Mercurial > hg > isophonics-drupal-site

annotate core/modules/media/src/MediaAccessControlHandler.php @ 19:fa3358dc1485 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents af1871eacc83
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\media;
Chris@0 4
Chris@0 5 use Drupal\Core\Access\AccessResult;
Chris@0 6 use Drupal\Core\Entity\EntityAccessControlHandler;
Chris@0 7 use Drupal\Core\Entity\EntityInterface;
Chris@0 8 use Drupal\Core\Session\AccountInterface;
Chris@0 9
Chris@0 10 /**
Chris@14 11 * Defines an access control handler for media items.
Chris@0 12 */
Chris@0 13 class MediaAccessControlHandler extends EntityAccessControlHandler {
Chris@0 14
Chris@0 15 /**
Chris@0 16 * {@inheritdoc}
Chris@0 17 */
Chris@0 18 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
Chris@0 19 if ($account->hasPermission('administer media')) {
Chris@0 20 return AccessResult::allowed()->cachePerPermissions();
Chris@0 21 }
Chris@0 22
Chris@14 23 $type = $entity->bundle();
Chris@0 24 $is_owner = ($account->id() && $account->id() === $entity->getOwnerId());
Chris@0 25 switch ($operation) {
Chris@0 26 case 'view':
Chris@18 27 if ($entity->isPublished()) {
Chris@18 28 $access_result = AccessResult::allowedIf($account->hasPermission('view media'))
Chris@18 29 ->cachePerPermissions()
Chris@18 30 ->addCacheableDependency($entity);
Chris@18 31 if (!$access_result->isAllowed()) {
Chris@18 32 $access_result->setReason("The 'view media' permission is required when the media item is published.");
Chris@18 33 }
Chris@18 34 }
Chris@18 35 elseif ($account->hasPermission('view own unpublished media')) {
Chris@18 36 $access_result = AccessResult::allowedIf($is_owner)
Chris@18 37 ->cachePerPermissions()
Chris@18 38 ->cachePerUser()
Chris@18 39 ->addCacheableDependency($entity);
Chris@18 40 if (!$access_result->isAllowed()) {
Chris@18 41 $access_result->setReason("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.");
Chris@18 42 }
Chris@18 43 }
Chris@18 44 else {
Chris@18 45 $access_result = AccessResult::neutral()
Chris@18 46 ->cachePerPermissions()
Chris@18 47 ->addCacheableDependency($entity)
Chris@18 48 ->setReason("The user must be the owner and the 'view own unpublished media' permission is required when the media item is unpublished.");
Chris@0 49 }
Chris@0 50 return $access_result;
Chris@0 51
Chris@0 52 case 'update':
Chris@14 53 if ($account->hasPermission('edit any ' . $type . ' media')) {
Chris@14 54 return AccessResult::allowed()->cachePerPermissions();
Chris@14 55 }
Chris@14 56 if ($account->hasPermission('edit own ' . $type . ' media') && $is_owner) {
Chris@14 57 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@14 58 }
Chris@14 59 // @todo Deprecate this permission in
Chris@14 60 // https://www.drupal.org/project/drupal/issues/2925459.
Chris@0 61 if ($account->hasPermission('update any media')) {
Chris@0 62 return AccessResult::allowed()->cachePerPermissions();
Chris@0 63 }
Chris@14 64 if ($account->hasPermission('update media') && $is_owner) {
Chris@14 65 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@14 66 }
Chris@17 67 return AccessResult::neutral("The following permissions are required: 'update any media' OR 'update own media' OR '$type: edit any media' OR '$type: edit own media'.")->cachePerPermissions();
Chris@0 68
Chris@0 69 case 'delete':
Chris@14 70 if ($account->hasPermission('delete any ' . $type . ' media')) {
Chris@14 71 return AccessResult::allowed()->cachePerPermissions();
Chris@14 72 }
Chris@14 73 if ($account->hasPermission('delete own ' . $type . ' media') && $is_owner) {
Chris@14 74 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@14 75 }
Chris@14 76 // @todo Deprecate this permission in
Chris@14 77 // https://www.drupal.org/project/drupal/issues/2925459.
Chris@0 78 if ($account->hasPermission('delete any media')) {
Chris@0 79 return AccessResult::allowed()->cachePerPermissions();
Chris@0 80 }
Chris@14 81 if ($account->hasPermission('delete media') && $is_owner) {
Chris@14 82 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
Chris@14 83 }
Chris@17 84 return AccessResult::neutral("The following permissions are required: 'delete any media' OR 'delete own media' OR '$type: delete any media' OR '$type: delete own media'.")->cachePerPermissions();
Chris@0 85
Chris@0 86 default:
Chris@0 87 return AccessResult::neutral()->cachePerPermissions();
Chris@0 88 }
Chris@0 89 }
Chris@0 90
Chris@0 91 /**
Chris@0 92 * {@inheritdoc}
Chris@0 93 */
Chris@0 94 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
Chris@14 95 $permissions = [
Chris@14 96 'administer media',
Chris@14 97 'create media',
Chris@14 98 'create ' . $entity_bundle . ' media',
Chris@14 99 ];
Chris@14 100 return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
Chris@0 101 }
Chris@0 102
Chris@0 103 }