Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\menu_link_content;
Chris@0: 
Chris@0: use Drupal\Core\Access\AccessResult;
Chris@0: use Drupal\Core\Access\AccessManagerInterface;
Chris@0: use Drupal\Core\Entity\EntityAccessControlHandler;
Chris@0: use Drupal\Core\Entity\EntityHandlerInterface;
Chris@0: use Drupal\Core\Entity\EntityInterface;
Chris@0: use Drupal\Core\Entity\EntityTypeInterface;
Chris@0: use Drupal\Core\Session\AccountInterface;
Chris@0: use Symfony\Component\DependencyInjection\ContainerInterface;
Chris@0: 
Chris@0: /**
Chris@0:  * Defines the access control handler for the user entity type.
Chris@0:  */
Chris@0: class MenuLinkContentAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
Chris@0: 
Chris@0:   /**
Chris@0:    * The access manager to check routes by name.
Chris@0:    *
Chris@0:    * @var \Drupal\Core\Access\AccessManagerInterface
Chris@0:    */
Chris@0:   protected $accessManager;
Chris@0: 
Chris@0:   /**
Chris@0:    * Creates a new MenuLinkContentAccessControlHandler.
Chris@0:    *
Chris@0:    * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
Chris@0:    *   The entity type definition.
Chris@0:    * @param \Drupal\Core\Access\AccessManagerInterface $access_manager
Chris@0:    *   The access manager to check routes by name.
Chris@0:    */
Chris@0:   public function __construct(EntityTypeInterface $entity_type, AccessManagerInterface $access_manager) {
Chris@0:     parent::__construct($entity_type);
Chris@0: 
Chris@0:     $this->accessManager = $access_manager;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
Chris@0:     return new static($entity_type, $container->get('access_manager'));
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
Chris@0:     switch ($operation) {
Chris@0:       case 'view':
Chris@0:         // There is no direct viewing of a menu link, but still for purposes of
Chris@0:         // content_translation we need a generic way to check access.
Chris@0:         return AccessResult::allowedIfHasPermission($account, 'administer menu');
Chris@0: 
Chris@0:       case 'update':
Chris@0:         if (!$account->hasPermission('administer menu')) {
Chris@0:           return AccessResult::neutral("The 'administer menu' permission is required.")->cachePerPermissions();
Chris@0:         }
Chris@0:         else {
Chris@0:           // Assume that access is allowed.
Chris@0:           $access = AccessResult::allowed()->cachePerPermissions()->addCacheableDependency($entity);
Chris@0:           /** @var \Drupal\menu_link_content\MenuLinkContentInterface $entity */
Chris@0:           // If the link is routed determine whether the user has access unless
Chris@0:           // they have the 'link to any page' permission.
Chris@0:           if (!$account->hasPermission('link to any page') && ($url_object = $entity->getUrlObject()) && $url_object->isRouted()) {
Chris@0:             $link_access = $this->accessManager->checkNamedRoute($url_object->getRouteName(), $url_object->getRouteParameters(), $account, TRUE);
Chris@0:             $access = $access->andIf($link_access);
Chris@0:           }
Chris@0:           return $access;
Chris@0:         }
Chris@0: 
Chris@0:       case 'delete':
Chris@17:         return AccessResult::allowedIfHasPermission($account, 'administer menu')
Chris@17:           ->andIf(AccessResult::allowedIf(!$entity->isNew())->addCacheableDependency($entity));
Chris@0:     }
Chris@0:   }
Chris@0: 
Chris@0: }