public function isGranted(User $user, $attributes, $object = null) { if (is_array($attributes) === false) { $attributes = [$attributes]; } return self::$accessDecisionManager->decide(new UsernamePasswordToken($user, 'none', 'none', $user->getRoles()), $attributes, $object); }
protected function canDo($attribute, $subject, User $user) { // If the user is trying to access their own participant entry record they can do anything if ($user->getId() === $subject->getParticipant()->getUser()->getId()) { return true; } return parent::canDo($attribute, $subject, $user); }
protected function canDo($attribute, $subject, User $user) { // If the user is trying to access their own answers they can do anything if ($user->getId() === $subject->getServerUser()->getUser()->getId()) { return true; } return parent::canDo($attribute, $subject, $user); }
protected function canDo($attribute, $subject, User $user) { // If the user is a system administrator, they can do anything if ($user->getSystemAdministrator() === true) { return true; } // Otherwise, if the user is trying to access their own account they can do anything if ($user->getType() === $subject->getType() && $user->getId() === $subject->getId()) { return true; } return false; }
protected function canDo($attribute, $subject, User $user) { // If the user is a system administrator, they can do anything if ($user->getSystemAdministrator() === true) { return true; } // If the user has no groups, they can't do anything if ($user->getUserGroupUsers()->count() === 0) { return false; } $allow = false; foreach ($user->getUserGroupUsers() as $userGroupUsers) { $groupPermissionsConfiguration = $userGroupUsers->getUserGroup()->getPermissions(); foreach ($groupPermissionsConfiguration as $groupPermissions) { if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()]) === false) { continue; } $entityClass = $this->getEntityClass(); if ($subject instanceof $entityClass) { if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()], $groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute]) === true) { if ($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute] === 'deny') { return false; } elseif ($groupPermissions[$this->getExtendablePermissionClassCodeName()][$subject->getId()][$attribute] === 'allow') { $allow = true; } } } if (isset($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'], $groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute]) === true) { if ($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute] === 'deny') { return false; } elseif ($groupPermissions[$this->getExtendablePermissionClassCodeName()]['all'][$attribute] === 'allow') { $allow = true; } } } } return $allow; }
protected function adjustUserTwitchSubscriberGroup(UserResponseInterface $userResponse, User $user) { if (self::$configurationService->has('core.twitch.access.subscriber.access_group') === true) { $subscriber = false; foreach (self::$configurationService->get('core.twitch.access.site_owners') as $siteOwner) { if (empty($siteOwner['username']) === true) { continue; } try { $response = self::$twitchClient->get(vsprintf(self::SUBSCRIBES_TO_TWITCH_CHANNEL_ENDPOINT, [$user->getUsernameWithoutPrefix(), $siteOwner['username']]), ['headers' => ['Authorization' => 'OAuth ' . $userResponse->getAccessToken()]]); if ($response->getStatusCode() === 200) { $decodedResponse = json_decode($response->getBody()->getContents()); if (isset($decodedResponse->created_at) === true) { $subscriber = true; break; } } } catch (ClientException $exception) { // Do nothing } } $subscriberUserGroup = self::$userGroupManager->findOneBy(['id' => self::$configurationService->get('core.twitch.access.subscriber.access_group')]); $this->adjustUserGroup($user, $subscriberUserGroup, $subscriber); } }