You are here

final class TeamInvitationAccessControlHandler in Apigee Edge 8

Access controller handler for team_invitation.

Hierarchy

Expanded class hierarchy of TeamInvitationAccessControlHandler

File

modules/apigee_edge_teams/src/Entity/TeamInvitationAccessControlHandler.php, line 35

Namespace

Drupal\apigee_edge_teams\Entity
View source
final class TeamInvitationAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {

  /**
   * The team permissions handler.
   *
   * @var \Drupal\apigee_edge_teams\TeamPermissionHandlerInterface
   */
  protected $teamPermissionHandler;

  /**
   * TeamInvitationAccessControlHandler constructor.
   *
   * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
   *   The entity type.
   * @param \Drupal\apigee_edge_teams\TeamPermissionHandlerInterface $team_permission_handler
   *   The team permissions handler.
   */
  public function __construct(EntityTypeInterface $entity_type, TeamPermissionHandlerInterface $team_permission_handler) {
    parent::__construct($entity_type);
    $this->teamPermissionHandler = $team_permission_handler;
  }

  /**
   * {@inheritdoc}
   */
  public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
    return new static($entity_type, $container
      ->get('apigee_edge_teams.team_permissions'));
  }

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

    /** @var \Drupal\apigee_edge_teams\Entity\TeamInvitation $entity */
    $account = $this
      ->prepareUser($account);

    // Check if team exists.
    if (!$entity
      ->getTeam()) {
      return AccessResult::forbidden('Team does not exist.')
        ->addCacheableDependency($entity);
    }

    // Access is allowed if the user can accept invitation and the invitation
    // is pending.
    if ($entity
      ->isPending() && $operation === 'accept') {
      return AccessResult::allowedIf($account
        ->getEmail() == $entity
        ->getRecipient())
        ->andIf(AccessResult::allowedIfHasPermissions($account, [
        'accept own team invitation',
        'accept any team invitation',
      ], 'OR'))
        ->addCacheableDependency($entity)
        ->cachePerUser();
    }

    // Access is allowed if the user can decline invitation and the invitation
    // is pending.
    if ($entity
      ->isPending() && $operation === 'decline') {
      return AccessResult::allowedIf($account
        ->getEmail() == $entity
        ->getRecipient())
        ->andIf(AccessResult::allowedIfHasPermissions($account, [
        'decline own team invitation',
        'decline any team invitation',
      ], 'OR'))
        ->addCacheableDependency($entity)
        ->cachePerUser();
    }

    // Access allowed if user can administer team invitations for team or if
    // user has permissions to administer all team invitations.
    // Note: This is handled at team level permissions.
    if ($operation === 'delete' || $operation === "resend") {
      return AccessResult::allowedIf(in_array('team_manage_members', $this->teamPermissionHandler
        ->getDeveloperPermissionsByTeam($entity
        ->getTeam(), $account)))
        ->orIf(AccessResult::allowedIfHasPermissions($account, [
        'administer team',
        'manage team members',
      ], 'OR'))
        ->addCacheableDependency($entity)
        ->cachePerUser();
    }
    return parent::checkAccess($entity, $operation, $account);
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
EntityAccessControlHandler::$accessCache protected property Stores calculated access check results.
EntityAccessControlHandler::$entityType protected property Information about the entity type.
EntityAccessControlHandler::$entityTypeId protected property The entity type ID of the access control handler instance.
EntityAccessControlHandler::$viewLabelOperation protected property Allows to grant access to just the labels. 5
EntityAccessControlHandler::access public function Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface::access 1
EntityAccessControlHandler::checkEntityOwnerPermissions protected function Checks the entity operation and bundle permissions, with owners. Overrides EntityAccessControlHandlerBase::checkEntityOwnerPermissions
EntityAccessControlHandler::checkFieldAccess protected function Default field access as determined by this access control handler. 4
EntityAccessControlHandler::createAccess public function Checks access to create an entity. Overrides EntityAccessControlHandlerInterface::createAccess 1
EntityAccessControlHandler::fieldAccess public function Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface::fieldAccess
EntityAccessControlHandler::getCache protected function Tries to retrieve a previously cached access value from the static cache.
EntityAccessControlHandler::prepareUser protected function Loads the current account object, if it does not exist yet.
EntityAccessControlHandler::processAccessHookResults protected function We grant access to the entity if both of these conditions are met:
EntityAccessControlHandler::resetCache public function Clears all cached access checks. Overrides EntityAccessControlHandlerInterface::resetCache
EntityAccessControlHandler::setCache protected function Statically caches whether the given user has access.
EntityAccessControlHandlerBase::checkCreateAccess protected function Performs create access checks. Overrides EntityAccessControlHandler::checkCreateAccess
EntityAccessControlHandlerBase::checkEntityPermissions protected function Checks the entity operation and bundle permissions.
EntityHandlerBase::$moduleHandler protected property The module handler to invoke hooks on. 2
EntityHandlerBase::moduleHandler protected function Gets the module handler. 2
EntityHandlerBase::setModuleHandler public function Sets the module handler for this handler.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.
TeamInvitationAccessControlHandler::$teamPermissionHandler protected property The team permissions handler.
TeamInvitationAccessControlHandler::checkAccess protected function Performs access checks. Overrides EntityAccessControlHandlerBase::checkAccess
TeamInvitationAccessControlHandler::createInstance public static function Instantiates a new instance of this entity handler. Overrides EntityHandlerInterface::createInstance
TeamInvitationAccessControlHandler::__construct public function TeamInvitationAccessControlHandler constructor. Overrides EntityAccessControlHandler::__construct