Scalr\Acl\Acl::isUserAllowedByEnvironment PHP Method

Acl Class Documentation Show file Open project: scalr/scalr

isUserAllowedByEnvironment() public method

Checks wheter access to ACL resource or unique permission is allowed.
public isUserAllowedByEnvironment ( Scalr_Account_User | User $user, Scalr_Environment | Environment $environment, integer $resourceId, string $permissionId = null ) : boolean
$user Scalr_Account_User | Scalr\Model\Entity\Account\User The user
$environment Scalr_Environment | Scalr\Model\Entity\Account\Environment The client's environment
$resourceId integer The ID of the ACL resource or its symbolic name without "RESOURCE_" prefix.
$permissionId string optional The ID of the uniqure permission which is related to specified resource.
return boolean Returns TRUE if access is allowed 
    public function isUserAllowedByEnvironment($user, $environment, $resourceId, $permissionId = null)
    {
        //Checks wheter environment and user are from the same account.
        if (!$user instanceof \Scalr_Account_User && !$user instanceof Entity\Account\User) {
            throw new \InvalidArgumentException(sprintf('Argument 1 of the method %s should be either Scalr_Account_User or Entity\\Account\\User object, %s given.', __METHOD__, gettype($user)));
        } elseif ($user->isScalrAdmin()) {
            return true;
        } else {
            if (empty($environment) || !$environment instanceof \Scalr_Environment && !$environment instanceof Entity\Account\Environment) {
                //Account level user permissions
                $environment = null;
            } else {
                if ($environment->getAccountId() != $user->getAccountId()) {
                    return false;
                }
            }
        }
        //Scalr-Admin and Account-Owner is allowed for everything
        if ($user->isAccountOwner()) {
            return true;
        }
        if (is_string($resourceId)) {
            $resourceId = self::getResourceIdByMnemonic($resourceId);
        }
        return (bool) ($environment ? $user->getAclRolesByEnvironment($environment->id)->isAllowed($resourceId, $permissionId) : $user->getAclRoles()->isAllowed($resourceId, $permissionId));
    }
Acl
createFullAccessAccountRole
createNoAccessAccountRole
deleteAccountRole
generateAccountRoleId
getAccountRole
getAccountRoleByRow
getAccountRoleComputed
getAccountRoles
getAccountRolesComputed
getDb
getDisabledResources
getFullAccessAccountRole
getGroups
getMissingRecords
getNoAccessAccountRole
getPermissionIdByMnemonic
getResourceIdByMnemonic
getResources
getResourcesMnemonic
getRole
getRoles
getRolesComputed
getUserRoleIdsByTeam
getUserRoles
getUserRolesByEnvironment
getUserRolesByTeam
getUsersHaveAccountRole
hasAccessTo
isUserAllowedByEnvironment
loadRolePermissions
setAccountRole
setAllRolesForTeam
setAllRolesForUser
setDb
setUserRoles