/**
* Checks if access to ACL resource or unique permission is allowed
*
* Usage:
* --
* use \Scalr\Acl\Acl;
*
* The ID of the ACL resource; The ID of the unique permission which is related to specified resource
* $this->request->isAllowed(Acl::RESOURCE_FARMS, Acl::PERM_FARMS_EDIT);
*
* Array of IDs of the ACL resource (check if user have any permission); The ID of the unique permission which is related to specified resource
* $this->request->isAllowed([Acl::RESOURCE_FARMS, Acl::RESOURCE_OWN_FARMS], Acl::PERM_FARMS_EDIT);
*
* Mnemonic constants: resource, permission
* Method interprets $resourceMnemonic as RESOURCE_$resourceMnemonic_$scope, $permissionMnemonic as PERM_$resourceMnemonic_$scope_$permissionMnemonic
* For example, call(ROLES, MANAGE) on account scope will check RESOURCE_ROLES_ACCOUNT, PERM_ROLES_ACCOUNT_MANAGE
* $this->request->isAllowed('ROLES', 'MANAGE');
*
* @param int|string|array $resourceId The ID or Name of the ACL resource or array of resources
* @param string $permissionId optional The ID or Name of the unique permission which is
* related to specified resource.
* @return bool Returns TRUE if access is allowed
*/
public function isAllowed($resourceId, $permissionId = null)
{
if ($this->user->isScalrAdmin()) {
// we don't have permissions on scalr scope
return true;
}
if (is_string($resourceId)) {
$resourceMnemonic = $resourceId;
$resourceId = Acl::getResourceIdByMnemonic($resourceMnemonic, $this->getScope());
$permissionId = $permissionId ? Acl::getPermissionIdByMnemonic($resourceMnemonic, $permissionId, $this->getScope()) : null;
}
if (is_array($resourceId)) {
foreach ($resourceId as $id) {
if (\Scalr::getContainer()->acl->isUserAllowedByEnvironment($this->getUser(), $this->getEnvironment(), $id, $permissionId)) {
return true;
}
}
return false;
} else {
return \Scalr::getContainer()->acl->isUserAllowedByEnvironment($this->getUser(), $this->getEnvironment(), $resourceId, $permissionId);
}
}
