You are here

public function OgAccess::userAccessEntity in Organic groups 8

Determines whether a user has a group permission in a given entity.

This does an exhaustive, but slow, check to discover whether access can be granted and works both on groups and group content. It will iterate over all groups that are associated with the entity and do a permission check on each group. If a passed in entity is both a group and group content, it will return a positive result if the user has the requested permission in either the entity itself or its parent group(s).

For access to be granted, at least one of the groups with which the entity is associated should allow access, and none of the associated groups should deny access. Access is denied if one or more groups deny access, regardless of how many groups grant access. A neutral result is returned if the passed in entity is not associated with any groups, or if all the associated groups return a neutral result.

In case you know the specific group you want to check access for then it is recommended to use the faster ::userAccess().

Parameters

string $permission: The name of the OG permission being checked. This includes both group level permissions such as 'subscribe without approval' and group content entity operation permissions such as 'edit own article content'.

\Drupal\Core\Entity\EntityInterface $entity: The entity object. This can be either a group or group content entity.

\Drupal\Core\Session\AccountInterface|null $user: (optional) The user object. If empty the current user will be used.

Return value

\Drupal\Core\Access\AccessResultInterface An access result object.

Overrides OgAccessInterface::userAccessEntity

See also

\Drupal\og\userAccess();

File

src/OgAccess.php, line 226

Class

OgAccess
The service that determines if users have access to groups and group content.

Namespace

Drupal\og

Code

public function userAccessEntity(string $permission, EntityInterface $entity, ?AccountInterface $user = NULL) : AccessResultInterface {
  $result = AccessResult::neutral();
  $entity_type = $entity
    ->getEntityType();
  $entity_type_id = $entity_type
    ->id();
  $bundle = $entity
    ->bundle();
  if ($this->groupTypeManager
    ->isGroup($entity_type_id, $bundle)) {

    // An entity can be a group and group content in the same time. If the
    // group returns a neutral result the user still might have access to
    // the permission in group content context. So if we get a neutral result
    // we will continue with the group content access check below.
    $result = $this
      ->userAccess($entity, $permission, $user);
    if (!$result
      ->isNeutral()) {
      return $result;
    }
  }
  if ($this->groupTypeManager
    ->isGroupContent($entity_type_id, $bundle)) {
    $result
      ->addCacheTags($entity_type
      ->getListCacheTags());

    // The entity might be a user or a non-user entity.
    $groups = $entity instanceof UserInterface ? $this->membershipManager
      ->getUserGroups($entity
      ->id()) : $this->membershipManager
      ->getGroups($entity);
    if ($groups) {
      foreach ($groups as $entity_groups) {
        foreach ($entity_groups as $group) {
          $result = $result
            ->orIf($this
            ->userAccess($group, $permission, $user));
        }
      }
    }
  }
  return $result;
}