You are here

public function UserController::checkCreateAccess in Profile 8

Checks access for the profile add form.

Parameters

\Drupal\user\UserInterface $user: The user account.

\Drupal\profile\Entity\ProfileTypeInterface $profile_type: The profile type.

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

1 string reference to 'UserController::checkCreateAccess'
profile.routing.yml in ./profile.routing.yml
profile.routing.yml

File

src/Controller/UserController.php, line 156

Class

UserController
Provides the profile UI for users.

Namespace

Drupal\profile\Controller

Code

public function checkCreateAccess(UserInterface $user, ProfileTypeInterface $profile_type, AccountInterface $account) {
  $user_access = $user
    ->access('view', $account, TRUE);
  if (!$user_access
    ->isAllowed()) {

    // The account does not have access to the user's canonical page
    // ("/user/{user}"), don't allow access to any sub-pages either.
    return $user_access;
  }
  $access_control_handler = $this
    ->entityTypeManager()
    ->getAccessControlHandler('profile');

  /** @var \Drupal\Core\Access\AccessResult $result */
  $result = $access_control_handler
    ->createAccess($profile_type
    ->id(), $account, [
    'profile_owner' => $user,
  ], TRUE);
  if ($result
    ->isAllowed()) {

    // There is no create any/own permission, confirm that the account is
    // either an administrator, or they're creating a profile for themselves.
    $admin_permission = $this
      ->entityTypeManager()
      ->getDefinition('profile')
      ->getAdminPermission();
    $owner_result = AccessResult::allowedIfHasPermission($account, $admin_permission)
      ->orIf(AccessResult::allowedIf($account
      ->id() == $user
      ->id()))
      ->cachePerUser();
    $result = $result
      ->andIf($owner_result);
  }
  return $result;
}