You are here

Home » API reference » Field Permissions 8 » CustomAccess.php

class CustomAccess in Field Permissions 8

Same name and namespace in other branches
  1. 8.2 src/Plugin/FieldPermissionType/CustomAccess.php \Drupal\field_permissions\Plugin\FieldPermissionType\CustomAccess

Defines custom access for fields.

Plugin annotation


@FieldPermissionType(
  id = "custom",
  title = @Translation("Custom permissions"),
  description = @Translation("Define custom permissions for this field."),
  weight = 50
)

Hierarchy

Expanded class hierarchy of CustomAccess

1 file declares its use of CustomAccess
CustomAccessTest.php in tests/src/Unit/Plugin/FieldPermissionType/CustomAccessTest.php

File

src/Plugin/FieldPermissionType/CustomAccess.php, line 25

Namespace

Drupal\field_permissions\Plugin\FieldPermissionType
View source 
class CustomAccess extends Base implements CustomPermissionsInterface, AdminFormSettingsInterface {

  /**
   * {@inheritdoc}
   */
  public function hasFieldAccess($operation, EntityInterface $entity, AccountInterface $account) {
    assert(in_array($operation, [
      "edit",
      "view",
    ]), 'The operation is either "edit" or "view", "' . $operation . '" given instead.');
    $field_name = $this->fieldStorage
      ->getName();
    if ($operation === 'edit' && $entity
      ->isNew()) {
      return $account
        ->hasPermission('create ' . $field_name);
    }
    if ($account
      ->hasPermission($operation . ' ' . $field_name)) {
      return TRUE;
    }
    else {

      // User entities don't implement `EntityOwnerInterface`.
      if ($entity instanceof UserInterface) {
        return $entity
          ->id() == $account
          ->id() && $account
          ->hasPermission($operation . ' own ' . $field_name);
      }
      elseif ($entity instanceof EntityOwnerInterface) {
        return $entity
          ->getOwnerId() == $account
          ->id() && $account
          ->hasPermission($operation . ' own ' . $field_name);
      }
    }

    // Default to deny since access can be explicitly granted (edit field_name),
    // even if this entity type doesn't implement the EntityOwnerInterface.
    return FALSE;
  }

  /**
   * {@inheritdoc}
   */
  public function hasFieldViewAccessForEveryEntity(AccountInterface $account) {
    $field_name = $this->fieldStorage
      ->getName();
    return $account
      ->hasPermission('view ' . $field_name);
  }

  /**
   * {@inheritdoc}
   */
  public function buildAdminForm(array &$form, FormStateInterface $form_state, RoleStorageInterface $role_storage) {
    $this
      ->addPermissionsGrid($form, $form_state, $role_storage);

    // Only display the permissions matrix if this type is selected.
    $form['#attached']['library'][] = 'field_permissions/field_permissions';
  }

  /**
   * {@inheritdoc}
   */
  public function submitAdminForm(array &$form, FormStateInterface $form_state, RoleStorageInterface $role_storage) {
    $custom_permissions = $form_state
      ->getValue('permissions');

    /** @var \Drupal\user\RoleInterface[] $roles */
    $roles = [];
    foreach ($custom_permissions as $permission_name => $field_perm) {
      foreach ($field_perm as $role_name => $role_permission) {
        $roles[$role_name] = $role_storage
          ->load($role_name);

        // If using this plugin, set permissions to the value submitted in the
        // form. Otherwise remove all permissions as they will no longer exist.
        $role_permission = $form_state
          ->getValue('type') === $this
          ->getPluginId() ? $role_permission : FALSE;
        if ($role_permission) {
          $roles[$role_name]
            ->grantPermission($permission_name);
        }
        else {
          $roles[$role_name]
            ->revokePermission($permission_name);
        }
      }
    }

    // Save all roles.
    foreach ($roles as $role) {
      $role
        ->trustData()
        ->save();
    }
  }

  /**
   * {@inheritdoc}
   */
  public function getPermissions() {
    $permissions = [];
    $field_name = $this->fieldStorage
      ->getName();
    $permission_list = FieldPermissionsService::getList($field_name);
    $perms_name = array_keys($permission_list);
    foreach ($perms_name as $perm_name) {
      $name = $perm_name . ' ' . $field_name;
      $permissions[$name] = $permission_list[$perm_name];
    }
    return $permissions;
  }

  /**
   * Attach a permissions grid to the field edit form.
   *
   * @param array $form
   *   The form array.
   * @param \Drupal\Core\Form\FormStateInterface $form_state
   *   The form state object.
   * @param \Drupal\user\RoleStorageInterface $role_storage
   *   The user role storage.
   */
  protected function addPermissionsGrid(array &$form, FormStateInterface $form_state, RoleStorageInterface $role_storage) {

    /** @var \Drupal\user\RoleInterface[] $roles */
    $roles = $role_storage
      ->loadMultiple();
    $permissions = $this
      ->getPermissions();
    $options = array_keys($permissions);

    // The permissions table.
    $form['permissions'] = [
      '#type' => 'table',
      '#header' => [
        $this
          ->t('Permission'),
      ],
      '#id' => 'permissions',
      '#attributes' => [
        'class' => [
          'permissions',
          'js-permissions',
        ],
      ],
      '#sticky' => TRUE,
    ];
    foreach ($roles as $role) {
      $form['permissions']['#header'][] = [
        'data' => $role
          ->label(),
        'class' => [
          'checkbox',
        ],
      ];
    }

    // @todo Remove call to global service.
    $test = \Drupal::service('field_permissions.permissions_service')
      ->getPermissionsByRole();
    foreach ($permissions as $provider => $permission) {
      $form['permissions'][$provider]['description'] = [
        '#type' => 'inline_template',
        '#template' => '<div class="permission"><span class="title">{{ title }}</span>{% if description or warning %}<div class="description">{% if warning %}<em class="permission-warning">{{ warning }}</em> {% endif %}{{ description }}</div>{% endif %}</div>',
        '#context' => [
          'title' => $permission["title"],
        ],
      ];
      $options[$provider] = '';
      foreach ($roles as $name => $role) {
        $form['permissions'][$provider][$name] = [
          '#title' => $name . ': ' . $permission["title"],
          '#title_display' => 'invisible',
          '#type' => 'checkbox',
          '#attributes' => [
            'class' => [
              'rid-' . $name,
              'js-rid-' . $name,
            ],
          ],
          '#wrapper_attributes' => [
            'class' => [
              'checkbox',
            ],
          ],
        ];
        if (!empty($test[$name]) && in_array($provider, $test[$name])) {
          $form['permissions'][$provider][$name]['#default_value'] = in_array($provider, $test[$name]);
        }
        if ($role
          ->isAdmin()) {
          $form['permissions'][$provider][$name]['#disabled'] = TRUE;
          $form['permissions'][$provider][$name]['#default_value'] = TRUE;
        }
      }
    }

    // Attach the Drupal user permissions library.
    $form['#attached']['library'][] = 'user/drupal.user.permissions';
  }

}

Members

Namesort descending Modifiers Type Description Overrides
Base::$fieldStorage protected property The field storage.
Base::create public static function Creates an instance of the plugin. Overrides ContainerFactoryPluginInterface::create
Base::getDescription public function The permission type description. Overrides FieldPermissionTypeInterface::getDescription
Base::getLabel public function The permission type label. Overrides FieldPermissionTypeInterface::getLabel
Base::__construct public function Constructs the plugin. Overrides PluginBase::__construct
CustomAccess::addPermissionsGrid protected function Attach a permissions grid to the field edit form.
CustomAccess::buildAdminForm public function Build or alter the field admin form. Overrides AdminFormSettingsInterface::buildAdminForm
CustomAccess::getPermissions public function Returns an array of permissions suitable for use in a permission callback. Overrides CustomPermissionsInterface::getPermissions
CustomAccess::hasFieldAccess public function Determine if access to the field is granted for a given account. Overrides FieldPermissionTypeInterface::hasFieldAccess
CustomAccess::hasFieldViewAccessForEveryEntity public function Determines if the given account may view the field, regardless of entity. Overrides Base::hasFieldViewAccessForEveryEntity
CustomAccess::submitAdminForm public function Allows the plugin to react to the field settings form submission. Overrides AdminFormSettingsInterface::submitAdminForm
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
FieldPermissionTypeInterface::ACCESS_CUSTOM constant Indicates that a field is using the custom permission type.
FieldPermissionTypeInterface::ACCESS_PRIVATE constant Indicates that a field is using the private access permission type.
FieldPermissionTypeInterface::ACCESS_PUBLIC constant Indicates that a field does not have field-specific access control.
MessengerTrait::$messenger protected property The messenger. 29
MessengerTrait::messenger public function Gets the messenger. 29
MessengerTrait::setMessenger public function Sets the messenger.
PluginBase::$configuration protected property Configuration information passed into the plugin. 1
PluginBase::$pluginDefinition protected property The plugin implementation definition. 1
PluginBase::$pluginId protected property The plugin_id.
PluginBase::DERIVATIVE_SEPARATOR constant A string which is used to separate base plugin IDs from the derivative ID.
PluginBase::getBaseId public function Gets the base_plugin_id of the plugin instance. Overrides DerivativeInspectionInterface::getBaseId
PluginBase::getDerivativeId public function Gets the derivative_id of the plugin instance. Overrides DerivativeInspectionInterface::getDerivativeId
PluginBase::getPluginDefinition public function Gets the definition of the plugin implementation. Overrides PluginInspectionInterface::getPluginDefinition 3
PluginBase::getPluginId public function Gets the plugin_id of the plugin instance. Overrides PluginInspectionInterface::getPluginId
PluginBase::isConfigurable public function Determines if the plugin is configurable.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.