Chris@17
|
1 <?php
|
Chris@17
|
2
|
Chris@17
|
3 namespace Drupal\workspaces;
|
Chris@17
|
4
|
Chris@17
|
5 use Drupal\Core\Access\AccessResult;
|
Chris@17
|
6 use Drupal\Core\Entity\EntityAccessControlHandler;
|
Chris@17
|
7 use Drupal\Core\Entity\EntityInterface;
|
Chris@17
|
8 use Drupal\Core\Session\AccountInterface;
|
Chris@17
|
9
|
Chris@17
|
10 /**
|
Chris@17
|
11 * Defines the access control handler for the workspace entity type.
|
Chris@17
|
12 *
|
Chris@17
|
13 * @see \Drupal\workspaces\Entity\Workspace
|
Chris@17
|
14 */
|
Chris@17
|
15 class WorkspaceAccessControlHandler extends EntityAccessControlHandler {
|
Chris@17
|
16
|
Chris@17
|
17 /**
|
Chris@17
|
18 * {@inheritdoc}
|
Chris@17
|
19 */
|
Chris@17
|
20 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
|
Chris@17
|
21 /** @var \Drupal\workspaces\WorkspaceInterface $entity */
|
Chris@17
|
22 if ($operation === 'delete' && $entity->isDefaultWorkspace()) {
|
Chris@17
|
23 return AccessResult::forbidden()->addCacheableDependency($entity);
|
Chris@17
|
24 }
|
Chris@17
|
25
|
Chris@17
|
26 if ($account->hasPermission('administer workspaces')) {
|
Chris@17
|
27 return AccessResult::allowed()->cachePerPermissions();
|
Chris@17
|
28 }
|
Chris@17
|
29
|
Chris@17
|
30 // The default workspace is always viewable, no matter what.
|
Chris@17
|
31 if ($operation == 'view' && $entity->isDefaultWorkspace()) {
|
Chris@17
|
32 return AccessResult::allowed()->addCacheableDependency($entity);
|
Chris@17
|
33 }
|
Chris@17
|
34
|
Chris@17
|
35 $permission_operation = $operation === 'update' ? 'edit' : $operation;
|
Chris@17
|
36
|
Chris@17
|
37 // Check if the user has permission to access all workspaces.
|
Chris@17
|
38 $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');
|
Chris@17
|
39
|
Chris@17
|
40 // Check if it's their own workspace, and they have permission to access
|
Chris@17
|
41 // their own workspace.
|
Chris@17
|
42 if ($access_result->isNeutral() && $account->isAuthenticated() && $account->id() === $entity->getOwnerId()) {
|
Chris@17
|
43 $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' own workspace')
|
Chris@17
|
44 ->cachePerUser()
|
Chris@17
|
45 ->addCacheableDependency($entity);
|
Chris@17
|
46 }
|
Chris@17
|
47
|
Chris@17
|
48 return $access_result;
|
Chris@17
|
49 }
|
Chris@17
|
50
|
Chris@17
|
51 /**
|
Chris@17
|
52 * {@inheritdoc}
|
Chris@17
|
53 */
|
Chris@17
|
54 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
|
Chris@17
|
55 return AccessResult::allowedIfHasPermission($account, 'create workspace');
|
Chris@17
|
56 }
|
Chris@17
|
57
|
Chris@17
|
58 }
|