You are here

class ILTAccessControlHandler in Opigno Instructor-led Trainings 3.x

Same name and namespace in other branches
  1. 8 src/ILTAccessControlHandler.php \Drupal\opigno_ilt\ILTAccessControlHandler

Access controller for the opigno_ilt entity.

Hierarchy

Expanded class hierarchy of ILTAccessControlHandler

See also

\Drupal\opigno_ilt\Entity\ILT.

File

src/ILTAccessControlHandler.php, line 15

Namespace

Drupal\opigno_ilt
View source
class ILTAccessControlHandler extends EntityAccessControlHandler {

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    if ($account
      ->hasPermission('manage group content in any group')) {
      return AccessResult::allowed();
    }

    /** @var \Drupal\opigno_ilt\ILTInterface $entity */
    switch ($operation) {
      case 'view':

        // Allow view access if user is a platform-level student manager.
        if ($account
          ->hasPermission('manage group members in any group')) {
          return AccessResult::allowed();
        }

        // Allow view access if user is a group-level student manager.
        $training = $entity
          ->getTraining();
        if (isset($training) && $training
          ->hasPermission('score ilt entities', $account)) {
          return AccessResult::allowed();
        }
        $members = $entity
          ->getMembersIds();
        if (!empty($members)) {

          // Deny access if the ILT has a members restriction
          // and the user is not a member of the ILT.
          if (!in_array($account
            ->id(), $members)) {
            return AccessResult::forbidden();
          }
        }
        else {

          // Deny access if the ILT hasn't a members restricton
          // and the user is not a member of the related training.
          $training = $entity
            ->getTraining();
          if (isset($training) && $training
            ->getMember($account) === FALSE) {
            return AccessResult::forbidden();
          }
        }
        return AccessResult::allowedIfHasPermission($account, 'view ilt entities');
      case 'edit':
        if ($entity
          ->getOwnerId() === $account
          ->id()) {

          // Allow users to edit its own content.
          return AccessResult::allowed();
        }
        return AccessResult::allowedIfHasPermission($account, 'edit ilt entities');
      case 'delete':
        if ($entity
          ->getOwnerId() === $account
          ->id()) {

          // Allow users to delete its own content.
          return AccessResult::allowed();
        }
        return AccessResult::allowedIfHasPermission($account, 'delete ilt entities');
      case 'score':
        $training = $entity
          ->getTraining();
        if (isset($training) && $training
          ->hasPermission('score ilt entities', $account)) {
          return AccessResult::allowed();
        }
        return AccessResult::allowedIfHasPermission($account, 'score ilt entities');
    }
    return AccessResult::neutral();
  }

  /**
   * {@inheritdoc}
   */
  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {

    // Allow view access if user is a group-level student manager.
    if ($account
      ->hasPermission('manage group content in any group')) {
      return AccessResult::allowed();
    }
    return AccessResult::allowedIfHasPermission($account, 'add ilt entities');
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property
DependencySerializationTrait::$_serviceIds protected property
DependencySerializationTrait::__sleep public function 2
DependencySerializationTrait::__wakeup public function 2
EntityAccessControlHandler::$accessCache protected property Stores calculated access check results.
EntityAccessControlHandler::$entityType protected property Information about the entity type.
EntityAccessControlHandler::$entityTypeId protected property The entity type ID of the access control handler instance.
EntityAccessControlHandler::$viewLabelOperation protected property Allows to grant access to just the labels. 5
EntityAccessControlHandler::access public function Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface::access 1
EntityAccessControlHandler::checkFieldAccess protected function Default field access as determined by this access control handler. 4
EntityAccessControlHandler::createAccess public function Checks access to create an entity. Overrides EntityAccessControlHandlerInterface::createAccess 1
EntityAccessControlHandler::fieldAccess public function Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface::fieldAccess
EntityAccessControlHandler::getCache protected function Tries to retrieve a previously cached access value from the static cache.
EntityAccessControlHandler::prepareUser protected function Loads the current account object, if it does not exist yet.
EntityAccessControlHandler::processAccessHookResults protected function We grant access to the entity if both of these conditions are met:
EntityAccessControlHandler::resetCache public function Clears all cached access checks. Overrides EntityAccessControlHandlerInterface::resetCache
EntityAccessControlHandler::setCache protected function Statically caches whether the given user has access.
EntityAccessControlHandler::__construct public function Constructs an access control handler instance. 6
EntityHandlerBase::$moduleHandler protected property The module handler to invoke hooks on. 5
EntityHandlerBase::moduleHandler protected function Gets the module handler. 5
EntityHandlerBase::setModuleHandler public function Sets the module handler for this handler.
ILTAccessControlHandler::checkAccess protected function Performs access checks. Overrides EntityAccessControlHandler::checkAccess
ILTAccessControlHandler::checkCreateAccess protected function Performs create access checks. Overrides EntityAccessControlHandler::checkCreateAccess
StringTranslationTrait::$stringTranslation protected property The string translation service. 4
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.