Mercurial > hg > cmmr2012-drupal-site

annotate core/modules/media/src/MediaAccessControlHandler.php @ 5:12f9dff5fda9 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Drupal core 8.7.1
author Chris Cannam
date Thu, 09 May 2019 15:34:47 +0100
parents a9cd425dd02b
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\media;
Chris@0 4
Chris@0 5 use Drupal\Core\Access\AccessResult;
Chris@0 6 use Drupal\Core\Entity\EntityAccessControlHandler;
Chris@0 7 use Drupal\Core\Entity\EntityInterface;
Chris@0 8 use Drupal\Core\Session\AccountInterface;
Chris@0 9
Chris@0 10 /**
Chris@0 11 * Defines an access control handler for media items.
Chris@0 12 */
Chris@0 13 class MediaAccessControlHandler extends EntityAccessControlHandler {
Chris@0 14
Chris@0 15 /**
Chris@0 16 * {@inheritdoc}
Chris@0 17 */
Chris@0 18 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
Chris@0 19 if ($account->hasPermission('administer media')) {
Chris@0 20 return AccessResult::allowed()->cachePerPermissions();
Chris@0 21 }
Chris@0 22
Chris@0 23 $type = $entity->bundle();
Chris@0 24 $is_owner = ($account->id() && $account->id() === $entity->getOwnerId());
Chris@0 25 switch ($operation) {
Chris@0 26 case 'view':
Chris@5 27 if ($entity->isPublished()) {
Chris@5 28 $access_result = AccessResult::allowedIf($account->hasPermission('view media'))
Chris@5 29 ->cachePerPermissions()
Chris@5 30 ->addCacheableDependency($entity);
Chris@5 31 if (!$access_result->isAllowed()) {
Chris@5 32 $access_result->setReason("The 'view media' permission is required when the media item is published.");
Chris@5 33 }
Chris@5 34 }
Chris@5 35 elseif ($account->hasPermission('view own unpublished media')) {
Chris@5 36 $access_result = AccessResult::allowedIf($is_owner)
Chris@5 37 ->cachePerPermissions()
Chris@5 38 ->cachePerUser()
Chris@5 39 ->addCacheableDependency($entity);
Chris@5 40 if (!$access_result->isAllowed()) {
Chris@5 41 $access_result->setReason("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.");
Chris@5 42 }
Chris@5 43 }
Chris@5 44 else {
Chris@5 45 $access_result = AccessResult::neutral()
Chris@5 46 ->cachePerPermissions()
Chris@5 47 ->addCacheableDependency($entity)
Chris@5 48 ->setReason("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.");
Chris@0 49 }
Chris@0 50 return $access_result;
Chris@0 51
Chris@0 52 case 'update':
Chris@0 53 if ($account->hasPermission('edit any ' . $type . ' media')) {
Chris@0 54 return AccessResult::allowed()->cachePerPermissions();
Chris@0 55 }
Chris@0 56 if ($account->hasPermission('edit own ' . $type . ' media') && $is_owner) {
Chris@0 57 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@0 58 }
Chris@0 59 // @todo Deprecate this permission in
Chris@0 60 // https://www.drupal.org/project/drupal/issues/2925459.
Chris@0 61 if ($account->hasPermission('update any media')) {
Chris@0 62 return AccessResult::allowed()->cachePerPermissions();
Chris@0 63 }
Chris@0 64 if ($account->hasPermission('update media') && $is_owner) {
Chris@0 65 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@0 66 }
Chris@4 67 return AccessResult::neutral("The following permissions are required: 'update any media' OR 'update own media' OR '$type: edit any media' OR '$type: edit own media'.")->cachePerPermissions();
Chris@0 68
Chris@0 69 case 'delete':
Chris@0 70 if ($account->hasPermission('delete any ' . $type . ' media')) {
Chris@0 71 return AccessResult::allowed()->cachePerPermissions();
Chris@0 72 }
Chris@0 73 if ($account->hasPermission('delete own ' . $type . ' media') && $is_owner) {
Chris@0 74 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@0 75 }
Chris@0 76 // @todo Deprecate this permission in
Chris@0 77 // https://www.drupal.org/project/drupal/issues/2925459.
Chris@0 78 if ($account->hasPermission('delete any media')) {
Chris@0 79 return AccessResult::allowed()->cachePerPermissions();
Chris@0 80 }
Chris@0 81 if ($account->hasPermission('delete media') && $is_owner) {
Chris@0 82 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@0 83 }
Chris@4 84 return AccessResult::neutral("The following permissions are required: 'delete any media' OR 'delete own media' OR '$type: delete any media' OR '$type: delete own media'.")->cachePerPermissions();
Chris@0 85
Chris@0 86 default:
Chris@0 87 return AccessResult::neutral()->cachePerPermissions();
Chris@0 88 }
Chris@0 89 }
Chris@0 90
Chris@0 91 /**
Chris@0 92 * {@inheritdoc}
Chris@0 93 */
Chris@0 94 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
Chris@0 95 $permissions = [
Chris@0 96 'administer media',
Chris@0 97 'create media',
Chris@0 98 'create ' . $entity_bundle . ' media',
Chris@0 99 ];
Chris@0 100 return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
Chris@0 101 }
Chris@0 102
Chris@0 103 }