public function isAllowed($resourceId, $permissionId = null)
{
$allowed = null;
$resourceDefinition = Resource\Definition::get($resourceId);
if ($resourceDefinition === null) {
throw new Exception\RoleObjectException(sprintf("%s ACL resource (0x%x).", in_array($resourceId, Acl::getDisabledResources()) ? 'Disabled' : 'Unknown', intval($resourceId)));
}
if (!empty($permissionId) && !$resourceDefinition->hasPermission($permissionId)) {
if (!($resourceId == Acl::RESOURCE_OWN_FARMS && $permissionId == Acl::PERM_FARMS_CHANGE_OWNERSHIP)) {
throw new Exception\RoleObjectException(sprintf("Unknown permission (%s) for resource '%s' (0x%x).", $permissionId, $resourceDefinition->getName(), intval($resourceId)));
}
}
//Checks if resource is defined for the role
$resource = $this->getResource($resourceId);
if ($permissionId !== null && $resource !== null) {
//If resource is defined we can check unique permission.
//Checks if permission is defined
$permission = $resource->getPermission($permissionId);
//Checks access to unuque permission of the specified resource for the role.
//If resource isn't allowed it automatically forbids all related permissions.
$allowed = $permission !== null && $resource->isGranted() !== null ? $resource->isGranted() && $permission->isGranted() : null;
} else {
//Checks access to the resource for the role
$allowed = $resource !== null ? $resource->isGranted() : null;
}
return $allowed;
}