/** * Checks the access. * * @param Request $request Incoming request * @return boolean Indicates if an operator has access or not. */ public function __invoke(Request $request) { // Check if the operator is logged in if (!parent::__invoke($request)) { return false; } $operator = $this->getOperator(); $target_operator_id = $request->attributes->getInt('operator_id', false); return is_capable(CAN_ADMINISTRATE, $operator) || is_capable(CAN_MODIFYPROFILE, $operator) && $operator['operatorid'] == $target_operator_id; }
/** * Checks the access. * * @param Request $request Incoming request * @return boolean Indicates if an operator has access or not. */ public function __invoke(Request $request) { // Check if the operator is logged in if (!parent::__invoke($request)) { return false; } $operator = $this->getOperator(); $permissions = $request->attributes->get('_access_permissions', array()); foreach ($permissions as $permission) { if (!is_capable($this->resolvePermission($permission), $operator)) { return false; } } return true; }