EntityRevisionRouteAccessChecker.php in Entity API 8

<?php

namespace Drupal\entity\Access;

use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\ContentEntityInterface;
use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Routing\Access\AccessInterface;
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\Core\Session\AccountInterface;
use Symfony\Component\Routing\Route;

/**
 * Checks access to a entity revision.
 */
class EntityRevisionRouteAccessChecker implements AccessInterface {

  /**
   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
   */
  protected $entityTypeManager;

  /**
   * Stores calculated access check results.
   *
   * @var array
   */
  protected $accessCache = [];

  /**
   * The currently active route match object.
   *
   * @var \Drupal\Core\Routing\RouteMatchInterface
   */
  protected $routeMatch;

  /**
   * Creates a new EntityRevisionRouteAccessChecker instance.
   *
   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
   *   The entity manager.
   * @param \Drupal\Core\Routing\RouteMatchInterface $route_match
   *   The currently active route match object.
   */
  public function __construct(EntityTypeManagerInterface $entity_type_manager, RouteMatchInterface $route_match) {
    $this->entityTypeManager = $entity_type_manager;
    $this->routeMatch = $route_match;
  }

  /**
   * {@inheritdoc}
   */
  public function access(Route $route, AccountInterface $account, RouteMatchInterface $route_match = NULL) {
    if (empty($route_match)) {
      $route_match = $this->routeMatch;
    }
    $operation = $route
      ->getRequirement('_entity_access_revision');
    list($entity_type_id, $operation) = explode('.', $operation, 2);
    if ($operation === 'list') {
      $_entity = $route_match
        ->getParameter($entity_type_id);
      return AccessResult::allowedIf($this
        ->checkAccess($_entity, $account, $operation))
        ->cachePerPermissions();
    }
    else {
      $_entity_revision = $route_match
        ->getParameter($entity_type_id . '_revision');
      return AccessResult::allowedIf($_entity_revision && $this
        ->checkAccess($_entity_revision, $account, $operation))
        ->cachePerPermissions();
    }
  }

  /**
   * Performs access checks.
   *
   * @param \Drupal\Core\Entity\ContentEntityInterface $entity
   *   The entity for which to check access.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user for which to check access.
   * @param string $operation
   *   The entity operation. Usually one of 'view', 'view label', 'update' or
   *   'delete'.
   *
   * @return bool
   *   The access result.
   */
  protected function checkAccess(ContentEntityInterface $entity, AccountInterface $account, $operation = 'view') {
    $entity_type = $entity
      ->getEntityType();
    $entity_type_id = $entity
      ->getEntityTypeId();
    $entity_access = $this->entityTypeManager
      ->getAccessControlHandler($entity_type_id);

    /** @var \Drupal\Core\Entity\EntityStorageInterface $entity_storage */
    $entity_storage = $this->entityTypeManager
      ->getStorage($entity_type_id);
    $map = [
      'view' => "view all {$entity_type_id} revisions",
      'list' => "view all {$entity_type_id} revisions",
      'update' => "revert all {$entity_type_id} revisions",
      'delete' => "delete all {$entity_type_id} revisions",
    ];
    $bundle = $entity
      ->bundle();
    $type_map = [
      'view' => "view {$entity_type_id} {$bundle} revisions",
      'list' => "view {$entity_type_id} {$bundle} revisions",
      'update' => "revert {$entity_type_id} {$bundle} revisions",
      'delete' => "delete {$entity_type_id} {$bundle} revisions",
    ];
    if (!$entity || !isset($map[$operation]) || !isset($type_map[$operation])) {

      // If there was no node to check against, or the $op was not one of the
      // supported ones, we return access denied.
      return FALSE;
    }

    // Statically cache access by revision ID, language code, user account ID,
    // and operation.
    $langcode = $entity
      ->language()
      ->getId();
    $cid = $entity
      ->getRevisionId() . ':' . $langcode . ':' . $account
      ->id() . ':' . $operation;
    if (!isset($this->accessCache[$cid])) {
      $admin_permission = $entity_type
        ->getAdminPermission();

      // Perform basic permission checks first.
      if (!$account
        ->hasPermission($map[$operation]) && !$account
        ->hasPermission($type_map[$operation]) && ($admin_permission && !$account
        ->hasPermission($admin_permission))) {
        $this->accessCache[$cid] = FALSE;
        return FALSE;
      }
      if (($admin_permission = $entity_type
        ->getAdminPermission()) && $account
        ->hasPermission($admin_permission)) {
        $this->accessCache[$cid] = TRUE;
      }
      else {

        // Entity access handlers are generally not aware of the "list" operation.
        $operation = $operation == 'list' ? 'view' : $operation;

        // First check the access to the default revision and finally, if the
        // node passed in is not the default revision then access to that, too.
        $this->accessCache[$cid] = $entity_access
          ->access($entity_storage
          ->load($entity
          ->id()), $operation, $account) && ($entity
          ->isDefaultRevision() || $entity_access
          ->access($entity, $operation, $account));
      }
    }
    return $this->accessCache[$cid];
  }

  /**
   * Counts the number of revisions in the default language.
   *
   * @param \Drupal\Core\Entity\ContentEntityInterface $entity
   *   The entity.
   * @param \Drupal\Core\Entity\EntityStorageInterface $entity_storage
   *   The entity storage.
   *
   * @return int
   *   The number of revisions in the default language.
   */
  protected function countDefaultLanguageRevisions(ContentEntityInterface $entity, EntityStorageInterface $entity_storage) {
    $entity_type = $entity
      ->getEntityType();
    $count = $entity_storage
      ->getQuery()
      ->allRevisions()
      ->condition($entity_type
      ->getKey('id'), $entity
      ->id())
      ->condition($entity_type
      ->getKey('default_langcode'), 1)
      ->count()
      ->execute();
    return $count;
  }

  /**
   * Resets the access cache.
   *
   * @return $this
   */
  public function resetAccessCache() {
    $this->accessCache = [];
    return $this;
  }

}