Mercurial > hg > cmmr2012-drupal-site

annotate core/modules/media/src/MediaAccessControlHandler.php @ 0:c75dbcec494b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial commit from drush-created site
author Chris Cannam
date Thu, 05 Jul 2018 14:24:15 +0000
parents
children a9cd425dd02b
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\media;
Chris@0 4
Chris@0 5 use Drupal\Core\Access\AccessResult;
Chris@0 6 use Drupal\Core\Entity\EntityAccessControlHandler;
Chris@0 7 use Drupal\Core\Entity\EntityInterface;
Chris@0 8 use Drupal\Core\Session\AccountInterface;
Chris@0 9
Chris@0 10 /**
Chris@0 11 * Defines an access control handler for media items.
Chris@0 12 */
Chris@0 13 class MediaAccessControlHandler extends EntityAccessControlHandler {
Chris@0 14
Chris@0 15 /**
Chris@0 16 * {@inheritdoc}
Chris@0 17 */
Chris@0 18 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
Chris@0 19 if ($account->hasPermission('administer media')) {
Chris@0 20 return AccessResult::allowed()->cachePerPermissions();
Chris@0 21 }
Chris@0 22
Chris@0 23 $type = $entity->bundle();
Chris@0 24 $is_owner = ($account->id() && $account->id() === $entity->getOwnerId());
Chris@0 25 switch ($operation) {
Chris@0 26 case 'view':
Chris@0 27 $access_result = AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished())
Chris@0 28 ->cachePerPermissions()
Chris@0 29 ->addCacheableDependency($entity);
Chris@0 30 if (!$access_result->isAllowed()) {
Chris@0 31 $access_result->setReason("The 'view media' permission is required and the media item must be published.");
Chris@0 32 }
Chris@0 33 return $access_result;
Chris@0 34
Chris@0 35 case 'update':
Chris@0 36 if ($account->hasPermission('edit any ' . $type . ' media')) {
Chris@0 37 return AccessResult::allowed()->cachePerPermissions();
Chris@0 38 }
Chris@0 39 if ($account->hasPermission('edit own ' . $type . ' media') && $is_owner) {
Chris@0 40 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@0 41 }
Chris@0 42 // @todo Deprecate this permission in
Chris@0 43 // https://www.drupal.org/project/drupal/issues/2925459.
Chris@0 44 if ($account->hasPermission('update any media')) {
Chris@0 45 return AccessResult::allowed()->cachePerPermissions();
Chris@0 46 }
Chris@0 47 if ($account->hasPermission('update media') && $is_owner) {
Chris@0 48 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@0 49 }
Chris@0 50 return AccessResult::neutral()->cachePerPermissions();
Chris@0 51
Chris@0 52 case 'delete':
Chris@0 53 if ($account->hasPermission('delete any ' . $type . ' media')) {
Chris@0 54 return AccessResult::allowed()->cachePerPermissions();
Chris@0 55 }
Chris@0 56 if ($account->hasPermission('delete own ' . $type . ' media') && $is_owner) {
Chris@0 57 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@0 58 }
Chris@0 59 // @todo Deprecate this permission in
Chris@0 60 // https://www.drupal.org/project/drupal/issues/2925459.
Chris@0 61 if ($account->hasPermission('delete any media')) {
Chris@0 62 return AccessResult::allowed()->cachePerPermissions();
Chris@0 63 }
Chris@0 64 if ($account->hasPermission('delete media') && $is_owner) {
Chris@0 65 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@0 66 }
Chris@0 67 return AccessResult::neutral()->cachePerPermissions();
Chris@0 68
Chris@0 69 default:
Chris@0 70 return AccessResult::neutral()->cachePerPermissions();
Chris@0 71 }
Chris@0 72 }
Chris@0 73
Chris@0 74 /**
Chris@0 75 * {@inheritdoc}
Chris@0 76 */
Chris@0 77 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
Chris@0 78 $permissions = [
Chris@0 79 'administer media',
Chris@0 80 'create media',
Chris@0 81 'create ' . $entity_bundle . ' media',
Chris@0 82 ];
Chris@0 83 return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
Chris@0 84 }
Chris@0 85
Chris@0 86 }