You are here

public function ContactPageAccess::access in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/contact/src/Access/ContactPageAccess.php \Drupal\contact\Access\ContactPageAccess::access()
  2. 9 core/modules/contact/src/Access/ContactPageAccess.php \Drupal\contact\Access\ContactPageAccess::access()

Checks access to the given user's contact page.

Parameters

\Drupal\user\UserInterface $user: The user being contacted.

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

File

core/modules/contact/src/Access/ContactPageAccess.php, line 55

Class

ContactPageAccess
Access check for contact_personal_page route.

Namespace

Drupal\contact\Access

Code

public function access(UserInterface $user, AccountInterface $account) {
  $contact_account = $user;

  // Anonymous users cannot have contact forms.
  if ($contact_account
    ->isAnonymous()) {
    return AccessResult::forbidden();
  }

  // Users may not contact themselves by default, hence this requires user
  // granularity for caching.
  $access = AccessResult::neutral()
    ->cachePerUser();
  if ($account
    ->id() == $contact_account
    ->id()) {
    return $access;
  }

  // User administrators should always have access to personal contact forms.
  $permission_access = AccessResult::allowedIfHasPermission($account, 'administer users');
  if ($permission_access
    ->isAllowed()) {
    return $access
      ->orIf($permission_access);
  }

  // If requested user has been blocked, do not allow users to contact them.
  $access
    ->addCacheableDependency($contact_account);
  if ($contact_account
    ->isBlocked()) {
    return $access;
  }

  // Forbid access if the requested user has disabled their contact form.
  $account_data = $this->userData
    ->get('contact', $contact_account
    ->id(), 'enabled');
  if (isset($account_data) && !$account_data) {
    return $access;
  }

  // If the requested user did not save a preference yet, deny access if the
  // configured default is disabled.
  $contact_settings = $this->configFactory
    ->get('contact.settings');
  $access
    ->addCacheableDependency($contact_settings);
  if (!isset($account_data) && !$contact_settings
    ->get('user_default_enabled')) {
    return $access;
  }
  return $access
    ->orIf(AccessResult::allowedIfHasPermission($account, 'access user contact forms'));
}