Mercurial > hg > isophonics-drupal-site

annotate core/modules/workspaces/src/WorkspaceAccessControlHandler.php @ 19:fa3358dc1485 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 129ea1e6d783
children
rev   line source
Chris@17 1 <?php
Chris@17 2
Chris@17 3 namespace Drupal\workspaces;
Chris@17 4
Chris@17 5 use Drupal\Core\Access\AccessResult;
Chris@17 6 use Drupal\Core\Entity\EntityAccessControlHandler;
Chris@17 7 use Drupal\Core\Entity\EntityInterface;
Chris@17 8 use Drupal\Core\Session\AccountInterface;
Chris@17 9
Chris@17 10 /**
Chris@17 11 * Defines the access control handler for the workspace entity type.
Chris@17 12 *
Chris@17 13 * @see \Drupal\workspaces\Entity\Workspace
Chris@17 14 */
Chris@17 15 class WorkspaceAccessControlHandler extends EntityAccessControlHandler {
Chris@17 16
Chris@17 17 /**
Chris@17 18 * {@inheritdoc}
Chris@17 19 */
Chris@17 20 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
Chris@17 21 /** @var \Drupal\workspaces\WorkspaceInterface $entity */
Chris@17 22 if ($operation === 'delete' && $entity->isDefaultWorkspace()) {
Chris@17 23 return AccessResult::forbidden()->addCacheableDependency($entity);
Chris@17 24 }
Chris@17 25
Chris@17 26 if ($account->hasPermission('administer workspaces')) {
Chris@17 27 return AccessResult::allowed()->cachePerPermissions();
Chris@17 28 }
Chris@17 29
Chris@17 30 // The default workspace is always viewable, no matter what.
Chris@17 31 if ($operation == 'view' && $entity->isDefaultWorkspace()) {
Chris@17 32 return AccessResult::allowed()->addCacheableDependency($entity);
Chris@17 33 }
Chris@17 34
Chris@17 35 $permission_operation = $operation === 'update' ? 'edit' : $operation;
Chris@17 36
Chris@17 37 // Check if the user has permission to access all workspaces.
Chris@17 38 $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');
Chris@17 39
Chris@17 40 // Check if it's their own workspace, and they have permission to access
Chris@17 41 // their own workspace.
Chris@17 42 if ($access_result->isNeutral() && $account->isAuthenticated() && $account->id() === $entity->getOwnerId()) {
Chris@17 43 $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' own workspace')
Chris@17 44 ->cachePerUser()
Chris@17 45 ->addCacheableDependency($entity);
Chris@17 46 }
Chris@17 47
Chris@17 48 return $access_result;
Chris@17 49 }
Chris@17 50
Chris@17 51 /**
Chris@17 52 * {@inheritdoc}
Chris@17 53 */
Chris@17 54 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
Chris@17 55 return AccessResult::allowedIfHasPermission($account, 'create workspace');
Chris@17 56 }
Chris@17 57
Chris@17 58 }