protected function CommentTypeAccessControlHandler::checkFieldAccess in Comment Permissions 8
Default field access as determined by this access control handler.
Parameters
string $operation: The operation access should be checked for. Usually one of "view" or "edit".
\Drupal\Core\Field\FieldDefinitionInterface $field_definition: The field definition.
\Drupal\Core\Session\AccountInterface $account: The user session for which to check access.
\Drupal\Core\Field\FieldItemListInterface $items: (optional) The field values for which to check access, or NULL if access is checked for the field definition, without any specific value available. Defaults to NULL.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides CommentAccessControlHandler::checkFieldAccess
File
- src/
CommentTypeAccessControlHandler.php, line 75
Class
- CommentTypeAccessControlHandler
- Override comment access control handler for the comment entity type.
Namespace
Drupal\comment_permCode
protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
$comment_type = $items
->getEntity()
->bundle();
if ($operation == 'edit') {
// Only users with the "administer comments" permission can edit
// administrative fields.
$administrative_fields = [
'uid',
'status',
'created',
'date',
];
if (in_array($field_definition
->getName(), $administrative_fields, TRUE)) {
return AccessResult::allowedIf($this
->accessAdministerComment($account, $comment_type));
}
// No user can change read-only fields.
$read_only_fields = [
'hostname',
'changed',
'cid',
'thread',
];
// These fields can be edited during comment creation.
$create_only_fields = [
'comment_type',
'uuid',
'entity_id',
'entity_type',
'field_name',
'pid',
];
if ($items && ($entity = $items
->getEntity()) && $entity
->isNew() && in_array($field_definition
->getName(), $create_only_fields, TRUE)) {
// We are creating a new comment, user can edit create only fields.
return AccessResult::allowedIf($this
->accessPostComment($account, $comment_type))
->addCacheableDependency($entity);
}
// We are editing an existing comment - create only fields are now read
// only.
$read_only_fields = array_merge($read_only_fields, $create_only_fields);
if (in_array($field_definition
->getName(), $read_only_fields, TRUE)) {
return AccessResult::forbidden();
}
// If the field is configured to accept anonymous contact details - admins
// can edit name, homepage and mail. Anonymous users can also fill in the
// fields on comment creation.
if (in_array($field_definition
->getName(), [
'name',
'mail',
'homepage',
], TRUE)) {
if (!$items) {
// We cannot make a decision about access to edit these fields if we
// don't have any items and therefore cannot determine the Comment
// entity. In this case we err on the side of caution and prevent edit
// access.
return AccessResult::forbidden();
}
$is_name = $field_definition
->getName() === 'name';
/** @var \Drupal\comment\CommentInterface $entity */
$entity = $items
->getEntity();
$commented_entity = $entity
->getCommentedEntity();
$anonymous_contact = $commented_entity
->get($entity
->getFieldName())
->getFieldDefinition()
->getSetting('anonymous');
$admin_access = AccessResult::allowedIf($this
->accessAdministerComment($account, $comment_type));
$anonymous_access = AccessResult::allowedIf($entity
->isNew() && $account
->isAnonymous() && ($anonymous_contact != CommentInterface::ANONYMOUS_MAYNOT_CONTACT || $is_name) && $this
->accessPostComment($account, $comment_type))
->cachePerPermissions()
->addCacheableDependency($entity)
->addCacheableDependency($field_definition
->getConfig($commented_entity
->bundle()))
->addCacheableDependency($commented_entity);
return $admin_access
->orIf($anonymous_access);
}
}
if ($operation == 'view') {
// Nobody has access to the hostname.
if ($field_definition
->getName() == 'hostname') {
return AccessResult::forbidden();
}
// The mail field is hidden from non-admins.
if ($field_definition
->getName() == 'mail') {
return AccessResult::allowedIf($this
->accessAdministerComment($account, $comment_type));
}
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}