Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\content_moderation\Access;
Chris@0: 
Chris@0: use Drupal\Core\Access\AccessException;
Chris@0: use Drupal\Core\Access\AccessResult;
Chris@0: use Drupal\Core\Entity\EntityInterface;
Chris@0: use Drupal\Core\Routing\Access\AccessInterface;
Chris@0: use Drupal\Core\Routing\RouteMatchInterface;
Chris@0: use Drupal\content_moderation\ModerationInformationInterface;
Chris@0: use Drupal\Core\Session\AccountInterface;
Chris@0: use Drupal\user\EntityOwnerInterface;
Chris@0: use Symfony\Component\Routing\Route;
Chris@0: 
Chris@0: /**
Chris@0:  * Access check for the entity moderation tab.
Chris@0:  */
Chris@0: class LatestRevisionCheck implements AccessInterface {
Chris@0: 
Chris@0:   /**
Chris@0:    * The moderation information service.
Chris@0:    *
Chris@0:    * @var \Drupal\content_moderation\ModerationInformationInterface
Chris@0:    */
Chris@0:   protected $moderationInfo;
Chris@0: 
Chris@0:   /**
Chris@0:    * Constructs a new LatestRevisionCheck.
Chris@0:    *
Chris@0:    * @param \Drupal\content_moderation\ModerationInformationInterface $moderation_information
Chris@0:    *   The moderation information service.
Chris@0:    */
Chris@0:   public function __construct(ModerationInformationInterface $moderation_information) {
Chris@0:     $this->moderationInfo = $moderation_information;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Checks that there is a pending revision available.
Chris@0:    *
Chris@0:    * This checker assumes the presence of an '_entity_access' requirement key
Chris@0:    * in the same form as used by EntityAccessCheck.
Chris@0:    *
Chris@0:    * @param \Symfony\Component\Routing\Route $route
Chris@0:    *   The route to check against.
Chris@0:    * @param \Drupal\Core\Routing\RouteMatchInterface $route_match
Chris@0:    *   The parametrized route.
Chris@0:    * @param \Drupal\Core\Session\AccountInterface $account
Chris@0:    *   The current user account.
Chris@0:    *
Chris@0:    * @return \Drupal\Core\Access\AccessResultInterface
Chris@0:    *   The access result.
Chris@0:    *
Chris@0:    * @see \Drupal\Core\Entity\EntityAccessCheck
Chris@0:    */
Chris@0:   public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) {
Chris@0:     // This tab should not show up unless there's a reason to show it.
Chris@0:     $entity = $this->loadEntity($route, $route_match);
Chris@0:     if ($this->moderationInfo->hasPendingRevision($entity)) {
Chris@0:       // Check the global permissions first.
Chris@0:       $access_result = AccessResult::allowedIfHasPermissions($account, ['view latest version', 'view any unpublished content']);
Chris@0:       if (!$access_result->isAllowed()) {
Chris@0:         // Check entity owner access.
Chris@0:         $owner_access = AccessResult::allowedIfHasPermissions($account, ['view latest version', 'view own unpublished content']);
Chris@0:         $owner_access = $owner_access->andIf((AccessResult::allowedIf($entity instanceof EntityOwnerInterface && ($entity->getOwnerId() == $account->id()))));
Chris@0:         $access_result = $access_result->orIf($owner_access);
Chris@0:       }
Chris@0: 
Chris@0:       return $access_result->addCacheableDependency($entity);
Chris@0:     }
Chris@0: 
Chris@17:     return AccessResult::forbidden('No pending revision for moderated entity.')->addCacheableDependency($entity);
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Returns the default revision of the entity this route is for.
Chris@0:    *
Chris@0:    * @param \Symfony\Component\Routing\Route $route
Chris@0:    *   The route to check against.
Chris@0:    * @param \Drupal\Core\Routing\RouteMatchInterface $route_match
Chris@0:    *   The parametrized route.
Chris@0:    *
Chris@0:    * @return \Drupal\Core\Entity\ContentEntityInterface
Chris@0:    *   returns the Entity in question.
Chris@0:    *
Chris@0:    * @throws \Drupal\Core\Access\AccessException
Chris@0:    *   An AccessException is thrown if the entity couldn't be loaded.
Chris@0:    */
Chris@0:   protected function loadEntity(Route $route, RouteMatchInterface $route_match) {
Chris@0:     $entity_type = $route->getOption('_content_moderation_entity_type');
Chris@0: 
Chris@0:     if ($entity = $route_match->getParameter($entity_type)) {
Chris@0:       if ($entity instanceof EntityInterface) {
Chris@0:         return $entity;
Chris@0:       }
Chris@0:     }
Chris@0:     throw new AccessException(sprintf('%s is not a valid entity route. The LatestRevisionCheck access checker may only be used with a route that has a single entity parameter.', $route_match->getRouteName()));
Chris@0:   }
Chris@0: 
Chris@0: }