You are here

protected function LibraryItemAccessControlHandler::checkAccess in Paragraphs 8

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

modules/paragraphs_library/src/LibraryItemAccessControlHandler.php, line 21

Class

LibraryItemAccessControlHandler
Access control handler for the paragraphs_library_item entity type.

Namespace

Drupal\paragraphs_library

Code

protected function checkAccess(EntityInterface $library_item, $operation, AccountInterface $account) {

  // In case a library item is unpublished, only allow access if a user has
  // administrative permission. Ensure to collect the required cacheability
  // metadata and combine both the published and the referenced access check
  // together, both must allow access if unpublished.
  $access = AccessResult::allowed()
    ->addCacheableDependency($library_item);
  if ($operation === 'view' && !$library_item
    ->isPublished()) {
    $access = $access
      ->andIf(AccessResult::allowedIfHasPermission($account, $this->entityType
      ->getAdminPermission()));
  }

  // Allow update access with a specific or admin permission.
  if ($operation === 'update') {
    $access = $access
      ->andIf(AccessResult::allowedIfHasPermissions($account, [
      'edit paragraph library item',
      $this->entityType
        ->getAdminPermission(),
    ], 'OR'));
  }

  // Only users with admin permission can delete library items.
  if ($operation === 'delete') {
    $access = $access
      ->andIf(AccessResult::allowedIfHasPermission($account, $this->entityType
      ->getAdminPermission()));
  }

  /** @var \Drupal\paragraphs\Entity\Paragraph $paragraph */
  if ($referenced_paragraph = $library_item->paragraphs->entity) {

    // Forward the access check to the referenced paragraph.
    $access = $access
      ->andIf($referenced_paragraph
      ->access($operation, $account, TRUE));
  }
  else {
    $access = $access
      ->andIf(AccessResult::neutral());
  }
  return $access;
}