/**
* Check whether the user has access permissions to the specified object.
*
* It should check only Entity level access permissions, NOT ACL
*
* @param AbstractEntity $entity Object that defines permissions
* @param User $user The User Entity
* @param Environment $environment optional The Environment Entity if request is from Environment scope
* @param bool $modify optional Whether it should check MODIFY permission. By default it checks READ permission.
*
* @return bool Returns TRUE if the user has access to the specified object
*
* @see AccessPermissionsInterface::hasAccessPermissions()
*/
public function checkInheritedPermissions(AbstractEntity $entity, User $user, Environment $environment = null, $modify = null)
{
if (!$entity instanceof ScopeInterface) {
throw new InvalidArgumentException("Entity must implements ScopeInterface!");
}
switch ($entity->getScope()) {
case static::SCOPE_ACCOUNT:
return $entity->accountId == $user->accountId && (empty($environment) || !$modify);
case static::SCOPE_ENVIRONMENT:
return $environment ? $entity->envId == $environment->id : $user->hasAccessToEnvironment($entity->envId);
case static::SCOPE_SCALR:
return !$modify;
default:
return false;
}
}