You are here

function QuizResultAnswerAccessControlHandler::checkAccess in Quiz 8.6

Same name and namespace in other branches
  1. 8.5 src/Access/QuizResultAnswerAccessControlHandler.php \Drupal\quiz\Access\QuizResultAnswerAccessControlHandler::checkAccess()
  2. 6.x src/Access/QuizResultAnswerAccessControlHandler.php \Drupal\quiz\Access\QuizResultAnswerAccessControlHandler::checkAccess()

Control access to taking a question or viewing feedback within a quiz.

Overrides EntityAccessControlHandlerBase::checkAccess

File

src/Access/QuizResultAnswerAccessControlHandler.php, line 19

Class

QuizResultAnswerAccessControlHandler

Namespace

Drupal\quiz\Access

Code

function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  if ($operation == 'take') {

    /* @var $entity QuizResultAnswer */
    $quiz = $entity
      ->get('result_id')
      ->referencedEntities()[0]
      ->get('qid')
      ->referencedEntities()[0];
    if (empty($_SESSION['quiz'][$quiz
      ->id()]['result_id'])) {

      // No access if the user isn't taking this quiz.
      return AccessResultForbidden::forbidden();
    }
    if ($quiz
      ->get('allow_jumping')
      ->getString()) {

      // Access to go to any question. Yay.
      return AccessResultAllowed::allowed();
    }
    $qra_last = $entity
      ->getPrevious();
    $qra_next = $entity
      ->getNext();
    if (!$quiz
      ->get('backwards_navigation')
      ->getString()) {

      // No backwards navigation.
      if ($entity
        ->isAnswered()) {

        // This question was answered already.
        return AccessResultForbidden::forbidden();
      }
    }

    // Enforce normal navigation.
    if (!$qra_last || $qra_last
      ->isAnswered()) {

      // Previous answer was submitted or this is the first question.
      return AccessResultAllowed::allowed();
    }
    return AccessResultForbidden::forbidden();
  }
  if ($operation == 'feedback') {
    if ($entity
      ->isAnswered()) {

      // The user has answered this question, so they can see the feedback.
      return AccessResultAllowed::allowed();
    }

    // If they haven't answered the question, we want to make sure feedback is
    // blocked as it could be exposing correct answers.
    // @todo We may also want to check if they are viewing feedback for the
    // current question.
    return AccessResultForbidden::forbidden();
  }
  return parent::checkAccess($entity, $operation, $account);
}