You are here

Home » API reference » Apigee API Catalog 8 » ApiDocAccessControlHandler.php » ApiDocAccessControlHandler

protected function ApiDocAccessControlHandler::checkAccessRevisions in Apigee API Catalog 8

Same name and namespace in other branches
  1. 8.2 src/Entity/Access/ApiDocAccessControlHandler.php \Drupal\apigee_api_catalog\Entity\Access\ApiDocAccessControlHandler::checkAccessRevisions()

Additional access control for revisions.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

1 call to ApiDocAccessControlHandler::checkAccessRevisions()
ApiDocAccessControlHandler::checkAccess in src/Entity/Access/ApiDocAccessControlHandler.php
Performs access checks.

File

src/Entity/Access/ApiDocAccessControlHandler.php, line 117

Class

ApiDocAccessControlHandler
Access controller for the API Doc entity.

Namespace

Drupal\apigee_api_catalog\Entity\Access

Code

protected function checkAccessRevisions(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\Core\Entity\EntityStorageInterface $entity_storage */
  $entity_storage = $this->entityTypeManager
    ->getStorage($this->entityTypeId);

  // Must have access to the same operation on the default revision.
  $default_revision = $entity_storage
    ->load($entity
    ->id());
  $has_default_entity_rev_access = $default_revision
    ->access($operation, $account);
  if (!$has_default_entity_rev_access) {
    return AccessResult::forbidden();
  }
  $map = [
    'view' => "view apidoc revisions",
    'update' => "revert apidoc revisions",
  ];
  if (!$entity || !isset($map[$operation])) {

    // If there was no entity to check against, or the $op was not one of the
    // supported ones, we return access denied.
    return AccessResult::forbidden();
  }
  $admin_permission = $this->entityType
    ->getAdminPermission();

  // Perform basic permission checks first.
  if ($account
    ->hasPermission($map[$operation]) || $admin_permission && $account
    ->hasPermission($admin_permission)) {
    return AccessResult::allowed();
  }
  return AccessResult::forbidden();
}