You are here

Home » API reference » Album Photos 8.5 » PhotosAccess.php » PhotosAccess

public function PhotosAccess::access in Album Photos 8.5

Same name and namespace in other branches
  1. 6.0.x photos_access/src/Plugin/views/access/PhotosAccess.php \Drupal\photos_access\Plugin\views\access\PhotosAccess::access()

Determine if the current user has access or not.

Parameters

\Drupal\Core\Session\AccountInterface $account: The user who wants to access this view.

Return value

bool Returns whether the user has access to the view.

Overrides AccessPluginBase::access

File

photos_access/src/Plugin/views/access/PhotosAccess.php, line 85

Class

PhotosAccess
Access plugin for photos album and images.

Namespace

Drupal\photos_access\Plugin\views\access

Code

public function access(AccountInterface $account) {
  $access = FALSE;

  // Check if we need to be redirected to set the password.
  photos_access_request_album_password();

  // Check if locked and not owner / collaborator.
  $nid = $this->routeMatch
    ->getRawParameter('node');
  $photosAccessNode = _photos_access_pass_type($nid);
  $uid = FALSE;

  // Check if user is node author.
  if (isset($photosAccessNode['node'])) {
    $uid = $photosAccessNode['node']->uid;
  }
  elseif (isset($photosAccessNode['view'])) {
    $uid = $photosAccessNode['view']->uid;
  }
  if ($uid && $account
    ->id() == $uid) {

    // Node owner is allowed access.
    $access = TRUE;
  }
  if ($account
    ->hasPermission('view photo')) {
    if (isset($photosAccessNode['node']->viewid) && $photosAccessNode['node']->viewid != 3) {

      // Check node access.

      /* @var \Drupal\node\Entity\Node $node */
      $node = $this->entityTypeManager
        ->getStorage('node')
        ->load($photosAccessNode['node']->nid);
      $access = $node
        ->access('view');
    }
    elseif (isset($photosAccessNode['view']->pass)) {

      // Check password.
      $access = FALSE;
      if (isset($_SESSION[$photosAccessNode['view']->nid . '_' . session_id()]) && $photosAccessNode['view']->pass == $_SESSION[$photosAccessNode['view']->nid . '_' . session_id()] || !photos_access_pass_validate($photosAccessNode)) {
        $access = TRUE;
      }
    }
    else {
      $access = $account
        ->hasPermission('view photo');
    }
  }
  if ($access == FALSE) {

    // We don't want the title visible here or anything from the view, so we
    // throw access denied instead of returning FALSE.
    throw new AccessDeniedHttpException();
  }
  return $access;
}