|
Chris@4
|
1 <?php
|
|
Chris@4
|
2
|
|
Chris@4
|
3 namespace Drupal\Core\Entity;
|
|
Chris@4
|
4
|
|
Chris@4
|
5 use Drupal\Core\Access\AccessResult;
|
|
Chris@4
|
6 use Drupal\Core\Routing\Access\AccessInterface;
|
|
Chris@4
|
7 use Drupal\Core\Session\AccountInterface;
|
|
Chris@4
|
8 use Drupal\Core\TempStore\PrivateTempStoreFactory;
|
|
Chris@4
|
9 use Symfony\Component\HttpFoundation\RequestStack;
|
|
Chris@4
|
10
|
|
Chris@4
|
11 /**
|
|
Chris@4
|
12 * Checks if the current user has delete access to the items of the tempstore.
|
|
Chris@4
|
13 */
|
|
Chris@4
|
14 class EntityDeleteMultipleAccessCheck implements AccessInterface {
|
|
Chris@4
|
15
|
|
Chris@4
|
16 /**
|
|
Chris@4
|
17 * The entity type manager.
|
|
Chris@4
|
18 *
|
|
Chris@4
|
19 * @var \Drupal\Core\Entity\EntityManagerInterface
|
|
Chris@4
|
20 */
|
|
Chris@4
|
21 protected $entityTypeManager;
|
|
Chris@4
|
22
|
|
Chris@4
|
23 /**
|
|
Chris@4
|
24 * The tempstore service.
|
|
Chris@4
|
25 *
|
|
Chris@4
|
26 * @var \Drupal\Core\TempStore\PrivateTempStoreFactory
|
|
Chris@4
|
27 */
|
|
Chris@4
|
28 protected $tempStore;
|
|
Chris@4
|
29
|
|
Chris@4
|
30 /**
|
|
Chris@4
|
31 * Request stack service.
|
|
Chris@4
|
32 *
|
|
Chris@4
|
33 * @var \Symfony\Component\HttpFoundation\RequestStack
|
|
Chris@4
|
34 */
|
|
Chris@4
|
35 protected $requestStack;
|
|
Chris@4
|
36
|
|
Chris@4
|
37 /**
|
|
Chris@4
|
38 * Constructs a new EntityDeleteMultipleAccessCheck.
|
|
Chris@4
|
39 *
|
|
Chris@4
|
40 * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
|
|
Chris@4
|
41 * The entity type manager.
|
|
Chris@4
|
42 * @param \Drupal\Core\TempStore\PrivateTempStoreFactory $temp_store_factory
|
|
Chris@4
|
43 * The tempstore service.
|
|
Chris@4
|
44 * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
|
|
Chris@4
|
45 * The request stack service.
|
|
Chris@4
|
46 */
|
|
Chris@4
|
47 public function __construct(EntityTypeManagerInterface $entity_type_manager, PrivateTempStoreFactory $temp_store_factory, RequestStack $request_stack) {
|
|
Chris@4
|
48 $this->entityTypeManager = $entity_type_manager;
|
|
Chris@4
|
49 $this->tempStore = $temp_store_factory->get('entity_delete_multiple_confirm');
|
|
Chris@4
|
50 $this->requestStack = $request_stack;
|
|
Chris@4
|
51 }
|
|
Chris@4
|
52
|
|
Chris@4
|
53 /**
|
|
Chris@4
|
54 * Checks if the user has delete access for at least one item of the store.
|
|
Chris@4
|
55 *
|
|
Chris@4
|
56 * @param \Drupal\Core\Session\AccountInterface $account
|
|
Chris@4
|
57 * Run access checks for this account.
|
|
Chris@4
|
58 * @param string $entity_type_id
|
|
Chris@4
|
59 * Entity type ID.
|
|
Chris@4
|
60 *
|
|
Chris@4
|
61 * @return \Drupal\Core\Access\AccessResult
|
|
Chris@4
|
62 * Allowed or forbidden, neutral if tempstore is empty.
|
|
Chris@4
|
63 */
|
|
Chris@4
|
64 public function access(AccountInterface $account, $entity_type_id) {
|
|
Chris@5
|
65 if (!$this->requestStack->getCurrentRequest()->hasSession()) {
|
|
Chris@4
|
66 return AccessResult::neutral();
|
|
Chris@4
|
67 }
|
|
Chris@4
|
68 $selection = $this->tempStore->get($account->id() . ':' . $entity_type_id);
|
|
Chris@4
|
69 if (empty($selection) || !is_array($selection)) {
|
|
Chris@4
|
70 return AccessResult::neutral();
|
|
Chris@4
|
71 }
|
|
Chris@4
|
72
|
|
Chris@4
|
73 $entities = $this->entityTypeManager->getStorage($entity_type_id)->loadMultiple(array_keys($selection));
|
|
Chris@4
|
74 foreach ($entities as $entity) {
|
|
Chris@4
|
75 // As long as the user has access to delete one entity allow access to the
|
|
Chris@4
|
76 // delete form. Access will be checked again in
|
|
Chris@4
|
77 // Drupal\Core\Entity\Form\DeleteMultipleForm::submit() in case it has
|
|
Chris@4
|
78 // changed in the meantime.
|
|
Chris@4
|
79 if ($entity->access('delete', $account)) {
|
|
Chris@4
|
80 return AccessResult::allowed();
|
|
Chris@4
|
81 }
|
|
Chris@4
|
82 }
|
|
Chris@4
|
83 return AccessResult::forbidden();
|
|
Chris@4
|
84 }
|
|
Chris@4
|
85
|
|
Chris@4
|
86 }
|
