You are here

Home » API reference » Organic groups 8 » og.module

function og_entity_access in Organic groups 8

Implements hook_entity_access().

4 calls to og_entity_access()
AccessByOgMembershipTest::testEntityOperationAccess in tests/src/Kernel/Access/AccessByOgMembershipTest.php
Tests access to entity operations through the access hook.
OgAccessHookTest::testEntityOperationAccess in tests/src/Kernel/Access/OgAccessHookTest.php
Tests access to entity operations through the access hook.
OgAccessHookTest::testGetEntityGroups in tests/src/Unit/OgAccessHookTest.php
Tests that an administrator with 'administer group' permission has access.
OgAccessHookTest::testNotContentEntity in tests/src/Unit/OgAccessHookTest.php
Tests that an entity which is not a group or group content is ignored.

File

./og.module, line 123

Code

function og_entity_access(EntityInterface $entity, $operation, AccountInterface $account) {

  // Grant access to view roles, so that they can be shown in listings.
  if ($entity instanceof OgRoleInterface && $operation == 'view') {
    return AccessResult::allowed();
  }

  // We only care about content entities that are groups or group content.
  if (!$entity instanceof ContentEntityInterface) {
    return AccessResult::neutral();
  }
  if ($operation == 'view') {
    return AccessResult::neutral();
  }
  $entity_type_id = $entity
    ->getEntityTypeId();
  $bundle_id = $entity
    ->bundle();
  $is_group_content = Og::isGroupContent($entity_type_id, $bundle_id);

  // If the entity is neither a group or group content, then we have no opinion.
  if (!Og::isGroup($entity_type_id, $bundle_id) && !$is_group_content) {
    return AccessResult::neutral();
  }

  // If the entity type is a group content type, but the entity is not
  // associated with any groups, we have no opinion.
  if ($is_group_content && \Drupal::service('og.membership_manager')
    ->getGroupCount($entity) === 0) {
    return AccessResult::neutral();
  }

  // If the user has the global permission to administer all groups, allow
  // access.
  if ($account
    ->hasPermission('administer organic groups')) {
    return AccessResult::allowed();
  }

  /** @var \Drupal\Core\Access\AccessResult $access */
  $access = \Drupal::service('og.access')
    ->userAccessEntityOperation($operation, $entity, $account);
  if ($access
    ->isAllowed()) {
    return $access;
  }
  if ($entity_type_id == 'node') {
    $node_access_strict = \Drupal::config('og.settings')
      ->get('node_access_strict');

    // Otherwise, ignore or deny based on whether strict node access is set.
    return AccessResult::forbiddenIf($node_access_strict);
  }
  return AccessResult::forbidden();
}