protected function TeamAccessHandler::checkAccess in Apigee Edge 8
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides EntityAccessControlHandler::checkAccess
File
- modules/
apigee_edge_teams/ src/ Entity/ TeamAccessHandler.php, line 70
Class
- TeamAccessHandler
- Access handler for Team entities.
Namespace
Drupal\apigee_edge_teams\EntityCode
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\Core\Access\AccessResult $result */
$result = parent::checkAccess($entity, $operation, $account);
if ($result
->isNeutral()) {
$permissions = [
"{$operation} any {$entity->getEntityTypeId()}",
];
if ($this->entityType
->getAdminPermission()) {
$permissions[] = $this->entityType
->getAdminPermission();
}
$result = AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
if ($result
->isNeutral() && $operation === 'view') {
if ($account
->isAuthenticated()) {
// Grant access to the user if it is a member of the Team.
// (Reminder, anonymous user can not be member of a team.
/** @var \Drupal\apigee_edge\Entity\DeveloperInterface|null $developer */
$developer = $this->developerStorage
->load($account
->getEmail());
if ($developer && in_array($entity
->id(), $developer
->getCompanies())) {
$result = AccessResult::allowed();
// Ensure that access is evaluated again when the team or the
// developer entity changes.
$result
->addCacheableDependency($entity);
$result
->addCacheableDependency($developer);
}
}
}
}
return $result;
}