public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null) { if (!$role instanceof UserInterface || !$resource instanceof JobInterface || 'edit' != $privilege) { return false; } return $resource->getPermissions()->isGranted($role->getId(), Permissions::PERMISSION_CHANGE); }
/** * @param RoleInterface|null $role * @return $this */ public function setRoleId(RoleInterface $role = null) { if ($role) { $this->roleId = $role->getRoleId(); } return $this; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the * $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or * privileges, respectively. * * @param Acl $acl * @param RoleInterface $role * @param ResourceInterface $resource * @param string $privilege * @return bool */ public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null) { if (!$role instanceof User) { return false; } $member = $role->getMember(); foreach ($member->getBoardInstallations() as $boardInstall) { if ($this->isCurrentBoard($boardInstall)) { return true; } } return false; }
public function assert(\Zend\Permissions\Acl\Acl $acl, \Zend\Permissions\Acl\Role\RoleInterface $role = null, \Zend\Permissions\Acl\Resource\ResourceInterface $resource = null, $privilege = null) { $model = $resource->getModel(); if (!$model instanceof \Application\Authorization\HasRelationToUsersInterface) { throw new \InvalidArgumentException('The resource being checked must implement HasRelationToUsersInterface. Either implement the interface, or modify ACL rules.'); } // If we found the user in relations, that means there is a relation, so return false (duh!) foreach ($model->getUsers() as $user) { if ($user === $role->getUser()) { return false; } } return true; }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the * $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or * privileges, respectively. * * @param Acl $acl * @param RoleInterface $role * @param ResourceInterface $resource * @param string $privilege * @return bool */ public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null) { if (!$role instanceof User) { return false; } if (!$resource instanceof OrganResourceInterface) { return false; } $member = $role->getMember(); $organ = $resource->getResourceOrgan(); foreach ($member->getOrganInstallations() as $organInstall) { if ($organInstall->getOrgan()->getId() === $organ->getId() && $this->isCurrentMember($organInstall)) { return true; } } return false; }
/** * Returns true, if the user has write access to the job granted from the organization. * * @param RoleInterface $role This must be a UserInterface instance * @param ResourceInterface $resource This must be a JobInterface instance * * @return bool */ protected function checkOrganizationPermissions($role, $resource) { /* @var $resource \Jobs\Entity\JobInterface */ /* @var $role \Auth\Entity\UserInterface */ $organization = $resource->getOrganization(); if (!$organization) { return false; } if ($organization->isHiringOrganization()) { $organization = $organization->getParent(); } $orgUser = $organization->getUser(); if ($orgUser && $role->getId() == $orgUser->getId()) { return true; } $employees = $organization->getEmployees(); foreach ($employees as $emp) { /* @var $emp \Organizations\Entity\EmployeeInterface */ if ($emp->getUser()->getId() == $role->getId() && $emp->getPermissions()->isAllowed(EmployeePermissionsInterface::JOBS_CHANGE)) { return true; } } return false; }
/** * Returns true if and only if the Role exists in the registry * * The $role parameter can either be a Role or a Role identifier. * * @param RoleInterface|string $role * @return bool */ public function has($role) { if ($role instanceof RoleInterface) { $roleId = $role->getRoleId(); } else { $roleId = (string) $role; } return isset($this->roles[$roleId]); }
/** * Checks write Access on attachments * * @param RoleInterface $role * @param ResourceInterface $resource * @return boolean */ protected function assertWrite($role, $resource) { $job = $resource->getJob(); return $job && $role->getId() == $job->getUser()->getId(); }
/** * Returns true if and only if the assertion conditions are met * * This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the * $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or * privileges, respectively. * * @param Acl $acl * @param RoleInterface $role * @param ResourceInterface $resource * @param string $privilege * @return bool */ public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null) { if ($this->inWhitelist($role->getRoleId(), $resource->getResourceId(), $privilege)) { return false; } $rows = $this->getRolesAndResources($role->getRoleId(), $resource->getResourceId()); foreach ($rows as $row) { $methods = explode(',', $row['methods']); if (!in_array($privilege, $methods)) { return false; } } return true; }
public function getPermissions(RoleInterface $role) { $final = array(); foreach ($this->permissions as $perm) { if ($perm['role'] instanceof RoleInterface && $role->getRoleId() != $perm['role']->getRoleId()) { continue; } elseif (is_string($perm['role']) && $role->getRoleId() != $perm['role']) { continue; } array_push($final, $perm); } return $final; }