You are here

protected function ILTAccessControlHandler::checkAccess in Opigno Instructor-led Trainings 8

Same name and namespace in other branches
  1. 3.x src/ILTAccessControlHandler.php \Drupal\opigno_ilt\ILTAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

src/ILTAccessControlHandler.php, line 20

Class

ILTAccessControlHandler
Access controller for the opigno_ilt entity.

Namespace

Drupal\opigno_ilt

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  if ($account
    ->hasPermission('manage group content in any group')) {
    return AccessResult::allowed();
  }

  /** @var \Drupal\opigno_ilt\ILTInterface $entity */
  switch ($operation) {
    case 'view':

      // Allow view access if user is a platform-level student manager.
      if ($account
        ->hasPermission('manage group members in any group')) {
        return AccessResult::allowed();
      }

      // Allow view access if user is a group-level student manager.
      $training = $entity
        ->getTraining();
      if (isset($training) && $training
        ->hasPermission('score ilt entities', $account)) {
        return AccessResult::allowed();
      }
      $members = $entity
        ->getMembersIds();
      if (!empty($members)) {

        // Deny access if the ILT has a members restriction
        // and the user is not a member of the ILT.
        if (!in_array($account
          ->id(), $members)) {
          return AccessResult::forbidden();
        }
      }
      else {

        // Deny access if the ILT hasn't a members restricton
        // and the user is not a member of the related training.
        $training = $entity
          ->getTraining();
        if (isset($training) && $training
          ->getMember($account) === FALSE) {
          return AccessResult::forbidden();
        }
      }
      return AccessResult::allowedIfHasPermission($account, 'view ilt entities');
    case 'edit':
      if ($entity
        ->getOwnerId() === $account
        ->id()) {

        // Allow users to edit its own content.
        return AccessResult::allowed();
      }
      return AccessResult::allowedIfHasPermission($account, 'edit ilt entities');
    case 'delete':
      if ($entity
        ->getOwnerId() === $account
        ->id()) {

        // Allow users to delete its own content.
        return AccessResult::allowed();
      }
      return AccessResult::allowedIfHasPermission($account, 'delete ilt entities');
    case 'score':
      $training = $entity
        ->getTraining();
      if (isset($training) && $training
        ->hasPermission('score ilt entities', $account)) {
        return AccessResult::allowed();
      }
      return AccessResult::allowedIfHasPermission($account, 'score ilt entities');
  }
  return AccessResult::neutral();
}