Chris@17: isDefaultWorkspace()) { Chris@17: return AccessResult::forbidden()->addCacheableDependency($entity); Chris@17: } Chris@17: Chris@17: if ($account->hasPermission('administer workspaces')) { Chris@17: return AccessResult::allowed()->cachePerPermissions(); Chris@17: } Chris@17: Chris@17: // The default workspace is always viewable, no matter what. Chris@17: if ($operation == 'view' && $entity->isDefaultWorkspace()) { Chris@17: return AccessResult::allowed()->addCacheableDependency($entity); Chris@17: } Chris@17: Chris@17: $permission_operation = $operation === 'update' ? 'edit' : $operation; Chris@17: Chris@17: // Check if the user has permission to access all workspaces. Chris@17: $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace'); Chris@17: Chris@17: // Check if it's their own workspace, and they have permission to access Chris@17: // their own workspace. Chris@17: if ($access_result->isNeutral() && $account->isAuthenticated() && $account->id() === $entity->getOwnerId()) { Chris@17: $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' own workspace') Chris@17: ->cachePerUser() Chris@17: ->addCacheableDependency($entity); Chris@17: } Chris@17: Chris@17: return $access_result; Chris@17: } Chris@17: Chris@17: /** Chris@17: * {@inheritdoc} Chris@17: */ Chris@17: protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { Chris@17: return AccessResult::allowedIfHasPermission($account, 'create workspace'); Chris@17: } Chris@17: Chris@17: }