annotate core/modules/contact/src/ContactFormAccessControlHandler.php @ 11:bfffd8d7479a
Move drupal/core from "replace" to "require" section, to ensure Composer updates it
| author |
Chris Cannam |
| date |
Fri, 23 Feb 2018 15:51:18 +0000 |
| parents |
4c8ae668cc8c |
| children |
|
| rev |
line source |
|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\contact;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\Core\Access\AccessResult;
|
|
Chris@0
|
6 use Drupal\Core\Entity\EntityAccessControlHandler;
|
|
Chris@0
|
7 use Drupal\Core\Entity\EntityInterface;
|
|
Chris@0
|
8 use Drupal\Core\Session\AccountInterface;
|
|
Chris@0
|
9
|
|
Chris@0
|
10 /**
|
|
Chris@0
|
11 * Defines the access control handler for the contact form entity type.
|
|
Chris@0
|
12 *
|
|
Chris@0
|
13 * @see \Drupal\contact\Entity\ContactForm.
|
|
Chris@0
|
14 */
|
|
Chris@0
|
15 class ContactFormAccessControlHandler extends EntityAccessControlHandler {
|
|
Chris@0
|
16
|
|
Chris@0
|
17 /**
|
|
Chris@0
|
18 * {@inheritdoc}
|
|
Chris@0
|
19 */
|
|
Chris@0
|
20 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
|
|
Chris@0
|
21 if ($operation == 'view') {
|
|
Chris@0
|
22 // Do not allow access personal form via site-wide route.
|
|
Chris@0
|
23 return AccessResult::allowedIfHasPermission($account, 'access site-wide contact form')->andIf(AccessResult::allowedIf($entity->id() !== 'personal'));
|
|
Chris@0
|
24 }
|
|
Chris@0
|
25 elseif ($operation == 'delete' || $operation == 'update') {
|
|
Chris@0
|
26 // Do not allow the 'personal' form to be deleted, as it's used for
|
|
Chris@0
|
27 // the personal contact form.
|
|
Chris@0
|
28 return AccessResult::allowedIfHasPermission($account, 'administer contact forms')->andIf(AccessResult::allowedIf($entity->id() !== 'personal'));
|
|
Chris@0
|
29 }
|
|
Chris@0
|
30
|
|
Chris@0
|
31 return parent::checkAccess($entity, $operation, $account);
|
|
Chris@0
|
32 }
|
|
Chris@0
|
33
|
|
Chris@0
|
34 }
|
