gistfile1.txt

/**
 * Ushahidi Tag Authorizer
 *
 * @author     Ushahidi Team <[email protected]>                                                      
 * @package    Ushahidi\Application
 * @copyright  2014 Ushahidi
 * @license    https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3)
 */

use Ushahidi\Entity;
use Ushahidi\Entity\User;
use Ushahidi\Entity\UserRepository;
use Ushahidi\Entity\TagRepository;
use Ushahidi\Tool\Authorizer;
use Ushahidi\Traits\EnsureUserEntity;
use Ushahidi\Traits\AdminAccess;

// The `TagAuthorizer` class is responsible for access checks on `Tags` 
class TagAuthorizer implements Authorizer
{
    // It uses the EnsureUserEntity trait to load users if needed
    use EnsureUserEntity;

    // - `AdminAccess` to check if the user has admin access
    use AdminAccess;


    /** 
     * @param UserRepository $user_repo
     */
    public function __construct(UserRepository $user_repo, TagRepository $tag_repo)
    {   
        $this->user_repo = $user_repo;  
        $this->tag_repo = $tag_repo;
    }   

    /* Authorizer */
    public function isAllowed(Entity $entity, $privilege, $user = null)
    {   
        //First we check we've got a `User` Entity
        $this->ensureUserIsEntity($user);
            
        //Then check which role the user has, if admin, has access to all tags,
        //else check which role is assigned to the tag
        if ($this->isUserAdmin($user)) {
            return true;
        }   

        //User is not admin
        if ($user->role) {
            return $this->tag_repo->search($user->role);
        }   

        //if no access checks done, deny access 
        return false;

    }   
            
}