public function UserController::checkCreateAccess in Profile 8
Checks access for the profile add form.
Parameters
\Drupal\user\UserInterface $user: The user account.
\Drupal\profile\Entity\ProfileTypeInterface $profile_type: The profile type.
\Drupal\Core\Session\AccountInterface $account: The currently logged in account.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
1 string reference to 'UserController::checkCreateAccess'
File
- src/
Controller/ UserController.php, line 156
Class
- UserController
- Provides the profile UI for users.
Namespace
Drupal\profile\ControllerCode
public function checkCreateAccess(UserInterface $user, ProfileTypeInterface $profile_type, AccountInterface $account) {
$user_access = $user
->access('view', $account, TRUE);
if (!$user_access
->isAllowed()) {
// The account does not have access to the user's canonical page
// ("/user/{user}"), don't allow access to any sub-pages either.
return $user_access;
}
$access_control_handler = $this
->entityTypeManager()
->getAccessControlHandler('profile');
/** @var \Drupal\Core\Access\AccessResult $result */
$result = $access_control_handler
->createAccess($profile_type
->id(), $account, [
'profile_owner' => $user,
], TRUE);
if ($result
->isAllowed()) {
// There is no create any/own permission, confirm that the account is
// either an administrator, or they're creating a profile for themselves.
$admin_permission = $this
->entityTypeManager()
->getDefinition('profile')
->getAdminPermission();
$owner_result = AccessResult::allowedIfHasPermission($account, $admin_permission)
->orIf(AccessResult::allowedIf($account
->id() == $user
->id()))
->cachePerUser();
$result = $result
->andIf($owner_result);
}
return $result;
}