| public hasAccessToEnvironment ( integer $envId ) : boolean | ||
| $envId | integer | The identifier of the environment |
| return | boolean | Returns TRUE if the user has access to the specified environment |
public function hasAccessToEnvironment($envId)
{
$params = [$this->accountId, $envId];
$stmt = '';
$where = '';
if (!$this->canManageAcl()) {
$stmt = "\n JOIN account_team_envs te ON te.env_id = ce.id\n JOIN account_teams at ON at.id = te.team_id\n JOIN account_team_users tu ON tu.team_id = at.id\n ";
$where = "AND tu.user_id = ? AND at.account_id = ?";
$params[] = $this->id;
$params[] = $this->accountId;
}
$rec = $this->db()->GetOne("\n SELECT 1\n FROM client_environments ce\n {$stmt}\n WHERE ce.client_id = ? AND ce.id = ?\n {$where}\n LIMIT 1\n ", $params);
return $rec ? true : false;
} /**
* Check whether the user has access permissions to the specified object.
*
* It should check only Entity level access permissions, NOT ACL
*
* @param AbstractEntity $entity Object that defines permissions
* @param User $user The User Entity
* @param Environment $environment optional The Environment Entity if request is from Environment scope
* @param bool $modify optional Whether it should check MODIFY permission. By default it checks READ permission.
*
* @return bool Returns TRUE if the user has access to the specified object
*
* @see AccessPermissionsInterface::hasAccessPermissions()
*/
public function checkInheritedPermissions(AbstractEntity $entity, User $user, Environment $environment = null, $modify = null)
{
if (!$entity instanceof ScopeInterface) {
throw new InvalidArgumentException("Entity must implements ScopeInterface!");
}
switch ($entity->getScope()) {
case static::SCOPE_ACCOUNT:
return $entity->accountId == $user->accountId && (empty($environment) || !$modify);
case static::SCOPE_ENVIRONMENT:
return $environment ? $entity->envId == $environment->id : $user->hasAccessToEnvironment($entity->envId);
case static::SCOPE_SCALR:
return !$modify;
default:
return false;
}
}
