You are here

Home » API reference » Apigee API Catalog 8.2 » ApiDocAccessControlHandler.php

class ApiDocAccessControlHandler in Apigee API Catalog 8.2

Same name and namespace in other branches
  1. 8 src/Entity/Access/ApiDocAccessControlHandler.php \Drupal\apigee_api_catalog\Entity\Access\ApiDocAccessControlHandler

Access controller for the API Doc entity.

Hierarchy

Expanded class hierarchy of ApiDocAccessControlHandler

Deprecated

in 2.x and is removed from 3.x. Use the node "apidoc" bundle instead.

See also

https://github.com/apigee/apigee-api-catalog-drupal/pull/84

\Drupal\apigee_api_catalog\Entity\ApiDoc.

File

src/Entity/Access/ApiDocAccessControlHandler.php, line 41

Namespace

Drupal\apigee_api_catalog\Entity\Access
View source 
class ApiDocAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {

  /**
   * The entity type manager.
   *
   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
   */
  protected $entityTypeManager;

  /**
   * Constructs an access control handler instance.
   *
   * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
   *   The entity type definition.
   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entityTypeManager
   *   The entity type manager.
   */
  public function __construct(EntityTypeInterface $entity_type, EntityTypeManagerInterface $entityTypeManager) {
    parent::__construct($entity_type);
    $this->entityTypeManager = $entityTypeManager;
  }

  /**
   * {@inheritdoc}
   */
  public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
    return new static($entity_type, $container
      ->get('entity_type.manager'));
  }

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

    /** @var \Drupal\apigee_api_catalog\Entity\ApiDocInterface $entity */
    $access = parent::checkAccess($entity, $operation, $account);

    // Access control for revisions.
    if (!$entity
      ->isDefaultRevision()) {
      return $this
        ->checkAccessRevisions($entity, $operation, $account);
    }
    switch ($operation) {
      case 'view':
        return $access
          ->orIf($entity
          ->isPublished() ? AccessResult::allowedIfHasPermission($account, 'view published apidoc entities') : AccessResult::allowedIfHasPermission($account, 'view unpublished apidoc entities'));
      case 'reimport':
        return AccessResult::allowedIf($entity->spec_file_source->value === ApiDocInterface::SPEC_AS_URL)
          ->andIf($entity
          ->access('update', $account, TRUE));
      case 'update':
        return $access
          ->orIf(AccessResult::allowedIfHasPermission($account, 'edit apidoc entities'));
      case 'delete':
        return $access
          ->orIf(AccessResult::allowedIfHasPermission($account, 'delete apidoc entities'));
    }

    // Unknown operation, no opinion.
    return $access;
  }

  /**
   * Additional access control for revisions.
   *
   * @param \Drupal\Core\Entity\EntityInterface $entity
   *   The entity for which to check access.
   * @param string $operation
   *   The entity operation.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user for which to check access.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The access result.
   */
  protected function checkAccessRevisions(EntityInterface $entity, $operation, AccountInterface $account) {

    /** @var \Drupal\Core\Entity\EntityStorageInterface $entity_storage */
    $entity_storage = $this->entityTypeManager
      ->getStorage($this->entityTypeId);

    // Must have access to the same operation on the default revision.
    $default_revision = $entity_storage
      ->load($entity
      ->id());
    $has_default_entity_rev_access = $default_revision
      ->access($operation, $account);
    if (!$has_default_entity_rev_access) {
      return AccessResult::forbidden();
    }
    $map = [
      'view' => "view apidoc revisions",
      'update' => "revert apidoc revisions",
    ];
    if (!$entity || !isset($map[$operation])) {

      // If there was no entity to check against, or the $op was not one of the
      // supported ones, we return access denied.
      return AccessResult::forbidden();
    }
    $admin_permission = $this->entityType
      ->getAdminPermission();

    // Perform basic permission checks first.
    if ($account
      ->hasPermission($map[$operation]) || $admin_permission && $account
      ->hasPermission($admin_permission)) {
      return AccessResult::allowed();
    }
    return AccessResult::forbidden();
  }

  /**
   * {@inheritdoc}
   */
  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermission($account, 'add apidoc entities')
      ->orIf(AccessResult::allowedIfHasPermission($account, 'administer apigee api catalog'));
  }

}

Members

Namesort descending Modifiers Type Description Overrides
ApiDocAccessControlHandler::$entityTypeManager protected property The entity type manager.
ApiDocAccessControlHandler::checkAccess protected function Performs access checks. Overrides EntityAccessControlHandler::checkAccess
ApiDocAccessControlHandler::checkAccessRevisions protected function Additional access control for revisions.
ApiDocAccessControlHandler::checkCreateAccess protected function Performs create access checks. Overrides EntityAccessControlHandler::checkCreateAccess
ApiDocAccessControlHandler::createInstance public static function Instantiates a new instance of this entity handler. Overrides EntityHandlerInterface::createInstance
ApiDocAccessControlHandler::__construct public function Constructs an access control handler instance. Overrides EntityAccessControlHandler::__construct
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
EntityAccessControlHandler::$accessCache protected property Stores calculated access check results.
EntityAccessControlHandler::$entityType protected property Information about the entity type.
EntityAccessControlHandler::$entityTypeId protected property The entity type ID of the access control handler instance.
EntityAccessControlHandler::$viewLabelOperation protected property Allows to grant access to just the labels. 5
EntityAccessControlHandler::access public function Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface::access 1
EntityAccessControlHandler::checkFieldAccess protected function Default field access as determined by this access control handler. 4
EntityAccessControlHandler::createAccess public function Checks access to create an entity. Overrides EntityAccessControlHandlerInterface::createAccess 1
EntityAccessControlHandler::fieldAccess public function Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface::fieldAccess
EntityAccessControlHandler::getCache protected function Tries to retrieve a previously cached access value from the static cache.
EntityAccessControlHandler::prepareUser protected function Loads the current account object, if it does not exist yet.
EntityAccessControlHandler::processAccessHookResults protected function We grant access to the entity if both of these conditions are met:
EntityAccessControlHandler::resetCache public function Clears all cached access checks. Overrides EntityAccessControlHandlerInterface::resetCache
EntityAccessControlHandler::setCache protected function Statically caches whether the given user has access.
EntityHandlerBase::$moduleHandler protected property The module handler to invoke hooks on. 2
EntityHandlerBase::moduleHandler protected function Gets the module handler. 2
EntityHandlerBase::setModuleHandler public function Sets the module handler for this handler.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.