Chris@17: <?php
Chris@17: 
Chris@17: namespace Drupal\Core\Entity;
Chris@17: 
Chris@17: use Drupal\Core\Access\AccessResult;
Chris@17: use Drupal\Core\Routing\Access\AccessInterface;
Chris@17: use Drupal\Core\Session\AccountInterface;
Chris@17: use Drupal\Core\TempStore\PrivateTempStoreFactory;
Chris@17: use Symfony\Component\HttpFoundation\RequestStack;
Chris@17: 
Chris@17: /**
Chris@17:  * Checks if the current user has delete access to the items of the tempstore.
Chris@17:  */
Chris@17: class EntityDeleteMultipleAccessCheck implements AccessInterface {
Chris@17: 
Chris@17:   /**
Chris@17:    * The entity type manager.
Chris@17:    *
Chris@17:    * @var \Drupal\Core\Entity\EntityManagerInterface
Chris@17:    */
Chris@17:   protected $entityTypeManager;
Chris@17: 
Chris@17:   /**
Chris@17:    * The tempstore service.
Chris@17:    *
Chris@17:    * @var \Drupal\Core\TempStore\PrivateTempStoreFactory
Chris@17:    */
Chris@17:   protected $tempStore;
Chris@17: 
Chris@17:   /**
Chris@17:    * Request stack service.
Chris@17:    *
Chris@17:    * @var \Symfony\Component\HttpFoundation\RequestStack
Chris@17:    */
Chris@17:   protected $requestStack;
Chris@17: 
Chris@17:   /**
Chris@17:    * Constructs a new EntityDeleteMultipleAccessCheck.
Chris@17:    *
Chris@17:    * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
Chris@17:    *   The entity type manager.
Chris@17:    * @param \Drupal\Core\TempStore\PrivateTempStoreFactory $temp_store_factory
Chris@17:    *   The tempstore service.
Chris@17:    * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
Chris@17:    *   The request stack service.
Chris@17:    */
Chris@17:   public function __construct(EntityTypeManagerInterface $entity_type_manager, PrivateTempStoreFactory $temp_store_factory, RequestStack $request_stack) {
Chris@17:     $this->entityTypeManager = $entity_type_manager;
Chris@17:     $this->tempStore = $temp_store_factory->get('entity_delete_multiple_confirm');
Chris@17:     $this->requestStack = $request_stack;
Chris@17:   }
Chris@17: 
Chris@17:   /**
Chris@17:    * Checks if the user has delete access for at least one item of the store.
Chris@17:    *
Chris@17:    * @param \Drupal\Core\Session\AccountInterface $account
Chris@17:    *   Run access checks for this account.
Chris@17:    * @param string $entity_type_id
Chris@17:    *   Entity type ID.
Chris@17:    *
Chris@17:    * @return \Drupal\Core\Access\AccessResult
Chris@17:    *   Allowed or forbidden, neutral if tempstore is empty.
Chris@17:    */
Chris@17:   public function access(AccountInterface $account, $entity_type_id) {
Chris@18:     if (!$this->requestStack->getCurrentRequest()->hasSession()) {
Chris@17:       return AccessResult::neutral();
Chris@17:     }
Chris@17:     $selection = $this->tempStore->get($account->id() . ':' . $entity_type_id);
Chris@17:     if (empty($selection) || !is_array($selection)) {
Chris@17:       return AccessResult::neutral();
Chris@17:     }
Chris@17: 
Chris@17:     $entities = $this->entityTypeManager->getStorage($entity_type_id)->loadMultiple(array_keys($selection));
Chris@17:     foreach ($entities as $entity) {
Chris@17:       // As long as the user has access to delete one entity allow access to the
Chris@17:       // delete form. Access will be checked again in
Chris@17:       // Drupal\Core\Entity\Form\DeleteMultipleForm::submit() in case it has
Chris@17:       // changed in the meantime.
Chris@17:       if ($entity->access('delete', $account)) {
Chris@17:         return AccessResult::allowed();
Chris@17:       }
Chris@17:     }
Chris@17:     return AccessResult::forbidden();
Chris@17:   }
Chris@17: 
Chris@17: }