You are here

Home » API reference » Comment Permissions 8 » CommentTypeAccessControlHandler.php » CommentTypeAccessControlHandler

protected function CommentTypeAccessControlHandler::checkFieldAccess in Comment Permissions 8

Default field access as determined by this access control handler.

Parameters

string $operation: The operation access should be checked for. Usually one of "view" or "edit".

\Drupal\Core\Field\FieldDefinitionInterface $field_definition: The field definition.

\Drupal\Core\Session\AccountInterface $account: The user session for which to check access.

\Drupal\Core\Field\FieldItemListInterface $items: (optional) The field values for which to check access, or NULL if access is checked for the field definition, without any specific value available. Defaults to NULL.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides CommentAccessControlHandler::checkFieldAccess

File

src/CommentTypeAccessControlHandler.php, line 75

Class

CommentTypeAccessControlHandler
Override comment access control handler for the comment entity type.

Namespace

Drupal\comment_perm

Code

protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
  $comment_type = $items
    ->getEntity()
    ->bundle();
  if ($operation == 'edit') {

    // Only users with the "administer comments" permission can edit
    // administrative fields.
    $administrative_fields = [
      'uid',
      'status',
      'created',
      'date',
    ];
    if (in_array($field_definition
      ->getName(), $administrative_fields, TRUE)) {
      return AccessResult::allowedIf($this
        ->accessAdministerComment($account, $comment_type));
    }

    // No user can change read-only fields.
    $read_only_fields = [
      'hostname',
      'changed',
      'cid',
      'thread',
    ];

    // These fields can be edited during comment creation.
    $create_only_fields = [
      'comment_type',
      'uuid',
      'entity_id',
      'entity_type',
      'field_name',
      'pid',
    ];
    if ($items && ($entity = $items
      ->getEntity()) && $entity
      ->isNew() && in_array($field_definition
      ->getName(), $create_only_fields, TRUE)) {

      // We are creating a new comment, user can edit create only fields.
      return AccessResult::allowedIf($this
        ->accessPostComment($account, $comment_type))
        ->addCacheableDependency($entity);
    }

    // We are editing an existing comment - create only fields are now read
    // only.
    $read_only_fields = array_merge($read_only_fields, $create_only_fields);
    if (in_array($field_definition
      ->getName(), $read_only_fields, TRUE)) {
      return AccessResult::forbidden();
    }

    // If the field is configured to accept anonymous contact details - admins
    // can edit name, homepage and mail. Anonymous users can also fill in the
    // fields on comment creation.
    if (in_array($field_definition
      ->getName(), [
      'name',
      'mail',
      'homepage',
    ], TRUE)) {
      if (!$items) {

        // We cannot make a decision about access to edit these fields if we
        // don't have any items and therefore cannot determine the Comment
        // entity. In this case we err on the side of caution and prevent edit
        // access.
        return AccessResult::forbidden();
      }
      $is_name = $field_definition
        ->getName() === 'name';

      /** @var \Drupal\comment\CommentInterface $entity */
      $entity = $items
        ->getEntity();
      $commented_entity = $entity
        ->getCommentedEntity();
      $anonymous_contact = $commented_entity
        ->get($entity
        ->getFieldName())
        ->getFieldDefinition()
        ->getSetting('anonymous');
      $admin_access = AccessResult::allowedIf($this
        ->accessAdministerComment($account, $comment_type));
      $anonymous_access = AccessResult::allowedIf($entity
        ->isNew() && $account
        ->isAnonymous() && ($anonymous_contact != CommentInterface::ANONYMOUS_MAYNOT_CONTACT || $is_name) && $this
        ->accessPostComment($account, $comment_type))
        ->cachePerPermissions()
        ->addCacheableDependency($entity)
        ->addCacheableDependency($field_definition
        ->getConfig($commented_entity
        ->bundle()))
        ->addCacheableDependency($commented_entity);
      return $admin_access
        ->orIf($anonymous_access);
    }
  }
  if ($operation == 'view') {

    // Nobody has access to the hostname.
    if ($field_definition
      ->getName() == 'hostname') {
      return AccessResult::forbidden();
    }

    // The mail field is hidden from non-admins.
    if ($field_definition
      ->getName() == 'mail') {
      return AccessResult::allowedIf($this
        ->accessAdministerComment($account, $comment_type));
    }
  }
  return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}