You are here

public function GroupRevisionCheck::checkAccess in Group 8

Same name and namespace in other branches
  1. 2.0.x src/Entity/Access/GroupRevisionCheck.php \Drupal\group\Entity\Access\GroupRevisionCheck::checkAccess()

Checks group revision access.

Parameters

\Drupal\group\Entity\GroupInterface $group: The group or group revision to check.

\Drupal\Core\Session\AccountInterface $account: A user object representing the user for whom the operation is to be performed.

string $operation: (optional) The specific operation being checked. Defaults to 'view'.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

1 call to GroupRevisionCheck::checkAccess()
GroupRevisionCheck::access in src/Entity/Access/GroupRevisionCheck.php
Checks routing access for group revision operations.

File

src/Entity/Access/GroupRevisionCheck.php, line 96

Class

GroupRevisionCheck
Checks access to a group revision.

Namespace

Drupal\group\Entity\Access

Code

public function checkAccess(GroupInterface $group, AccountInterface $account, $operation = 'view') {
  $map = [
    'view' => 'view group revisions',
    'update' => 'revert group revisions',
    'delete' => 'delete group revisions',
  ];
  if (!isset($map[$operation])) {
    return AccessResult::neutral();
  }
  $cid = implode(':', [
    $group
      ->getRevisionId(),
    $group
      ->language()
      ->getId(),
    $account
      ->id(),
    $operation,
  ]);
  if (isset($this->accessCache[$cid])) {
    return $this->accessCache[$cid];
  }

  // You cannot manipulate the default revision through the revision UI.
  if ($operation !== 'view' && $group
    ->isDefaultRevision()) {
    $this->accessCache[$cid] = AccessResult::forbidden()
      ->addCacheableDependency($group);
    return $this->accessCache[$cid];
  }

  // You cannot view the default revision through the revision UI if it is
  // the only revision available and the group type is not set to create new
  // revisions. The latter is checked because if it was set, we might allow
  // access so the revisions tab shows up.
  $group_type = $group
    ->getGroupType();
  if ($operation === 'view' && $group
    ->isDefaultRevision() && $this
    ->countDefaultLanguageRevisions($group) === 1 && !$group_type
    ->shouldCreateNewRevision()) {
    $this->accessCache[$cid] = AccessResult::forbidden()
      ->addCacheableDependency($group_type)
      ->addCacheableDependency($group);
    return $this->accessCache[$cid];
  }

  // Perform basic permission checks first and return no-access results.
  $this->accessCache[$cid] = GroupAccessResult::allowedIfHasGroupPermission($group, $account, $map[$operation]);
  if (!$this->accessCache[$cid]
    ->isAllowed()) {
    return $this->accessCache[$cid];
  }

  // Now that the edge cases are out of the way, check for entity access on
  // both the default revision and the passed in revision (if any).
  $entity_access = $group
    ->access($operation, $account, TRUE);
  if (!$group
    ->isDefaultRevision()) {
    $default_revision = $this->entityTypeManager
      ->getStorage('group')
      ->load($group
      ->id());
    $entity_access = $entity_access
      ->andIf($default_revision
      ->access($operation, $account, TRUE));
  }
  $this->accessCache[$cid] = $this->accessCache[$cid]
    ->andIf($entity_access);

  // Because of the group type checks above when dealing with the 'view'
  // operation, we must add the group type as a cacheable dependency so we can
  // return a different result in case shouldCreateNewRevision() changes.
  if ($operation === 'view') {
    $this->accessCache[$cid] = $this->accessCache[$cid]
      ->addCacheableDependency($group_type);
  }
  return $this->accessCache[$cid];
}