You are here

protected function IndividualAccessControlHandler::checkAccess in CRM Core 8

Same name and namespace in other branches
  1. 8.3 modules/crm_core_contact/src/IndividualAccessControlHandler.php \Drupal\crm_core_contact\IndividualAccessControlHandler::checkAccess()
  2. 8.2 modules/crm_core_contact/src/IndividualAccessControlHandler.php \Drupal\crm_core_contact\IndividualAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

modules/crm_core_contact/src/IndividualAccessControlHandler.php, line 19

Class

IndividualAccessControlHandler
Access control handler for CRM Core Individual entities.

Namespace

Drupal\crm_core_contact

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  switch ($operation) {
    case 'view':
      return AccessResult::allowedIfHasPermissions($account, [
        'administer crm_core_individual entities',
        'view any crm_core_individual entity',
        'view any crm_core_individual entity of bundle ' . $entity
          ->bundle(),
      ], 'OR');
    case 'update':
      return AccessResult::allowedIfHasPermissions($account, [
        'administer crm_core_individual entities',
        'edit any crm_core_individual entity',
        'edit any crm_core_individual entity of bundle ' . $entity
          ->bundle(),
      ], 'OR');
    case 'delete':
      return AccessResult::allowedIfHasPermissions($account, [
        'administer crm_core_individual entities',
        'delete any crm_core_individual entity',
        'delete any crm_core_individual entity of bundle ' . $entity
          ->bundle(),
      ], 'OR');
    case 'revert':

      // @todo: more fine grained will be adjusting dynamic permission
      // generation for reverting bundles of individuals.
      return AccessResult::allowedIfHasPermissions($account, [
        'administer crm_core_individual entities',
        'revert all crm_core_individual revisions',
      ], 'OR');
  }
}