Mercurial > hg > isophonics-drupal-site
comparison core/modules/contact/src/ContactFormAccessControlHandler.php @ 0:4c8ae668cc8c
Initial import (non-working)
| author | Chris Cannam |
|---|---|
| date | Wed, 29 Nov 2017 16:09:58 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4c8ae668cc8c |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\contact; | |
| 4 | |
| 5 use Drupal\Core\Access\AccessResult; | |
| 6 use Drupal\Core\Entity\EntityAccessControlHandler; | |
| 7 use Drupal\Core\Entity\EntityInterface; | |
| 8 use Drupal\Core\Session\AccountInterface; | |
| 9 | |
| 10 /** | |
| 11 * Defines the access control handler for the contact form entity type. | |
| 12 * | |
| 13 * @see \Drupal\contact\Entity\ContactForm. | |
| 14 */ | |
| 15 class ContactFormAccessControlHandler extends EntityAccessControlHandler { | |
| 16 | |
| 17 /** | |
| 18 * {@inheritdoc} | |
| 19 */ | |
| 20 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { | |
| 21 if ($operation == 'view') { | |
| 22 // Do not allow access personal form via site-wide route. | |
| 23 return AccessResult::allowedIfHasPermission($account, 'access site-wide contact form')->andIf(AccessResult::allowedIf($entity->id() !== 'personal')); | |
| 24 } | |
| 25 elseif ($operation == 'delete' || $operation == 'update') { | |
| 26 // Do not allow the 'personal' form to be deleted, as it's used for | |
| 27 // the personal contact form. | |
| 28 return AccessResult::allowedIfHasPermission($account, 'administer contact forms')->andIf(AccessResult::allowedIf($entity->id() !== 'personal')); | |
| 29 } | |
| 30 | |
| 31 return parent::checkAccess($entity, $operation, $account); | |
| 32 } | |
| 33 | |
| 34 } |