private function TeamAppAccessHandler::checkAccessByTeamMemberPermissions in Apigee Edge 8
Performs access check based on a user's team-level permissions.
Parameters
\Drupal\apigee_edge_teams\Entity\TeamInterface $team: The team that owns the app.
string $operation: The entity operation on a team app: view, create, delete, update analytics, add_api_key, delete_api_key or revoke_api_key.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
2 calls to TeamAppAccessHandler::checkAccessByTeamMemberPermissions()
- TeamAppAccessHandler::checkAccess in modules/
apigee_edge_teams/ src/ Entity/ TeamAppAccessHandler.php - Performs access checks.
- TeamAppAccessHandler::checkCreateAccess in modules/
apigee_edge_teams/ src/ Entity/ TeamAppAccessHandler.php - Performs create access checks.
File
- modules/
apigee_edge_teams/ src/ Entity/ TeamAppAccessHandler.php, line 178
Class
- TeamAppAccessHandler
- Access handler for Team App entities.
Namespace
Drupal\apigee_edge_teams\EntityCode
private function checkAccessByTeamMemberPermissions(TeamInterface $team, string $operation, AccountInterface $account) : AccessResultInterface {
$covered_operations = [
'view',
'create',
'delete',
'update',
'analytics',
'add_api_key',
'delete_api_key',
'revoke_api_key',
];
if (!in_array($operation, $covered_operations)) {
return AccessResult::neutral("Team membership based access check does not support {$operation} operation on team apps.");
}
if ($account
->isAnonymous()) {
$result = AccessResult::forbidden('Anonymous user can not be member of a team.');
}
else {
$result = AccessResult::allowedIf(in_array("team_app_{$operation}", $this->teamPermissionHandler
->getDeveloperPermissionsByTeam($team, $account)));
// Ensure that access is re-evaluated when the team entity changes.
$result
->addCacheableDependency($team);
}
return $result;
}