You are here

Home » API reference » Album Photos 8.5 » PhotosAccessControlHandler.php » PhotosAccessControlHandler

protected function PhotosAccessControlHandler::checkAccess in Album Photos 8.5

Same name and namespace in other branches
  1. 6.0.x src/PhotosAccessControlHandler.php \Drupal\photos\PhotosAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

src/PhotosAccessControlHandler.php, line 52

Class

PhotosAccessControlHandler
Defines an access control handler for photos_image items.

Namespace

Drupal\photos

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  if ($account
    ->hasPermission('administer nodes')) {
    return AccessResult::allowed()
      ->cachePerPermissions();
  }
  $is_owner = $account
    ->id() && $account
    ->id() === $entity
    ->getOwnerId();
  switch ($operation) {
    case 'view':
      $accessResult = AccessResult::neutral()
        ->cachePerPermissions();

      // Value is fid, check if user can view this photo's album.
      if (\Drupal::config('photos.settings')
        ->get('photos_access_photos')) {

        // Check if album password is required.
        photos_access_request_album_password();
        $node = _photos_access_pass_type($entity
          ->id(), 1);
        $uid = FALSE;

        // Check if user is node author.
        if (isset($node['node'])) {
          $uid = $node['node']->uid;
        }
        elseif (isset($node['view'])) {
          $uid = $node['view']->uid;
        }
        if ($uid && $account
          ->id() == $uid) {

          // Node owner is allowed access.
          return AccessResult::allowed()
            ->cachePerPermissions();
        }
        if ($account
          ->hasPermission('view photo')) {
          if (isset($node['node']->viewid) && $node['node']->viewid < 3) {

            // Check node access.
            $node = $this->entityTypeManager
              ->getStorage('node')
              ->load($node['node']->nid);
            $accessResult = AccessResult::allowedIf($node
              ->access('view'))
              ->cachePerPermissions()
              ->addCacheableDependency($entity);
          }
          elseif (isset($node['node']) && $node['node']->viewid == 4) {

            // @todo move logic.
            // Check role access.
            $accountRoles = $account
              ->getRoles();
            $node = $this->entityTypeManager
              ->getStorage('node')
              ->load($node['node']->nid);
            if ($node && isset($node->privacy) && isset($node->privacy['roles'])) {
              if (count(array_intersect($accountRoles, $node->privacy['roles'])) !== 0) {
                $accessResult = AccessResult::allowedIf($account
                  ->hasPermission('view photo'))
                  ->cachePerPermissions()
                  ->addCacheableDependency($entity);
              }
            }
          }
          elseif (isset($node['view']) && $node['view']->viewid == 3 && isset($node['view']->pass)) {

            // Check password.
            $correctPassword = FALSE;
            if (isset($_SESSION[$node['view']->nid . '_' . session_id()]) && $node['view']->pass == $_SESSION[$node['view']->nid . '_' . session_id()] || !photos_access_pass_validate($node)) {
              $correctPassword = TRUE;
            }
            $accessResult = AccessResult::allowedIf($correctPassword)
              ->cachePerPermissions()
              ->addCacheableDependency($entity);
          }
          else {
            $accessResult = AccessResult::allowedIf($account
              ->hasPermission('view photo'))
              ->cachePerPermissions()
              ->addCacheableDependency($entity);
          }
        }
      }
      else {
        $accessResult = AccessResult::allowedIfHasPermission($account, 'view photo')
          ->cachePerPermissions()
          ->addCacheableDependency($entity);
      }

      // @todo check if $entity->isPublished().
      return $accessResult;
    case 'update':
      if ($account
        ->hasPermission('edit own photo') && $is_owner) {
        return AccessResult::allowed()
          ->cachePerPermissions()
          ->cachePerUser()
          ->addCacheableDependency($entity);
      }
      if ($account
        ->hasPermission('edit any photo')) {
        return AccessResult::allowed()
          ->cachePerPermissions();
      }
      return AccessResult::neutral("The following permissions are required: 'edit any photo' OR 'edit own photos'.")
        ->cachePerPermissions();
    case 'delete':
      if ($account
        ->hasPermission('delete any photo')) {
        return AccessResult::allowed()
          ->cachePerPermissions();
      }
      if ($account
        ->hasPermission('delete own photo') && $is_owner) {
        return AccessResult::allowed()
          ->cachePerPermissions()
          ->cachePerUser()
          ->addCacheableDependency($entity);
      }
      return AccessResult::neutral("The following permissions are required: 'delete any photo' OR 'delete own photos'.")
        ->cachePerPermissions();
    default:
      return AccessResult::neutral()
        ->cachePerPermissions();
  }
}