public function GroupContentAccessControlHandler::relationAccess in Group 8
Checks access to an operation on the relation.
Parameters
\Drupal\group\Entity\GroupContentInterface $group_content: The group content for which to check access.
string $operation: The operation access should be checked for. Usually one of "view", "update" or "delete".
\Drupal\Core\Session\AccountInterface $account: The user session for which to check access.
bool $return_as_object: (optional) Defaults to FALSE.
Return value
bool|\Drupal\Core\Access\AccessResultInterface The access result. Returns a boolean if $return_as_object is FALSE (this is the default) and otherwise an AccessResultInterface object. When a boolean is returned, the result of AccessInterface::isAllowed() is returned, i.e. TRUE means access is explicitly allowed, FALSE means access is either explicitly forbidden or "no opinion".
Overrides GroupContentAccessControlHandlerInterface::relationAccess
File
- src/
Plugin/ GroupContentAccessControlHandler.php, line 54
Class
- GroupContentAccessControlHandler
- Provides access control for GroupContent entities and grouped entities.
Namespace
Drupal\group\PluginCode
public function relationAccess(GroupContentInterface $group_content, $operation, AccountInterface $account, $return_as_object = FALSE) {
$result = AccessResult::neutral();
// Check if the account is the owner.
$is_owner = $group_content
->getOwnerId() === $account
->id();
// Add in the admin permission and filter out the unsupported permissions.
$permissions = [
$this->permissionProvider
->getAdminPermission(),
];
$permissions[] = $this->permissionProvider
->getPermission($operation, 'relation', 'any');
$own_permission = $this->permissionProvider
->getPermission($operation, 'relation', 'own');
if ($is_owner) {
$permissions[] = $own_permission;
}
$permissions = array_filter($permissions);
// If we still have permissions left, check for access.
if (!empty($permissions)) {
$result = GroupAccessResult::allowedIfHasGroupPermissions($group_content
->getGroup(), $account, $permissions, 'OR');
}
// If there was an owner permission to check, the result needs to vary per
// user. We also need to add the relation as a dependency because if its
// owner changes, someone might suddenly gain or lose access.
if ($own_permission) {
// @todo Not necessary if admin, could boost performance here.
$result
->cachePerUser()
->addCacheableDependency($group_content);
}
return $return_as_object ? $result : $result
->isAllowed();
}