public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
{
if (!$role instanceof UserInterface || !$resource instanceof JobInterface || 'edit' != $privilege) {
return false;
}
return $resource->getPermissions()->isGranted($role->getId(), Permissions::PERMISSION_CHANGE);
}
/**
* Returns true, if the user has write access to the job granted from the organization.
*
* @param RoleInterface $role This must be a UserInterface instance
* @param ResourceInterface $resource This must be a JobInterface instance
*
* @return bool
*/
protected function checkOrganizationPermissions($role, $resource)
{
/* @var $resource \Jobs\Entity\JobInterface */
/* @var $role \Auth\Entity\UserInterface */
$organization = $resource->getOrganization();
if (!$organization) {
return false;
}
if ($organization->isHiringOrganization()) {
$organization = $organization->getParent();
}
$orgUser = $organization->getUser();
if ($orgUser && $role->getId() == $orgUser->getId()) {
return true;
}
$employees = $organization->getEmployees();
foreach ($employees as $emp) {
/* @var $emp \Organizations\Entity\EmployeeInterface */
if ($emp->getUser()->getId() == $role->getId() && $emp->getPermissions()->isAllowed(EmployeePermissionsInterface::JOBS_CHANGE)) {
return true;
}
}
return false;
}
/**
* Checks write Access on attachments
*
* @param RoleInterface $role
* @param ResourceInterface $resource
* @return boolean
*/
protected function assertWrite($role, $resource)
{
$job = $resource->getJob();
return $job && $role->getId() == $job->getUser()->getId();
}
