You are here

Home » API reference » GoogleTagManager 8 » ContainerAccessControlHandler.php » ContainerAccessControlHandler

protected function ContainerAccessControlHandler::checkAccess in GoogleTagManager 8

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

src/ContainerAccessControlHandler.php, line 82

Class

ContainerAccessControlHandler
Defines access control for the container configuration entity type.

Namespace

Drupal\google_tag

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  if ($operation != 'view') {
    return parent::checkAccess($entity, $operation, $account);
  }
  if (!$entity
    ->status()) {

    // Deny access to disabled containers.
    return AccessResult::forbidden()
      ->addCacheableDependency($entity);
  }

  // @todo Why is this not default code for an entity that uses the condition
  // plugin interface? Most of it applies generally.
  // Store entity to have access in resolveConditions().

  /** @var \Drupal\google_tag\Entity\Container $entity */
  $this->entity = $entity;
  $conditions = [];
  $missing_context = FALSE;
  $missing_value = FALSE;
  foreach ($entity
    ->getInsertionConditions() as $condition_id => $condition) {
    if ($condition instanceof ContextAwarePluginInterface) {
      try {
        $contexts = $this->contextRepository
          ->getRuntimeContexts(array_values($condition
          ->getContextMapping()));
        $this->contextHandler
          ->applyContextMapping($condition, $contexts);
      } catch (MissingValueContextException $e) {
        $missing_value = TRUE;
      } catch (ContextException $e) {
        $missing_context = TRUE;
      }
    }
    $conditions[$condition_id] = $condition;
  }
  if ($missing_context) {

    // Because cacheable metadata might be missing, forbid cache write.
    $access = AccessResult::forbidden()
      ->setCacheMaxAge(0);
  }
  elseif ($this
    ->resolveConditions($conditions, 'and') !== FALSE) {
    $access = AccessResult::allowed();
  }
  else {
    $reason = count($conditions) > 1 ? "One of the container insertion conditions ('%s') denied access." : "The container insertion condition '%s' denied access.";
    $access = AccessResult::forbidden(sprintf($reason, implode("', '", array_keys($conditions))));
  }
  $this
    ->mergeCacheabilityFromConditions($access, $conditions);

  // Ensure access is re-evaluated when the container changes.
  return $access
    ->addCacheableDependency($entity);
}