You are here

protected function OrgAccessControlHandler::checkAccess in RedHen CRM 8

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

modules/redhen_org/src/OrgAccessControlHandler.php, line 25

Class

OrgAccessControlHandler
Access controller for the Org entity.

Namespace

Drupal\redhen_org

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\redhen_org\OrgInterface $entity */

  // Get Org bundle.
  $entity_bundle = $entity
    ->getType();
  switch ($operation) {

    // @todo split out view label into its own permission.
    case 'view label':
    case 'view':

      // If Org is active, check "view active" permissions to determine
      // access.
      if ($entity
        ->isActive()) {
        $view_access = AccessResult::allowedIfHasPermissions($account, [
          'view active org entities',
          'view active ' . $entity_bundle . ' org',
        ], 'OR');
      }
      else {
        $view_access = AccessResult::allowedIfHasPermissions($account, [
          'view inactive org entities',
          'view inactive ' . $entity_bundle . ' org',
        ], 'OR');
      }
      return $view_access;
    case 'update':

      // Check admin and bundle-specific edit permissions to determine
      // edit access.
      $edit_access = AccessResult::allowedIfHasPermissions($account, [
        'edit org entities',
        'edit ' . $entity_bundle . ' org',
      ], 'OR');
      return $edit_access;
    case 'delete':

      // Check admin and bundle-specific delete permissions to determine
      // delete access.
      $delete_access = AccessResult::allowedIfHasPermissions($account, [
        'delete org entities',
        'delete ' . $entity_bundle . ' org',
      ], 'OR');
      return $delete_access;
  }

  // Unknown operation, no opinion.
  return AccessResult::neutral();
}