public function PhotosAccess::access in Album Photos 8.5
Same name and namespace in other branches
- 6.0.x photos_access/src/Plugin/views/access/PhotosAccess.php \Drupal\photos_access\Plugin\views\access\PhotosAccess::access()
Determine if the current user has access or not.
Parameters
\Drupal\Core\Session\AccountInterface $account: The user who wants to access this view.
Return value
bool Returns whether the user has access to the view.
Overrides AccessPluginBase::access
File
- photos_access/
src/ Plugin/ views/ access/ PhotosAccess.php, line 85
Class
- PhotosAccess
- Access plugin for photos album and images.
Namespace
Drupal\photos_access\Plugin\views\accessCode
public function access(AccountInterface $account) {
$access = FALSE;
// Check if we need to be redirected to set the password.
photos_access_request_album_password();
// Check if locked and not owner / collaborator.
$nid = $this->routeMatch
->getRawParameter('node');
$photosAccessNode = _photos_access_pass_type($nid);
$uid = FALSE;
// Check if user is node author.
if (isset($photosAccessNode['node'])) {
$uid = $photosAccessNode['node']->uid;
}
elseif (isset($photosAccessNode['view'])) {
$uid = $photosAccessNode['view']->uid;
}
if ($uid && $account
->id() == $uid) {
// Node owner is allowed access.
$access = TRUE;
}
if ($account
->hasPermission('view photo')) {
if (isset($photosAccessNode['node']->viewid) && $photosAccessNode['node']->viewid != 3) {
// Check node access.
/* @var \Drupal\node\Entity\Node $node */
$node = $this->entityTypeManager
->getStorage('node')
->load($photosAccessNode['node']->nid);
$access = $node
->access('view');
}
elseif (isset($photosAccessNode['view']->pass)) {
// Check password.
$access = FALSE;
if (isset($_SESSION[$photosAccessNode['view']->nid . '_' . session_id()]) && $photosAccessNode['view']->pass == $_SESSION[$photosAccessNode['view']->nid . '_' . session_id()] || !photos_access_pass_validate($photosAccessNode)) {
$access = TRUE;
}
}
else {
$access = $account
->hasPermission('view photo');
}
}
if ($access == FALSE) {
// We don't want the title visible here or anything from the view, so we
// throw access denied instead of returning FALSE.
throw new AccessDeniedHttpException();
}
return $access;
}