Mercurial > hg > isophonics-drupal-site

annotate core/modules/taxonomy/src/TermAccessControlHandler.php @ 13:5fb285c0d0e3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've been lucky to get away with this so far, as we don't support self-registration which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5 was vulnerable to.
author Chris Cannam
date Mon, 23 Apr 2018 09:33:26 +0100
parents 4c8ae668cc8c
children 1fec387a4317
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\taxonomy;
Chris@0 4
Chris@0 5 use Drupal\Core\Access\AccessResult;
Chris@0 6 use Drupal\Core\Entity\EntityAccessControlHandler;
Chris@0 7 use Drupal\Core\Entity\EntityInterface;
Chris@0 8 use Drupal\Core\Session\AccountInterface;
Chris@0 9
Chris@0 10 /**
Chris@0 11 * Defines the access control handler for the taxonomy term entity type.
Chris@0 12 *
Chris@0 13 * @see \Drupal\taxonomy\Entity\Term
Chris@0 14 */
Chris@0 15 class TermAccessControlHandler extends EntityAccessControlHandler {
Chris@0 16
Chris@0 17 /**
Chris@0 18 * {@inheritdoc}
Chris@0 19 */
Chris@0 20 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
Chris@0 21 switch ($operation) {
Chris@0 22 case 'view':
Chris@0 23 return AccessResult::allowedIfHasPermission($account, 'access content');
Chris@0 24
Chris@0 25 case 'update':
Chris@0 26 return AccessResult::allowedIfHasPermissions($account, ["edit terms in {$entity->bundle()}", 'administer taxonomy'], 'OR');
Chris@0 27
Chris@0 28 case 'delete':
Chris@0 29 return AccessResult::allowedIfHasPermissions($account, ["delete terms in {$entity->bundle()}", 'administer taxonomy'], 'OR');
Chris@0 30
Chris@0 31 default:
Chris@0 32 // No opinion.
Chris@0 33 return AccessResult::neutral();
Chris@0 34 }
Chris@0 35 }
Chris@0 36
Chris@0 37 /**
Chris@0 38 * {@inheritdoc}
Chris@0 39 */
Chris@0 40 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
Chris@0 41 return AccessResult::allowedIfHasPermission($account, 'administer taxonomy');
Chris@0 42 }
Chris@0 43
Chris@0 44 }