public function DomainAccessControlHandler::checkAccess in Domain Access 8
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides EntityAccessControlHandler::checkAccess
1 method overrides DomainAccessControlHandler::checkAccess()
- DomainAliasAccessControlHandler::checkAccess in domain_alias/
src/ DomainAliasAccessControlHandler.php - Performs access checks.
File
- domain/
src/ DomainAccessControlHandler.php, line 78
Class
- DomainAccessControlHandler
- Defines the access controller for the domain entity type.
Namespace
Drupal\domainCode
public function checkAccess(EntityInterface $entity, $operation, AccountInterface $account = NULL) {
$account = $this
->prepareUser($account);
// Check the global permission.
if ($account
->hasPermission('administer domains')) {
return AccessResult::allowed();
}
// For view, we allow admins unless the domain is inactive.
$is_admin = $this
->isDomainAdmin($entity, $account);
if ($operation == 'view' && ($entity
->status() || $account
->hasPermission('access inactive domains')) && ($is_admin || $account
->hasPermission('view domain list'))) {
return AccessResult::allowed();
}
// For other operations, check that the user is a domain admin.
if ($operation == 'update' && $account
->hasPermission('edit assigned domains') && $is_admin) {
return AccessResult::allowed();
}
if ($operation == 'delete' && $account
->hasPermission('delete assigned domains') && $is_admin) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
}