You are here

Home » API reference » Profile 2 8 » ProfileAccessControlHandler.php » ProfileAccessControlHandler

public function ProfileAccessControlHandler::access in Profile 2 8

Checks access to an operation on a given entity or entity translation.

Use \Drupal\Core\Entity\EntityAccessControlHandlerInterface::createAccess() to check access to create an entity.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The operation access should be checked for. Usually one of "view", "view label", "update" or "delete".

\Drupal\Core\Session\AccountInterface $account: (optional) The user session for which to check access, or NULL to check access for the current user. Defaults to NULL.

bool $return_as_object: (optional) Defaults to FALSE.

Return value

bool|\Drupal\Core\Access\AccessResultInterface The access result. Returns a boolean if $return_as_object is FALSE (this is the default) and otherwise an AccessResultInterface object. When a boolean is returned, the result of AccessInterface::isAllowed() is returned, i.e. TRUE means access is explicitly allowed, FALSE means access is either explicitly forbidden or "no opinion".

Overrides EntityAccessControlHandler::access

File

src/ProfileAccessControlHandler.php, line 51
Contains \Drupal\profile\ProfileAccessControlHandler.

Class

ProfileAccessControlHandler
Defines the access control handler for the profile entity type.

Namespace

Drupal\profile

Code

public function access(EntityInterface $entity, $operation, $langcode = LanguageInterface::LANGCODE_DEFAULT, AccountInterface $account = NULL, $return_as_object = FALSE) {
  $account = $this
    ->prepareUser($account);
  $user_page = \Drupal::request()->attributes
    ->get('user');

  // Some times, operation edit is called update.
  // Use edit in any case.
  if ($operation == 'update') {
    $operation = 'edit';
  }
  if ($account
    ->hasPermission('bypass profile access')) {
    $result = AccessResult::allowed()
      ->cachePerRole();
    return $return_as_object ? $result : $result
      ->isAllowed();
  }
  if ($operation == 'add' && ($user_page
    ->id() == $account
    ->id() && $account
    ->hasPermission($operation . ' own ' . $entity
    ->id() . ' profile') || $account
    ->hasPermission($operation . ' any ' . $entity
    ->id() . ' profile')) || $operation != 'add' && ($entity
    ->getOwnerId() == $account
    ->id() && $account
    ->hasPermission($operation . ' own ' . $entity
    ->getType() . ' profile') || $account
    ->hasPermission($operation . ' any ' . $entity
    ->getType() . ' profile'))) {
    $result = AccessResult::allowed()
      ->cachePerRole();
    return $return_as_object ? $result : $result
      ->isAllowed();
  }
  else {
    $result = AccessResult::forbidden()
      ->cachePerRole();
    return $return_as_object ? $result : $result
      ->isAllowed();
  }
}