/** * Gets and checks the requested user * @return boolean False if processing can continue */ protected function BeforeInit() { $this->user = User::Schema()->ByID(Request::GetData('user')); if (!$this->user || !self::Guard()->Allow(BackendAction::AssignGroups(), $this->user)) { //TODO: Error message Response::Redirect(BackendRouter::ModuleUrl(new UserList())); } return parent::BeforeInit(); }
/** * True if user group can be assigned * @return bool */ protected function CanAssignGroup() { return self::Guard()->Allow(BackendAction::AssignGroups(), $this->site); }
private function CanAssignGroup() { return self::Guard()->Allow(BackendAction::AssignGroups(), $this->Content()); }
private function GrantOnUser(BackendAction $action, User $user) { $allowed = false; switch ($action) { case BackendAction::Delete(): case BackendAction::ChangeIsAdmin(): $allowed = $this->IsAdministrator() && !$this->GetUser()->Equals($user); break; case BackendAction::AssignGroups(): $allowed = $this->IsAdministrator() && !$user->GetIsAdmin(); break; case BackendAction::Edit(): case BackendAction::Read(): $allowed = $this->IsAdministrator() || $this->GetUser()->Equals($user); break; case BackendAction::Create(): $allowed = $this->IsAdministrator(); break; } return $allowed ? GrantResult::Allowed() : GrantResult::NoAccess(); }
/** * True if current user can assign user groups * @param User $user The user for assignment * @return boolean Returns true if the action is allowed */ protected function CanAssignGroups(User $user) { return self::Guard()->Allow(BackendAction::AssignGroups(), $user); }