public function isAllowed($permissionName, $userId = null)
{
$userId = $userId ?: $this->userIdentity->getId();
$permission = $this->_getPermissionByName($permissionName);
if (!$permission) {
throw new RbacException('`:permission` permission is not exists', ['permission' => $permissionName]);
}
switch ($permission->permission_type) {
case Permission::TYPE_PENDING:
throw new RbacException('`:permission` type is not assigned', ['permission' => $permission->description]);
case Permission::TYPE_PUBLIC:
return true;
case Permission::TYPE_INTERNAL:
/** @noinspection IsEmptyFunctionUsageInspection */
return !empty($userId);
case Permission::TYPE_DISABLED:
return false;
case Permission::TYPE_PRIVATE:
$rolesByPermissionId = $this->_getRolesByPermissionId($permission->permission_id);
$rolesByUserId = $this->_getRolesByUserId($userId);
return count(array_intersect($rolesByPermissionId, $rolesByUserId)) !== 0;
default:
throw new RbacException('`:permission` type is not recognized', ['permission' => $permissionName]);
}
}