ApiDocAccessControlHandler.php in Apigee API Catalog 8.2
File
src/Entity/Access/ApiDocAccessControlHandler.php
View source
<?php
namespace Drupal\apigee_api_catalog\Entity\Access;
use Drupal\apigee_api_catalog\Entity\ApiDocInterface;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityHandlerInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Access\AccessResult;
use Symfony\Component\DependencyInjection\ContainerInterface;
class ApiDocAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
protected $entityTypeManager;
public function __construct(EntityTypeInterface $entity_type, EntityTypeManagerInterface $entityTypeManager) {
parent::__construct($entity_type);
$this->entityTypeManager = $entityTypeManager;
}
public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
return new static($entity_type, $container
->get('entity_type.manager'));
}
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
$access = parent::checkAccess($entity, $operation, $account);
if (!$entity
->isDefaultRevision()) {
return $this
->checkAccessRevisions($entity, $operation, $account);
}
switch ($operation) {
case 'view':
return $access
->orIf($entity
->isPublished() ? AccessResult::allowedIfHasPermission($account, 'view published apidoc entities') : AccessResult::allowedIfHasPermission($account, 'view unpublished apidoc entities'));
case 'reimport':
return AccessResult::allowedIf($entity->spec_file_source->value === ApiDocInterface::SPEC_AS_URL)
->andIf($entity
->access('update', $account, TRUE));
case 'update':
return $access
->orIf(AccessResult::allowedIfHasPermission($account, 'edit apidoc entities'));
case 'delete':
return $access
->orIf(AccessResult::allowedIfHasPermission($account, 'delete apidoc entities'));
}
return $access;
}
protected function checkAccessRevisions(EntityInterface $entity, $operation, AccountInterface $account) {
$entity_storage = $this->entityTypeManager
->getStorage($this->entityTypeId);
$default_revision = $entity_storage
->load($entity
->id());
$has_default_entity_rev_access = $default_revision
->access($operation, $account);
if (!$has_default_entity_rev_access) {
return AccessResult::forbidden();
}
$map = [
'view' => "view apidoc revisions",
'update' => "revert apidoc revisions",
];
if (!$entity || !isset($map[$operation])) {
return AccessResult::forbidden();
}
$admin_permission = $this->entityType
->getAdminPermission();
if ($account
->hasPermission($map[$operation]) || $admin_permission && $account
->hasPermission($admin_permission)) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
}
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermission($account, 'add apidoc entities')
->orIf(AccessResult::allowedIfHasPermission($account, 'administer apigee api catalog'));
}
}