You are here

user_access_test.module in Drupal 10

Dummy module implementing hook_user_access() to test if entity access is respected.

File

core/modules/user/tests/modules/user_access_test/user_access_test.module
View source
<?php

/**
 * @file
 * Dummy module implementing hook_user_access() to test if entity access is respected.
 */
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Field\FieldItemListInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\user\Entity\User;

/**
 * Implements hook_ENTITY_TYPE_access() for entity type "user".
 */
function user_access_test_user_access(User $entity, $operation, $account) {
  if ($entity
    ->getAccountName() == "no_edit" && $operation == "update") {

    // Deny edit access.
    return AccessResult::forbidden();
  }
  if ($entity
    ->getAccountName() == "no_delete" && $operation == "delete") {

    // Deny delete access.
    return AccessResult::forbidden();
  }

  // Account with role sub-admin can manage users with no roles.
  if (count($entity
    ->getRoles()) == 1) {
    return AccessResult::allowedIfHasPermission($account, 'sub-admin');
  }
  return AccessResult::neutral();
}

/**
 * Implements hook_entity_create_access().
 */
function user_access_test_entity_create_access(AccountInterface $account, array $context, $entity_bundle) {
  if ($context['entity_type_id'] != 'user') {
    return AccessResult::neutral();
  }

  // Account with role sub-admin can create users.
  return AccessResult::allowedIfHasPermission($account, 'sub-admin');
}

/**
 * Implements hook_entity_field_access().
 */
function user_access_test_entity_field_access($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {

  // Account with role sub-admin can view the status, init and mail fields for
  // user with no roles.
  if ($field_definition
    ->getTargetEntityTypeId() == 'user' && $operation === 'view' && in_array($field_definition
    ->getName(), [
    'status',
    'init',
    'mail',
  ])) {
    if ($items == NULL || count($items
      ->getEntity()
      ->getRoles()) == 1) {
      return AccessResult::allowedIfHasPermission($account, 'sub-admin');
    }
  }
  return AccessResult::neutral();
}