src/Security/HRVarsVoter.php line 20

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/HRVarsVoter.php
  4. //------------------------------------------------------------------------------
  5. namespace App\Security;
  7. use Doctrine\Persistence\ManagerRegistry;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use App\Entity\Access;
  12. use App\Entity\Config\Module;
  13. use App\Entity\HR\AccessFunction;
  14. use App\Entity\HR\HumanResource;
  15. use App\Entity\Security\Acl;
  16. use App\Entity\Security\AclPermission;
  17. use App\Services\Config\ModuleTools;
  18. use App\Services\Config\OptionConfigTools;
  20. class HRVarsVoter extends Voter
  21. {
  22.     //--------------------------------------------------------------------------------
  23.     // is_granted constants
  24.     const IS_ACTIVE 'hr_vars_is_active';
  26.     const ADD_HR_VARIABLE                 'add_hr_variable';
  27.     const VIEW_HR_VARIABLE                 'view_hr_variable';
  28.     const EDIT_HR_VARIABLE                 'edit_hr_variable';
  29.     const EDIT_HR_VARIABLE_STATUS         'edit_hr_variable_status';
  30.     const DELETE_HR_VARIABLE             'delete_hr_variable';
  32.     const ADD_OP_VARIABLE                'add_op_variable';
  33.     const VIEW_OP_VARIABLE                'view_op_variable';
  34.     const EDIT_OP_VARIABLE                'edit_op_variable';
  35.     const EDIT_OP_VARIABLE_STATUS        'edit_op_variable_status';
  36.     const DELETE_OP_VARIABLE            'delete_op_variable';
  38.     const IS_GRANTED_CONSTANTS = array(
  39.         self::IS_ACTIVE,
  41.         self::ADD_HR_VARIABLE,
  42.         self::VIEW_HR_VARIABLE,
  43.         self::EDIT_HR_VARIABLE,
  44.         self::EDIT_HR_VARIABLE_STATUS,
  45.         self::DELETE_HR_VARIABLE,
  47.         self::ADD_OP_VARIABLE,
  48.         self::VIEW_OP_VARIABLE,
  49.         self::EDIT_OP_VARIABLE,
  50.         self::EDIT_OP_VARIABLE_STATUS,
  51.         self::DELETE_OP_VARIABLE,
  52.     );
  53.     //--------------------------------------------------------------------------------
  55.     //--------------------------------------------------------------------------------
  56.     // acl constants
  58.     // HRVariable
  59.     const ACL_PERM_HR_VARIABLE_ADD 'hr_variable_add';
  60.     const ACL_PERM_HR_VARIABLE_ADD_SOCIETY 'hr_variable_add_society';
  62.     const ACL_PERM_HR_VARIABLE_VIEW    'hr_variable_view';
  63.     const ACL_PERM_HR_VARIABLE_VIEW_SOCIETY    'hr_variable_view_society';
  65.     const ACL_PERM_HR_VARIABLE_EDIT    'hr_variable_edit';
  66.     const ACL_PERM_HR_VARIABLE_EDIT_SOCIETY    'hr_variable_edit_society';
  68.     const ACL_PERM_HR_VARIABLE_EDIT_STATUS 'hr_variable_edit_status';
  69.     const ACL_PERM_HR_VARIABLE_EDIT_STATUS_SOCIETY 'hr_variable_edit_status_society';
  71.     const ACL_PERM_HR_VARIABLE_DELETE 'hr_variable_delete';
  72.     const ACL_PERM_HR_VARIABLE_DELETE_SOCIETY 'hr_variable_delete_society';
  74.     // OPVariable
  75.     const ACL_PERM_OP_VARIABLE_ADD 'op_variable_add';
  76.     const ACL_PERM_OP_VARIABLE_ADD_SOCIETY 'op_variable_add_society';
  78.     const ACL_PERM_OP_VARIABLE_VIEW    'op_variable_view';
  79.     const ACL_PERM_OP_VARIABLE_VIEW_SOCIETY    'op_variable_view_society';
  81.     const ACL_PERM_OP_VARIABLE_EDIT    'op_variable_edit';
  82.     const ACL_PERM_OP_VARIABLE_EDIT_SOCIETY    'op_variable_edit_society';
  84.     const ACL_PERM_OP_VARIABLE_EDIT_STATUS 'op_variable_edit_status';
  85.     const ACL_PERM_OP_VARIABLE_EDIT_STATUS_SOCIETY 'op_variable_edit_status_society';
  87.     const ACL_PERM_OP_VARIABLE_DELETE 'op_variable_delete';
  88.     const ACL_PERM_OP_VARIABLE_DELETE_SOCIETY 'op_variable_delete_society';
  90.     //--------------------------------------------------------------------------------
  92.     public function __construct(ManagerRegistry $doctrineModuleTools $moduleToolsOptionConfigTools $optionConfigTools)
  93.     {
  94.         $this->em $doctrine->getManager();
  95.         $this->moduleTools $moduleTools;
  96.         $this->optionConfigTools $optionConfigTools;
  98.         $this->aclRepository $this->em->getRepository(Acl::class);
  99.         $this->aclPermissionRepository $this->em->getRepository(AclPermission::class);
  100.     }
  102.     // Plan.io Task #4453 [See AccessVoter for details]
  103.     public function supportsAttribute(string $attribute): bool
  104.     {
  105.         return in_array($attributeself::IS_GRANTED_CONSTANTStrue);
  106.     }
  107.     
  108.     protected function supports(string $attribute$subject null): bool
  109.     {
  110.         // if the attribute isn't one we support, return false
  111.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  112.         {
  113.             return false;
  114.         }
  116.         if ($subject !== null && !($subject instanceof HumanResource))
  117.         {
  118.             return false;
  119.         }
  121.         return true;
  122.     }
  124.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  125.     {
  126.         $user $token->getUser();
  128.         if (!$user instanceof Access)
  129.         {
  130.             // the user must be logged in; if not, deny access
  131.             return false;
  132.         }
  134.         // The user must have a function; if not deny access
  135.         $function $user->getFunction();
  136.         if ($function === null)    return false;
  138.         // Plan.io Task #3710 : Get current group
  139.         $currentGroup $user->getSocietyGroup();
  140.         if ($currentGroup === null)    return false;
  142.         $this->currentGroup $currentGroup;
  144.         // Module activated ?
  145.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_HUMAN_RESOURCE))
  146.         {
  147.             return false;
  148.         }
  149.         // Option activated
  150.         if (!$this->optionConfigTools->isActive_HRVars($currentGroup))
  151.         {
  152.             return false;
  153.         }
  155.         // Check current group affectation
  156.         if ($subject !== null)
  157.         {
  158.             $subjectSociety $subject->getSociety();
  159.             if ($subjectSociety === null)
  160.                 return false;
  161.             $subjectGroup $subjectSociety->getGroup();
  162.             if ($subjectGroup === null)
  163.                 return false;
  164.             if (!$currentGroup->equals($subjectGroup))
  165.                 return false;
  166.         }
  168.         /** @var HumanResource $humanResource */
  169.         $humanResource $subject;
  171.         if ($humanResource !== null && !$humanResource->hasHrVars())
  172.         {
  173.             return false;
  174.         }
  176.         switch ($attribute)
  177.         {
  178.             case self::IS_ACTIVE:
  179.                 return true;
  181.             case self::ADD_HR_VARIABLE:
  182.                 return $this->canAddHRVariable($humanResource$user$function);
  184.             case self::VIEW_HR_VARIABLE:
  185.                 return $this->canViewHRVariable($humanResource$user$function);
  187.             case self::EDIT_HR_VARIABLE:
  188.                 return $this->canEditHRVariable($humanResource$user$function);
  190.             case self::EDIT_HR_VARIABLE_STATUS:
  191.                 return $this->canEditStatusHRVariable($humanResource$user$function);
  193.             case self::DELETE_HR_VARIABLE:
  194.                 return $this->canDeleteHRVariable($humanResource$user$function);
  196.             case self::ADD_OP_VARIABLE:
  197.                 return $this->canAddOPVariable($humanResource$user$function);
  199.             case self::VIEW_OP_VARIABLE:
  200.                 return $this->canViewOPVariable($humanResource$user$function);
  202.             case self::EDIT_OP_VARIABLE:
  203.                 return $this->canEditOPVariable($humanResource$user$function);
  205.             case self::EDIT_OP_VARIABLE_STATUS:
  206.                 return $this->canEditStatusOPVariable($humanResource$user$function);
  208.             case self::DELETE_OP_VARIABLE:
  209.                 return $this->canDeleteOPVariable($humanResource$user$function);
  210.         }
  212.         throw new \LogicException('This code should not be reached!');
  213.     }
  215.     // Check if the Society of the resource
  216.     // belongs to the societies of the $access
  217.     private function checkSociety(HumanResource $humanResourceAccess $access)
  218.     {
  219.         // Get all the societies of the access
  220.         $societies $access->getSocieties();
  222.         // Get the Society of the HumanResource
  223.         $hrSociety $humanResource->getSociety();
  224.         if ($hrSociety === null)
  225.         {
  226.             return false;
  227.         }
  229.         $found false;
  230.         foreach ($societies as $society)
  231.         {
  232.             if ($society->getId() == $hrSociety->getId())
  233.             {
  234.                 $found true;
  235.                 break;
  236.             }
  237.         }
  238.         return $found;
  239.     }
  241.     private function canAddHRVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  242.     {
  243.         // Get AclPermission
  244.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_ADD);
  245.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_ADD_SOCIETY);
  247.         // If all are null, exit
  248.         if ($aclPerm === null && $aclPermSociety === null)
  249.         {
  250.             return false;
  251.         }
  253.         // Get First one
  254.         if ($aclPerm !== null)
  255.         {
  256.             $acl $this->aclRepository->findOneBy(array(
  257.                 'function'        =>    $function,
  258.                 'permission'    =>    $aclPerm
  259.             ));
  260.             if ($acl !== null)
  261.             {
  262.                 if ($acl->getValue())
  263.                 {
  264.                     // A single positive answer is enough
  265.                     return true;
  266.                 }
  267.             }
  268.         }
  270.         // If we are here it means that nothing good has been found
  271.         // Load second permission
  272.         if ($aclPermSociety !== null)
  273.         {
  274.             $acl $this->aclRepository->findOneBy(array(
  275.                 'function'        =>    $function,
  276.                 'permission'    =>    $aclPermSociety
  277.             ));
  278.             if ($acl !== null)
  279.             {
  280.                 if ($acl->getValue())
  281.                 {
  282.                     return $this->checkSociety($humanResource$user);
  283.                 }
  284.             }
  285.         }
  287.         // If we are here, all hope is lost
  288.         return false;
  289.     }
  291.     private function canViewHRVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  292.     {
  293.         // Get AclPermission
  294.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_VIEW);
  295.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_VIEW_SOCIETY);
  297.         // If all are null, exit
  298.         if ($aclPerm === null && $aclPermSociety === null)
  299.         {
  300.             return false;
  301.         }
  303.         // Get First one
  304.         if ($aclPerm !== null)
  305.         {
  306.             $acl $this->aclRepository->findOneBy(array(
  307.                 'function'        =>    $function,
  308.                 'permission'    =>    $aclPerm
  309.             ));
  310.             if ($acl !== null)
  311.             {
  312.                 if ($acl->getValue())
  313.                 {
  314.                     // A single positive answer is enough
  315.                     return true;
  316.                 }
  317.             }
  318.         }
  320.         // If we are here it means that nothing good has been found
  321.         // Load second permission
  322.         if ($aclPermSociety !== null)
  323.         {
  324.             $acl $this->aclRepository->findOneBy(array(
  325.                 'function'        =>    $function,
  326.                 'permission'    =>    $aclPermSociety
  327.             ));
  328.             if ($acl !== null)
  329.             {
  330.                 if ($acl->getValue())
  331.                 {
  332.                     return $this->checkSociety($humanResource$user);
  333.                 }
  334.             }
  335.         }
  337.         // If we are here, all hope is lost
  338.         return false;
  339.     }
  341.     private function canEditHRVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  342.     {
  343.         // Get AclPermission
  344.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_EDIT);
  345.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_EDIT_SOCIETY);
  347.         // If all are null, exit
  348.         if ($aclPerm === null && $aclPermSociety === null)
  349.         {
  350.             return false;
  351.         }
  353.         // Get First one
  354.         if ($aclPerm !== null)
  355.         {
  356.             $acl $this->aclRepository->findOneBy(array(
  357.                 'function'        =>    $function,
  358.                 'permission'    =>    $aclPerm
  359.             ));
  360.             if ($acl !== null)
  361.             {
  362.                 if ($acl->getValue())
  363.                 {
  364.                     // A single positive answer is enough
  365.                     return true;
  366.                 }
  367.             }
  368.         }
  370.         // If we are here it means that nothing good has been found
  371.         // Load second permission
  372.         if ($aclPermSociety !== null)
  373.         {
  374.             $acl $this->aclRepository->findOneBy(array(
  375.                 'function'        =>    $function,
  376.                 'permission'    =>    $aclPermSociety
  377.             ));
  378.             if ($acl !== null)
  379.             {
  380.                 if ($acl->getValue())
  381.                 {
  382.                     return $this->checkSociety($humanResource$user);
  383.                 }
  384.             }
  385.         }
  387.         // If we are here, all hope is lost
  388.         return false;
  389.     }
  391.     private function canEditStatusHRVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  392.     {
  393.         // Get AclPermission
  394.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_EDIT_STATUS);
  395.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_EDIT_STATUS_SOCIETY);
  397.         // If all are null, exit
  398.         if ($aclPerm === null && $aclPermSociety === null)
  399.         {
  400.             return false;
  401.         }
  403.         // Get First one
  404.         if ($aclPerm !== null)
  405.         {
  406.             $acl $this->aclRepository->findOneBy(array(
  407.                 'function'        =>    $function,
  408.                 'permission'    =>    $aclPerm
  409.             ));
  410.             if ($acl !== null)
  411.             {
  412.                 if ($acl->getValue())
  413.                 {
  414.                     // A single positive answer is enough
  415.                     return true;
  416.                 }
  417.             }
  418.         }
  420.         // If we are here it means that nothing good has been found
  421.         // Load second permission
  422.         if ($aclPermSociety !== null)
  423.         {
  424.             $acl $this->aclRepository->findOneBy(array(
  425.                 'function'        =>    $function,
  426.                 'permission'    =>    $aclPermSociety
  427.             ));
  428.             if ($acl !== null)
  429.             {
  430.                 if ($acl->getValue())
  431.                 {
  432.                     return $this->checkSociety($humanResource$user);
  433.                 }
  434.             }
  435.         }
  437.         // If we are here, all hope is lost
  438.         return false;
  439.     }
  441.     private function canDeleteHRVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  442.     {
  443.         // Get AclPermission
  444.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_DELETE);
  445.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_HR_VARIABLE_DELETE_SOCIETY);
  447.         // If all are null, exit
  448.         if ($aclPerm === null && $aclPermSociety === null)
  449.         {
  450.             return false;
  451.         }
  453.         // Get First one
  454.         if ($aclPerm !== null)
  455.         {
  456.             $acl $this->aclRepository->findOneBy(array(
  457.                 'function'        =>    $function,
  458.                 'permission'    =>    $aclPerm
  459.             ));
  460.             if ($acl !== null)
  461.             {
  462.                 if ($acl->getValue())
  463.                 {
  464.                     // A single positive answer is enough
  465.                     return true;
  466.                 }
  467.             }
  468.         }
  470.         // If we are here it means that nothing good has been found
  471.         // Load second permission
  472.         if ($aclPermSociety !== null)
  473.         {
  474.             $acl $this->aclRepository->findOneBy(array(
  475.                 'function'        =>    $function,
  476.                 'permission'    =>    $aclPermSociety
  477.             ));
  478.             if ($acl !== null)
  479.             {
  480.                 if ($acl->getValue())
  481.                 {
  482.                     return $this->checkSociety($humanResource$user);
  483.                 }
  484.             }
  485.         }
  487.         // If we are here, all hope is lost
  488.         return false;
  489.     }
  491.     private function canAddOPVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  492.     {
  493.         // Get AclPermission
  494.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_ADD);
  495.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_ADD_SOCIETY);
  497.         // If all are null, exit
  498.         if ($aclPerm === null && $aclPermSociety === null)
  499.         {
  500.             return false;
  501.         }
  503.         // Get First one
  504.         if ($aclPerm !== null)
  505.         {
  506.             $acl $this->aclRepository->findOneBy(array(
  507.                 'function'        =>    $function,
  508.                 'permission'    =>    $aclPerm
  509.             ));
  510.             if ($acl !== null)
  511.             {
  512.                 if ($acl->getValue())
  513.                 {
  514.                     // A single positive answer is enough
  515.                     return true;
  516.                 }
  517.             }
  518.         }
  520.         // If we are here it means that nothing good has been found
  521.         // Load second permission
  522.         if ($aclPermSociety !== null)
  523.         {
  524.             $acl $this->aclRepository->findOneBy(array(
  525.                 'function'        =>    $function,
  526.                 'permission'    =>    $aclPermSociety
  527.             ));
  528.             if ($acl !== null)
  529.             {
  530.                 if ($acl->getValue())
  531.                 {
  532.                     return $this->checkSociety($humanResource$user);
  533.                 }
  534.             }
  535.         }
  537.         // If we are here, all hope is lost
  538.         return false;
  539.     }
  541.     private function canViewOPVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  542.     {
  543.         // Get AclPermission
  544.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_VIEW);
  545.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_VIEW_SOCIETY);
  547.         // If all are null, exit
  548.         if ($aclPerm === null && $aclPermSociety === null)
  549.         {
  550.             return false;
  551.         }
  553.         // Get First one
  554.         if ($aclPerm !== null)
  555.         {
  556.             $acl $this->aclRepository->findOneBy(array(
  557.                 'function'        =>    $function,
  558.                 'permission'    =>    $aclPerm
  559.             ));
  560.             if ($acl !== null)
  561.             {
  562.                 if ($acl->getValue())
  563.                 {
  564.                     // A single positive answer is enough
  565.                     return true;
  566.                 }
  567.             }
  568.         }
  570.         // If we are here it means that nothing good has been found
  571.         // Load second permission
  572.         if ($aclPermSociety !== null)
  573.         {
  574.             $acl $this->aclRepository->findOneBy(array(
  575.                 'function'        =>    $function,
  576.                 'permission'    =>    $aclPermSociety
  577.             ));
  578.             if ($acl !== null)
  579.             {
  580.                 if ($acl->getValue())
  581.                 {
  582.                     return $this->checkSociety($humanResource$user);
  583.                 }
  584.             }
  585.         }
  587.         // If we are here, all hope is lost
  588.         return false;
  589.     }
  591.     private function canEditOPVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  592.     {
  593.         // Get AclPermission
  594.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_EDIT);
  595.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_EDIT_SOCIETY);
  597.         // If all are null, exit
  598.         if ($aclPerm === null && $aclPermSociety === null)
  599.         {
  600.             return false;
  601.         }
  603.         // Get First one
  604.         if ($aclPerm !== null)
  605.         {
  606.             $acl $this->aclRepository->findOneBy(array(
  607.                 'function'        =>    $function,
  608.                 'permission'    =>    $aclPerm
  609.             ));
  610.             if ($acl !== null)
  611.             {
  612.                 if ($acl->getValue())
  613.                 {
  614.                     // A single positive answer is enough
  615.                     return true;
  616.                 }
  617.             }
  618.         }
  620.         // If we are here it means that nothing good has been found
  621.         // Load second permission
  622.         if ($aclPermSociety !== null)
  623.         {
  624.             $acl $this->aclRepository->findOneBy(array(
  625.                 'function'        =>    $function,
  626.                 'permission'    =>    $aclPermSociety
  627.             ));
  628.             if ($acl !== null)
  629.             {
  630.                 if ($acl->getValue())
  631.                 {
  632.                     return $this->checkSociety($humanResource$user);
  633.                 }
  634.             }
  635.         }
  637.         // If we are here, all hope is lost
  638.         return false;
  639.     }
  641.     private function canEditStatusOPVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  642.     {
  643.         // Get AclPermission
  644.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_EDIT_STATUS);
  645.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_EDIT_STATUS_SOCIETY);
  647.         // If all are null, exit
  648.         if ($aclPerm === null && $aclPermSociety === null)
  649.         {
  650.             return false;
  651.         }
  653.         // Get First one
  654.         if ($aclPerm !== null)
  655.         {
  656.             $acl $this->aclRepository->findOneBy(array(
  657.                 'function'        =>    $function,
  658.                 'permission'    =>    $aclPerm
  659.             ));
  660.             if ($acl !== null)
  661.             {
  662.                 if ($acl->getValue())
  663.                 {
  664.                     // A single positive answer is enough
  665.                     return true;
  666.                 }
  667.             }
  668.         }
  670.         // If we are here it means that nothing good has been found
  671.         // Load second permission
  672.         if ($aclPermSociety !== null)
  673.         {
  674.             $acl $this->aclRepository->findOneBy(array(
  675.                 'function'        =>    $function,
  676.                 'permission'    =>    $aclPermSociety
  677.             ));
  678.             if ($acl !== null)
  679.             {
  680.                 if ($acl->getValue())
  681.                 {
  682.                     return $this->checkSociety($humanResource$user);
  683.                 }
  684.             }
  685.         }
  687.         // If we are here, all hope is lost
  688.         return false;
  689.     }
  691.     private function canDeleteOPVariable(HumanResource $humanResourceAccess $userAccessFunction $function)
  692.     {
  693.         // Get AclPermission
  694.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_DELETE);
  695.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OP_VARIABLE_DELETE_SOCIETY);
  697.         // If all are null, exit
  698.         if ($aclPerm === null && $aclPermSociety === null)
  699.         {
  700.             return false;
  701.         }
  703.         // Get First one
  704.         if ($aclPerm !== null)
  705.         {
  706.             $acl $this->aclRepository->findOneBy(array(
  707.                 'function'        =>    $function,
  708.                 'permission'    =>    $aclPerm
  709.             ));
  710.             if ($acl !== null)
  711.             {
  712.                 if ($acl->getValue())
  713.                 {
  714.                     // A single positive answer is enough
  715.                     return true;
  716.                 }
  717.             }
  718.         }
  720.         // If we are here it means that nothing good has been found
  721.         // Load second permission
  722.         if ($aclPermSociety !== null)
  723.         {
  724.             $acl $this->aclRepository->findOneBy(array(
  725.                 'function'        =>    $function,
  726.                 'permission'    =>    $aclPermSociety
  727.             ));
  728.             if ($acl !== null)
  729.             {
  730.                 if ($acl->getValue())
  731.                 {
  732.                     return $this->checkSociety($humanResource$user);
  733.                 }
  734.             }
  735.         }
  737.         // If we are here, all hope is lost
  738.         return false;
  739.     }
  740. }