Mercurial > hg > cmmr2012-drupal-site
comparison core/modules/media/src/MediaAccessControlHandler.php @ 0:c75dbcec494b
Initial commit from drush-created site
| author | Chris Cannam |
|---|---|
| date | Thu, 05 Jul 2018 14:24:15 +0000 |
| parents | |
| children | a9cd425dd02b |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:c75dbcec494b |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\media; | |
| 4 | |
| 5 use Drupal\Core\Access\AccessResult; | |
| 6 use Drupal\Core\Entity\EntityAccessControlHandler; | |
| 7 use Drupal\Core\Entity\EntityInterface; | |
| 8 use Drupal\Core\Session\AccountInterface; | |
| 9 | |
| 10 /** | |
| 11 * Defines an access control handler for media items. | |
| 12 */ | |
| 13 class MediaAccessControlHandler extends EntityAccessControlHandler { | |
| 14 | |
| 15 /** | |
| 16 * {@inheritdoc} | |
| 17 */ | |
| 18 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { | |
| 19 if ($account->hasPermission('administer media')) { | |
| 20 return AccessResult::allowed()->cachePerPermissions(); | |
| 21 } | |
| 22 | |
| 23 $type = $entity->bundle(); | |
| 24 $is_owner = ($account->id() && $account->id() === $entity->getOwnerId()); | |
| 25 switch ($operation) { | |
| 26 case 'view': | |
| 27 $access_result = AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished()) | |
| 28 ->cachePerPermissions() | |
| 29 ->addCacheableDependency($entity); | |
| 30 if (!$access_result->isAllowed()) { | |
| 31 $access_result->setReason("The 'view media' permission is required and the media item must be published."); | |
| 32 } | |
| 33 return $access_result; | |
| 34 | |
| 35 case 'update': | |
| 36 if ($account->hasPermission('edit any ' . $type . ' media')) { | |
| 37 return AccessResult::allowed()->cachePerPermissions(); | |
| 38 } | |
| 39 if ($account->hasPermission('edit own ' . $type . ' media') && $is_owner) { | |
| 40 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity); | |
| 41 } | |
| 42 // @todo Deprecate this permission in | |
| 43 // https://www.drupal.org/project/drupal/issues/2925459. | |
| 44 if ($account->hasPermission('update any media')) { | |
| 45 return AccessResult::allowed()->cachePerPermissions(); | |
| 46 } | |
| 47 if ($account->hasPermission('update media') && $is_owner) { | |
| 48 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity); | |
| 49 } | |
| 50 return AccessResult::neutral()->cachePerPermissions(); | |
| 51 | |
| 52 case 'delete': | |
| 53 if ($account->hasPermission('delete any ' . $type . ' media')) { | |
| 54 return AccessResult::allowed()->cachePerPermissions(); | |
| 55 } | |
| 56 if ($account->hasPermission('delete own ' . $type . ' media') && $is_owner) { | |
| 57 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity); | |
| 58 } | |
| 59 // @todo Deprecate this permission in | |
| 60 // https://www.drupal.org/project/drupal/issues/2925459. | |
| 61 if ($account->hasPermission('delete any media')) { | |
| 62 return AccessResult::allowed()->cachePerPermissions(); | |
| 63 } | |
| 64 if ($account->hasPermission('delete media') && $is_owner) { | |
| 65 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity); | |
| 66 } | |
| 67 return AccessResult::neutral()->cachePerPermissions(); | |
| 68 | |
| 69 default: | |
| 70 return AccessResult::neutral()->cachePerPermissions(); | |
| 71 } | |
| 72 } | |
| 73 | |
| 74 /** | |
| 75 * {@inheritdoc} | |
| 76 */ | |
| 77 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { | |
| 78 $permissions = [ | |
| 79 'administer media', | |
| 80 'create media', | |
| 81 'create ' . $entity_bundle . ' media', | |
| 82 ]; | |
| 83 return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR'); | |
| 84 } | |
| 85 | |
| 86 } |