->schoolManager->findSchoolBy(['id' => $event->school]); return $this->schoolsAreIdentical($eventOwningSchool, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $eventOwningSchool); break; } return false; }