/**
* Checks if specified resource is allowed for superposition of the roles.
*
* If access permission is allowed at least in one role it is considered to be allowed.
* Current exclude filter will be applied
*
* @param int $resourceId The ID of the resource.
* @param string $permissionId optional The ID of the permission associated with resource.
* @return bool|null Returns true if access is allowed.
* If resource or permission isn't overridden it returns null.
* @throws Exception\RoleObjectException
*/
public function isAllowed($resourceId, $permissionId = null)
{
$allowed = false;
if ($this->user) {
if ($this->user->isAccountOwner() || $this->user->isScalrAdmin()) {
//Scalr Admin and Account Owner is allowed for everything, without any ACL defined for them.
return true;
} else {
if ($resourceId === Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS && $permissionId === null && $this->user->canManageAcl()) {
//Account Admin should be able to manage all relatings between environments and teams
return true;
}
}
}
$iterator = $this->getIterator();
while ($iterator->valid() && !$allowed) {
//If access permission is allowed at least in one role it is considered to be allowed.
$allowed = $allowed || (bool) $iterator->current()->isAllowed($resourceId, $permissionId);
$iterator->next();
}
return $allowed;
}