protected function ContactAccessControlHandler::checkAccess in RedHen CRM 8
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides EntityAccessControlHandler::checkAccess
File
- modules/
redhen_contact/ src/ ContactAccessControlHandler.php, line 25
Class
- ContactAccessControlHandler
- Access controller for the Contact entity.
Namespace
Drupal\redhen_contactCode
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\redhen_contact\ContactInterface $entity */
// Get Contact bundle.
$entity_bundle = $entity
->getType();
// Check if Contact being accessed is user's own.
$own = $entity
->getOwnerId() == $account
->id();
switch ($operation) {
// @todo split out view label into its own permission.
case 'view label':
case 'view':
// If Contact is active, check "view own" and/or "view active"
// permissions to determine access.
if ($entity
->isActive()) {
// If Contact is user's own, either "view active" or "view own"
// permission is sufficient to grant access.
if ($own) {
$view_access = AccessResult::allowedIfHasPermissions($account, [
'view active contact entities',
'view active ' . $entity_bundle . ' contact',
'view own ' . $entity_bundle . ' contact',
], 'OR');
}
else {
$view_access = AccessResult::allowedIfHasPermissions($account, [
'view active contact entities',
'view active ' . $entity_bundle . ' contact',
], 'OR');
}
}
else {
$view_access = AccessResult::allowedIfHasPermissions($account, [
'view inactive contact entities',
'view inactive ' . $entity_bundle . ' contact',
], 'OR');
}
return $view_access;
case 'update':
// If Contact is active, check "edit own" and/or "edit active"
// permissions to determine access.
if ($entity
->isActive()) {
// If Contact is user's own, either "edit any" or "edit own"
// permission is sufficient to grant access.
if ($own) {
$edit_access = AccessResult::allowedIfHasPermissions($account, [
'edit contact entities',
'edit any ' . $entity_bundle . ' contact',
'edit own ' . $entity_bundle . ' contact',
], 'OR');
}
}
// If Contact is inactive or not user's own, user needs "edit any"
// permission to have access.
if (!isset($edit_access)) {
$edit_access = AccessResult::allowedIfHasPermissions($account, [
'edit contact entities',
'edit any ' . $entity_bundle . ' contact',
], 'OR');
}
return $edit_access;
case 'delete':
// If Contact is active, check "delete own" and/or "delete active"
// permissions to determine access.
if ($entity
->isActive()) {
// If Contact is user's own, either "delete any" or "delete own"
// permission is sufficient to grant access.
if ($own) {
$delete_access = AccessResult::allowedIfHasPermissions($account, [
'delete contact entities',
'delete any ' . $entity_bundle . ' contact',
'delete own ' . $entity_bundle . ' contact',
], 'OR');
}
}
// If Contact is inactive or not user's own, user needs "delete any"
// permission to have access.
if (!isset($delete_access)) {
$delete_access = AccessResult::allowedIfHasPermissions($account, [
'delete contact entities',
'delete any ' . $entity_bundle . ' contact',
], 'OR');
}
return $delete_access;
}
// Unknown operation, no opinion.
return AccessResult::neutral();
}