Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\workflows;
Chris@0: 
Chris@0: use Drupal\Component\Plugin\PluginManagerInterface;
Chris@0: use Drupal\Core\Entity\EntityAccessControlHandler;
Chris@0: use Drupal\Core\Entity\EntityHandlerInterface;
Chris@0: use Drupal\Core\Entity\EntityInterface;
Chris@0: use Drupal\Core\Entity\EntityTypeInterface;
Chris@0: use Drupal\Core\Session\AccountInterface;
Chris@0: use Drupal\Core\Access\AccessResult;
Chris@0: use Symfony\Component\DependencyInjection\ContainerInterface;
Chris@0: 
Chris@0: /**
Chris@0:  * Access controller for the Workflow entity.
Chris@0:  *
Chris@0:  * @see \Drupal\workflows\Entity\Workflow.
Chris@0:  */
Chris@0: class WorkflowAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
Chris@0: 
Chris@0:   /**
Chris@0:    * The workflow type plugin manager.
Chris@0:    *
Chris@0:    * @var \Drupal\Component\Plugin\PluginManagerInterface
Chris@0:    */
Chris@0:   protected $workflowTypeManager;
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
Chris@0:     return new static(
Chris@0:       $entity_type,
Chris@0:       $container->get('plugin.manager.workflows.type')
Chris@0:     );
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * Constructs the workflow access control handler instance.
Chris@0:    *
Chris@0:    * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
Chris@0:    *   The entity type definition.
Chris@0:    * @param \Drupal\Component\Plugin\PluginManagerInterface $workflow_type_manager
Chris@0:    *   The workflow type plugin manager.
Chris@0:    */
Chris@0:   public function __construct(EntityTypeInterface $entity_type, PluginManagerInterface $workflow_type_manager) {
Chris@0:     parent::__construct($entity_type);
Chris@0:     $this->workflowTypeManager = $workflow_type_manager;
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
Chris@0:     /** @var \Drupal\workflows\Entity\Workflow $entity */
Chris@0:     $workflow_type = $entity->getTypePlugin();
Chris@0:     if (strpos($operation, 'delete-state') === 0) {
Chris@0:       list(, $state_id) = explode(':', $operation, 2);
Chris@0:       // Deleting a state is editing a workflow, but also we should forbid
Chris@0:       // access if there is only one state.
Chris@0:       return AccessResult::allowedIf(count($entity->getTypePlugin()->getStates()) > 1)
Chris@0:         ->andIf(parent::checkAccess($entity, 'edit', $account))
Chris@0:         ->andIf(AccessResult::allowedIf(!in_array($state_id, $workflow_type->getRequiredStates(), TRUE)))
Chris@0:         ->addCacheableDependency($entity);
Chris@0:     }
Chris@0: 
Chris@0:     return parent::checkAccess($entity, $operation, $account);
Chris@0:   }
Chris@0: 
Chris@0:   /**
Chris@0:    * {@inheritdoc}
Chris@0:    */
Chris@0:   protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
Chris@0:     $workflow_types_count = count($this->workflowTypeManager->getDefinitions());
Chris@0:     $admin_access = parent::checkCreateAccess($account, $context, $entity_bundle);
Chris@0:     // Allow access if there is at least one workflow type. Since workflow types
Chris@0:     // are provided by modules this is cacheable until extensions change.
Chris@0:     return $admin_access
Chris@0:       ->andIf(AccessResult::allowedIf($workflow_types_count > 0))
Chris@0:       ->addCacheTags(['workflow_type_plugins']);
Chris@0:   }
Chris@0: 
Chris@0: }