trait AccessControlTrait in Group 2.0.x
Trait for group relation permission providers.
This trait takes care of common logic for permission providers. Please make sure your handler service asks for the entity_type.manager service and sets to the $this->entityTypeManager property in its constructor.
Hierarchy
- trait \Drupal\group\Plugin\Group\RelationHandler\AccessControlTrait uses RelationHandlerTrait
1 file declares its use of AccessControlTrait
- AccessControl.php in src/
Plugin/ Group/ RelationHandlerDefault/ AccessControl.php
File
- src/
Plugin/ Group/ RelationHandler/ AccessControlTrait.php, line 19
Namespace
Drupal\group\Plugin\Group\RelationHandlerView source
trait AccessControlTrait {
use RelationHandlerTrait {
init as traitInit;
}
/**
* The plugin's permission provider.
*
* @var \Drupal\group\Plugin\Group\RelationHandler\PermissionProviderInterface
*/
protected $permissionProvider;
/**
* {@inheritdoc}
*/
public function init($plugin_id, array $definition) {
$this
->traitInit($plugin_id, $definition);
$this->permissionProvider = $this
->groupRelationManager()
->getPermissionProvider($plugin_id);
}
/**
* {@inheritdoc}
*/
public function relationAccess(GroupContentInterface $group_content, $operation, AccountInterface $account, $return_as_object = FALSE) {
if (!isset($this->parent)) {
throw new \LogicException('Using AccessControlTrait without assigning a parent or overwriting the methods.');
}
return $this->parent
->relationAccess($group_content, $operation, $account, $return_as_object);
}
/**
* {@inheritdoc}
*/
public function relationCreateAccess(GroupInterface $group, AccountInterface $account, $return_as_object = FALSE) {
if (!isset($this->parent)) {
throw new \LogicException('Using AccessControlTrait without assigning a parent or overwriting the methods.');
}
return $this->parent
->relationCreateAccess($group, $account, $return_as_object);
}
/**
* {@inheritdoc}
*/
public function entityAccess(EntityInterface $entity, $operation, AccountInterface $account, $return_as_object = FALSE) {
if (!isset($this->parent)) {
throw new \LogicException('Using AccessControlTrait without assigning a parent or overwriting the methods.');
}
return $this->parent
->entityAccess($entity, $operation, $account, $return_as_object);
}
/**
* {@inheritdoc}
*/
public function entityCreateAccess(GroupInterface $group, AccountInterface $account, $return_as_object = FALSE) {
if (!isset($this->parent)) {
throw new \LogicException('Using AccessControlTrait without assigning a parent or overwriting the methods.');
}
return $this->parent
->entityCreateAccess($group, $account, $return_as_object);
}
/**
* Checks the provided permission alongside the admin permission.
*
* Important: Only one permission needs to match.
*
* @param \Drupal\group\Entity\GroupInterface $group
* The group to check for access.
* @param \Drupal\Core\Session\AccountInterface $account
* The user for which to check access.
* @param string $permission
* The names of the permission to check for.
* @param bool $return_as_object
* Whether to return the result as an object or boolean.
*
* @return bool|\Drupal\Core\Access\AccessResult
* The access result. Returns a boolean if $return_as_object is FALSE (this
* is the default) and otherwise an AccessResultInterface object.
* When a boolean is returned, the result of AccessInterface::isAllowed() is
* returned, i.e. TRUE means access is explicitly allowed, FALSE means
* access is either explicitly forbidden or "no opinion".
*/
protected function combinedPermissionCheck(GroupInterface $group, AccountInterface $account, $permission, $return_as_object) {
$result = AccessResult::neutral();
// Add in the admin permission and filter out the unsupported permissions.
$permissions = [
$permission,
$this->permissionProvider
->getAdminPermission(),
];
$permissions = array_filter($permissions);
// If we still have permissions left, check for access.
if (!empty($permissions)) {
$result = GroupAccessResult::allowedIfHasGroupPermissions($group, $account, $permissions, 'OR');
}
return $return_as_object ? $result : $result
->isAllowed();
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
AccessControlTrait:: |
protected | property | The plugin's permission provider. | |
AccessControlTrait:: |
protected | function | Checks the provided permission alongside the admin permission. | |
AccessControlTrait:: |
public | function | 1 | |
AccessControlTrait:: |
public | function | 1 | |
AccessControlTrait:: |
public | function | ||
AccessControlTrait:: |
public | function | 1 | |
AccessControlTrait:: |
public | function | 1 | |
RelationHandlerTrait:: |
protected | property | The plugin definition. | |
RelationHandlerTrait:: |
protected | property | The entity type manager. | |
RelationHandlerTrait:: |
protected | property | The group relation manager. | |
RelationHandlerTrait:: |
protected | property | The parent relation handler in the decorator chain. | |
RelationHandlerTrait:: |
protected | property | The plugin ID as read from the definition. | |
RelationHandlerTrait:: |
protected | function | Gets the entity type manager service. | |
RelationHandlerTrait:: |
protected | function | Gets the group relation manager service. | |
RelationHandlerTrait:: |
public | function | Aliased as: traitInit |