public function filterManipulatableRoles($id, array $newRoles)
{
$oldRoles = [];
if ($id && ($user = $this->getUser($id))) {
$oldRoles = $user['roles'];
}
$manipulatableRoles = $this->app['permissions']->getManipulatableRoles($this->getCurrentUser());
$roles = [];
// Remove roles if the current user can manipulate that role
foreach ($oldRoles as $role) {
if ($role === Permissions::ROLE_EVERYONE) {
continue;
}
if (in_array($role, $newRoles) || !in_array($role, $manipulatableRoles)) {
$roles[] = $role;
}
}
// Add roles if the current user can manipulate that role
foreach ($newRoles as $role) {
if (in_array($role, $manipulatableRoles)) {
$roles[] = $role;
}
}
return array_unique($roles);
}