Mercurial > hg > cmmr2012-drupal-site

comparison core/modules/workflows/src/WorkflowStateTransitionOperationsAccessCheck.php @ 5:12f9dff5fda9 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Drupal core 8.7.1
author Chris Cannam
date Thu, 09 May 2019 15:34:47 +0100
parents
children
comparison
equal deleted inserted replaced
4:a9cd425dd02b 5:12f9dff5fda9
1 <?php
2
3 namespace Drupal\workflows;
4
5 use Drupal\Core\Access\AccessResult;
6 use Drupal\Core\Routing\Access\AccessInterface;
7 use Drupal\Core\Routing\RouteMatchInterface;
8 use Drupal\Core\Session\AccountInterface;
9
10 /**
11 * Provides an access check for state and transition operations.
12 */
13 class WorkflowStateTransitionOperationsAccessCheck implements AccessInterface {
14
15 /**
16 * Checks access for operations of workflow states and transitions.
17 *
18 * The value of '_workflow_access' is used to check to kind of access that
19 * should be applied to a route in the context of a workflow and a state or
20 * transition. States and transitions can individually have access control
21 * applied to them for 'add', 'update' and 'delete'. By default workflows will
22 * use the admin permission 'administer workflows' for all of these
23 * operations, except for delete-state which checks there is at least one
24 * state, a state does not have data and it's not a required state.
25 *
26 * For the update and delete operations, a workflow and a state or transition
27 * is required in the route for the access check to be applied. For the "add"
28 * operation, only a workflow is required. The '_workflow_access' requirement
29 * translates into access checks on the workflow entity type in the formats:
30 * - @code"$operation-state:$state_id"@endcode
31 * - @code"$operation-transition:$transition_id"@endcode
32 *
33 * For example the following route definition with the path
34 * "/test-workflow/foo-state/delete" the 'delete-state:foo-state' operation
35 * will be checked:
36 * @code
37 * pattern: '/{workflow}/{workflow_state}/delete'
38 * requirements:
39 * _workflow_access: 'delete-state'
40 * @endcode
41 *
42 * @param \Drupal\Core\Routing\RouteMatchInterface $route_match
43 * The parametrized route
44 * @param \Drupal\Core\Session\AccountInterface $account
45 * The currently logged in account.
46 *
47 * @return \Drupal\Core\Access\AccessResultInterface
48 * An access result.
49 *
50 * @throws \Exception
51 * Throws an exception when a route is defined with an invalid operation.
52 */
53 public function access(RouteMatchInterface $route_match, AccountInterface $account) {
54 $workflow_operation = $this->getOperation($route_match);
55 if (!preg_match('/^(?<operation>add|update|delete)-(?<type>state|transition)$/', $workflow_operation, $matches)) {
56 throw new \Exception("Invalid _workflow_access operation '$workflow_operation' specified for route '{$route_match->getRouteName()}'.");
57 }
58
59 $parameters = $route_match->getParameters();
60 $workflow = $parameters->get('workflow');
61 if ($workflow && $matches['operation'] === 'add') {
62 return $workflow->access($workflow_operation, $account, TRUE);
63 }
64 if ($workflow && $type = $parameters->get(sprintf('workflow_%s', $matches['type']))) {
65 return $workflow->access(sprintf('%s:%s', $workflow_operation, $type), $account, TRUE);
66 }
67
68 return AccessResult::neutral();
69 }
70
71 /**
72 * Get the operation that will be used for the access check
73 *
74 * @param \Drupal\Core\Routing\RouteMatchInterface $route_match
75 * The parametrized route
76 *
77 * @return string
78 * The access operation.
79 */
80 protected function getOperation(RouteMatchInterface $route_match) {
81 return $route_match->getRouteObject()->getRequirement('_workflow_access');
82 }
83
84 }