You are here

Home » API reference » Organic groups 8 » OgAccess.php » OgAccess

public function OgAccess::userAccessGroupContentEntityOperation in Organic groups 8

Checks access for entity operations on group content in a specific group.

This checks if the user has permission to perform the requested operation on the given group content entity according to the user's membership status in the given group. It also passes through ::userAccess() to check for any' of the special cases, such as being the root user, having global permission to administer all groups, etc.

The access result can be altered by implementing an event listener for GroupContentEntityOperationAccessEventInterface::EVENT_NAME.

For access to be granted, at least one of the above checks should grant access, and none of the event listeners should deny access. A neutral result is returned only if all checks are neutral or if the passed in entity is not group content.

Parameters

string $operation: The entity operation, such as "create", "update" or "delete".

\Drupal\Core\Entity\EntityInterface $group_entity: The group entity, to retrieve the permissions from.

\Drupal\Core\Entity\EntityInterface $group_content_entity: The group content entity for which access to the entity operation is requested.

\Drupal\Core\Session\AccountInterface|null $user: Optional user for which to check access. If omitted, the currently logged in user will be used.

Return value

\Drupal\Core\Access\AccessResultInterface The access result object.

Overrides OgAccessInterface::userAccessGroupContentEntityOperation

1 call to OgAccess::userAccessGroupContentEntityOperation()
OgAccess::userAccessEntityOperation in src/OgAccess.php
Checks whether a user can perform an operation on a given entity.

File

src/OgAccess.php, line 310

Class

OgAccess
The service that determines if users have access to groups and group content.

Namespace

Drupal\og

Code

public function userAccessGroupContentEntityOperation(string $operation, EntityInterface $group_entity, EntityInterface $group_content_entity, ?AccountInterface $user = NULL) : AccessResultInterface {

  // Default to the current user.
  $user = $user ?: $this->accountProxy
    ->getAccount();
  $event = new GroupContentEntityOperationAccessEvent($operation, $group_entity, $group_content_entity, $user);

  // @todo This doesn't really vary by user but by the user's roles inside of
  //   the group. We should create a cache context for OgRole entities.
  // @see https://github.com/amitaibu/og/issues/219
  $event
    ->addCacheableDependency($group_content_entity);
  if ($user
    ->id() == $this->accountProxy
    ->id()) {
    $event
      ->addCacheContexts([
      'user',
    ]);
  }
  $this->dispatcher
    ->dispatch(GroupContentEntityOperationAccessEvent::EVENT_NAME, $event);
  return $event
    ->getAccessResult();
}