You are here

public function UserController::accessCollectedData in General Data Protection Regulation 3.0.x

Same name and namespace in other branches
  1. 8.2 src/Controller/UserController.php \Drupal\gdpr\Controller\UserController::accessCollectedData()
  2. 8 src/Controller/UserController.php \Drupal\gdpr\Controller\UserController::accessCollectedData()

Access check for the route.

Parameters

\Drupal\user\UserInterface $user: The given user.

Return value

\Drupal\Core\Access\AccessResultInterface The result.

1 string reference to 'UserController::accessCollectedData'
gdpr.routing.yml in ./gdpr.routing.yml
gdpr.routing.yml

File

src/Controller/UserController.php, line 53

Class

UserController
Class UserController.

Namespace

Drupal\gdpr\Controller

Code

public function accessCollectedData(UserInterface $user) {

  // Must have the appropriate permission to access the page.
  // This allows site admins to completely disable the View My Data page.
  if (!$this
    ->currentUser()
    ->hasPermission('view gdpr data summary')) {
    return AccessResult::forbidden();
  }

  // If access to the page is enabled, only show the tab if we're viewing our
  // OWN profile or we're a GDPR admin.
  if ($this
    ->currentUser()
    ->hasPermission('administer gdpr settings')) {
    return AccessResult::allowed();
  }
  if ((int) $user
    ->id() === (int) $this
    ->currentUser()
    ->id()) {
    return AccessResult::allowed();
  }
  return AccessResult::forbidden();
}