public function isUserAllowedByEnvironment($user, $environment, $resourceId, $permissionId = null)
{
//Checks wheter environment and user are from the same account.
if (!$user instanceof \Scalr_Account_User && !$user instanceof Entity\Account\User) {
throw new \InvalidArgumentException(sprintf('Argument 1 of the method %s should be either Scalr_Account_User or Entity\\Account\\User object, %s given.', __METHOD__, gettype($user)));
} elseif ($user->isScalrAdmin()) {
return true;
} else {
if (empty($environment) || !$environment instanceof \Scalr_Environment && !$environment instanceof Entity\Account\Environment) {
//Account level user permissions
$environment = null;
} else {
if ($environment->getAccountId() != $user->getAccountId()) {
return false;
}
}
}
//Scalr-Admin and Account-Owner is allowed for everything
if ($user->isAccountOwner()) {
return true;
}
if (is_string($resourceId)) {
$resourceId = self::getResourceIdByMnemonic($resourceId);
}
return (bool) ($environment ? $user->getAclRolesByEnvironment($environment->id)->isAllowed($resourceId, $permissionId) : $user->getAclRoles()->isAllowed($resourceId, $permissionId));
}