annotate core/lib/Drupal/Core/Entity/EntityDeleteMultipleAccessCheck.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents af1871eacc83
children
rev   line source
Chris@17 1 <?php
Chris@17 2
Chris@17 3 namespace Drupal\Core\Entity;
Chris@17 4
Chris@17 5 use Drupal\Core\Access\AccessResult;
Chris@17 6 use Drupal\Core\Routing\Access\AccessInterface;
Chris@17 7 use Drupal\Core\Session\AccountInterface;
Chris@17 8 use Drupal\Core\TempStore\PrivateTempStoreFactory;
Chris@17 9 use Symfony\Component\HttpFoundation\RequestStack;
Chris@17 10
Chris@17 11 /**
Chris@17 12 * Checks if the current user has delete access to the items of the tempstore.
Chris@17 13 */
Chris@17 14 class EntityDeleteMultipleAccessCheck implements AccessInterface {
Chris@17 15
Chris@17 16 /**
Chris@17 17 * The entity type manager.
Chris@17 18 *
Chris@17 19 * @var \Drupal\Core\Entity\EntityManagerInterface
Chris@17 20 */
Chris@17 21 protected $entityTypeManager;
Chris@17 22
Chris@17 23 /**
Chris@17 24 * The tempstore service.
Chris@17 25 *
Chris@17 26 * @var \Drupal\Core\TempStore\PrivateTempStoreFactory
Chris@17 27 */
Chris@17 28 protected $tempStore;
Chris@17 29
Chris@17 30 /**
Chris@17 31 * Request stack service.
Chris@17 32 *
Chris@17 33 * @var \Symfony\Component\HttpFoundation\RequestStack
Chris@17 34 */
Chris@17 35 protected $requestStack;
Chris@17 36
Chris@17 37 /**
Chris@17 38 * Constructs a new EntityDeleteMultipleAccessCheck.
Chris@17 39 *
Chris@17 40 * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
Chris@17 41 * The entity type manager.
Chris@17 42 * @param \Drupal\Core\TempStore\PrivateTempStoreFactory $temp_store_factory
Chris@17 43 * The tempstore service.
Chris@17 44 * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
Chris@17 45 * The request stack service.
Chris@17 46 */
Chris@17 47 public function __construct(EntityTypeManagerInterface $entity_type_manager, PrivateTempStoreFactory $temp_store_factory, RequestStack $request_stack) {
Chris@17 48 $this->entityTypeManager = $entity_type_manager;
Chris@17 49 $this->tempStore = $temp_store_factory->get('entity_delete_multiple_confirm');
Chris@17 50 $this->requestStack = $request_stack;
Chris@17 51 }
Chris@17 52
Chris@17 53 /**
Chris@17 54 * Checks if the user has delete access for at least one item of the store.
Chris@17 55 *
Chris@17 56 * @param \Drupal\Core\Session\AccountInterface $account
Chris@17 57 * Run access checks for this account.
Chris@17 58 * @param string $entity_type_id
Chris@17 59 * Entity type ID.
Chris@17 60 *
Chris@17 61 * @return \Drupal\Core\Access\AccessResult
Chris@17 62 * Allowed or forbidden, neutral if tempstore is empty.
Chris@17 63 */
Chris@17 64 public function access(AccountInterface $account, $entity_type_id) {
Chris@18 65 if (!$this->requestStack->getCurrentRequest()->hasSession()) {
Chris@17 66 return AccessResult::neutral();
Chris@17 67 }
Chris@17 68 $selection = $this->tempStore->get($account->id() . ':' . $entity_type_id);
Chris@17 69 if (empty($selection) || !is_array($selection)) {
Chris@17 70 return AccessResult::neutral();
Chris@17 71 }
Chris@17 72
Chris@17 73 $entities = $this->entityTypeManager->getStorage($entity_type_id)->loadMultiple(array_keys($selection));
Chris@17 74 foreach ($entities as $entity) {
Chris@17 75 // As long as the user has access to delete one entity allow access to the
Chris@17 76 // delete form. Access will be checked again in
Chris@17 77 // Drupal\Core\Entity\Form\DeleteMultipleForm::submit() in case it has
Chris@17 78 // changed in the meantime.
Chris@17 79 if ($entity->access('delete', $account)) {
Chris@17 80 return AccessResult::allowed();
Chris@17 81 }
Chris@17 82 }
Chris@17 83 return AccessResult::forbidden();
Chris@17 84 }
Chris@17 85
Chris@17 86 }