Mercurial > hg > isophonics-drupal-site

comparison core/modules/media/src/MediaAccessControlHandler.php @ 14:1fec387a4317

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to 8.5.2 via Composer
author Chris Cannam
date Mon, 23 Apr 2018 09:46:53 +0100
parents 4c8ae668cc8c
children 129ea1e6d783
comparison
equal deleted inserted replaced
13:5fb285c0d0e3 14:1fec387a4317
6 use Drupal\Core\Entity\EntityAccessControlHandler; 6 use Drupal\Core\Entity\EntityAccessControlHandler;
7 use Drupal\Core\Entity\EntityInterface; 7 use Drupal\Core\Entity\EntityInterface;
8 use Drupal\Core\Session\AccountInterface; 8 use Drupal\Core\Session\AccountInterface;
9 9
10 /** 10 /**
11 * Defines an access control handler for the media entity. 11 * Defines an access control handler for media items.
12 */ 12 */
13 class MediaAccessControlHandler extends EntityAccessControlHandler { 13 class MediaAccessControlHandler extends EntityAccessControlHandler {
14 14
15 /** 15 /**
16 * {@inheritdoc} 16 * {@inheritdoc}
18 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { 18 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
19 if ($account->hasPermission('administer media')) { 19 if ($account->hasPermission('administer media')) {
20 return AccessResult::allowed()->cachePerPermissions(); 20 return AccessResult::allowed()->cachePerPermissions();
21 } 21 }
22 22
23 $type = $entity->bundle();
23 $is_owner = ($account->id() && $account->id() === $entity->getOwnerId()); 24 $is_owner = ($account->id() && $account->id() === $entity->getOwnerId());
24 switch ($operation) { 25 switch ($operation) {
25 case 'view': 26 case 'view':
26 $access_result = AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished()) 27 $access_result = AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished())
27 ->cachePerPermissions() 28 ->cachePerPermissions()
30 $access_result->setReason("The 'view media' permission is required and the media item must be published."); 31 $access_result->setReason("The 'view media' permission is required and the media item must be published.");
31 } 32 }
32 return $access_result; 33 return $access_result;
33 34
34 case 'update': 35 case 'update':
36 if ($account->hasPermission('edit any ' . $type . ' media')) {
37 return AccessResult::allowed()->cachePerPermissions();
38 }
39 if ($account->hasPermission('edit own ' . $type . ' media') && $is_owner) {
40 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
41 }
42 // @todo Deprecate this permission in
43 // https://www.drupal.org/project/drupal/issues/2925459.
35 if ($account->hasPermission('update any media')) { 44 if ($account->hasPermission('update any media')) {
36 return AccessResult::allowed()->cachePerPermissions(); 45 return AccessResult::allowed()->cachePerPermissions();
37 } 46 }
38 return AccessResult::allowedIf($account->hasPermission('update media') && $is_owner) 47 if ($account->hasPermission('update media') && $is_owner) {
39 ->cachePerPermissions() 48 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
40 ->cachePerUser() 49 }
41 ->addCacheableDependency($entity); 50 return AccessResult::neutral()->cachePerPermissions();
42 51
43 case 'delete': 52 case 'delete':
53 if ($account->hasPermission('delete any ' . $type . ' media')) {
54 return AccessResult::allowed()->cachePerPermissions();
55 }
56 if ($account->hasPermission('delete own ' . $type . ' media') && $is_owner) {
57 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
58 }
59 // @todo Deprecate this permission in
60 // https://www.drupal.org/project/drupal/issues/2925459.
44 if ($account->hasPermission('delete any media')) { 61 if ($account->hasPermission('delete any media')) {
45 return AccessResult::allowed()->cachePerPermissions(); 62 return AccessResult::allowed()->cachePerPermissions();
46 } 63 }
47 return AccessResult::allowedIf($account->hasPermission('delete media') && $is_owner) 64 if ($account->hasPermission('delete media') && $is_owner) {
48 ->cachePerPermissions() 65 return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($entity);
49 ->cachePerUser() 66 }
50 ->addCacheableDependency($entity); 67 return AccessResult::neutral()->cachePerPermissions();
51 68
52 default: 69 default:
53 return AccessResult::neutral()->cachePerPermissions(); 70 return AccessResult::neutral()->cachePerPermissions();
54 } 71 }
55 } 72 }
56 73
57 /** 74 /**
58 * {@inheritdoc} 75 * {@inheritdoc}
59 */ 76 */
60 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { 77 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
61 return AccessResult::allowedIfHasPermissions($account, ['administer media', 'create media'], 'OR'); 78 $permissions = [
79 'administer media',
80 'create media',
81 'create ' . $entity_bundle . ' media',
82 ];
83 return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
62 } 84 }
63 85
64 } 86 }