Mercurial > hg > cmmr2012-drupal-site

comparison core/modules/media/src/MediaAccessControlHandler.php @ 5:12f9dff5fda9 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Drupal core 8.7.1
author Chris Cannam
date Thu, 09 May 2019 15:34:47 +0100
parents a9cd425dd02b
children
comparison
equal deleted inserted replaced
4:a9cd425dd02b 5:12f9dff5fda9
22 22
23 $type = $entity->bundle(); 23 $type = $entity->bundle();
24 $is_owner = ($account->id() && $account->id() === $entity->getOwnerId()); 24 $is_owner = ($account->id() && $account->id() === $entity->getOwnerId());
25 switch ($operation) { 25 switch ($operation) {
26 case 'view': 26 case 'view':
27 $access_result = AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished()) 27 if ($entity->isPublished()) {
28 ->cachePerPermissions() 28 $access_result = AccessResult::allowedIf($account->hasPermission('view media'))
29 ->addCacheableDependency($entity); 29 ->cachePerPermissions()
30 if (!$access_result->isAllowed()) { 30 ->addCacheableDependency($entity);
31 $access_result->setReason("The 'view media' permission is required and the media item must be published."); 31 if (!$access_result->isAllowed()) {
32 $access_result->setReason("The 'view media' permission is required when the media item is published.");
33 }
34 }
35 elseif ($account->hasPermission('view own unpublished media')) {
36 $access_result = AccessResult::allowedIf($is_owner)
37 ->cachePerPermissions()
38 ->cachePerUser()
39 ->addCacheableDependency($entity);
40 if (!$access_result->isAllowed()) {
41 $access_result->setReason("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.");
42 }
43 }
44 else {
45 $access_result = AccessResult::neutral()
46 ->cachePerPermissions()
47 ->addCacheableDependency($entity)
48 ->setReason("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.");
32 } 49 }
33 return $access_result; 50 return $access_result;
34 51
35 case 'update': 52 case 'update':
36 if ($account->hasPermission('edit any ' . $type . ' media')) { 53 if ($account->hasPermission('edit any ' . $type . ' media')) {