public function SchedulerRouteAccess::access in Scheduler 2.x
Provides custom access checks for the scheduled views on the user page.
A user is given access if either of the following conditions are met:
- they are viewing their own page and they have the permission to schedule
content of the required type.
- they are viewing another user's page and they have permission to view
user profiles and view scheduled content, and the user they are viewing has permission to schedule content (otherwise the list would always be empty).
Parameters
\Drupal\Core\Session\AccountInterface $account: The currently logged in account.
\Drupal\Core\Routing\RouteMatchInterface $route_match: The current route match.
File
- src/
Access/ SchedulerRouteAccess.php, line 30
Class
- SchedulerRouteAccess
- Sets access for specific scheduler views routes.
Namespace
Drupal\scheduler\AccessCode
public function access(AccountInterface $account, RouteMatchInterface $route_match) {
$user_being_viewed = $route_match
->getParameter('user');
$viewing_own_page = $user_being_viewed == $account
->id();
// getUserPageViewRoutes() returns an array of user page view routes, keyed
// on the entity id. Use this to get the entity id.
$scheduler_manager = \Drupal::service('scheduler.manager');
$entityTypeId = array_search($route_match
->getRouteName(), $scheduler_manager
->getUserPageViewRoutes());
$viewing_permission_name = $scheduler_manager
->permissionName($entityTypeId, 'view');
$scheduling_permission_name = $scheduler_manager
->permissionName($entityTypeId, 'schedule');
if ($viewing_own_page && $account
->hasPermission($scheduling_permission_name)) {
return AccessResult::allowed();
}
if (!$viewing_own_page && $account
->hasPermission($viewing_permission_name) && $account
->hasPermission('access user profiles')) {
$other_user = User::load($user_being_viewed);
if ($other_user && $other_user
->hasPermission($scheduling_permission_name)) {
return AccessResult::allowed();
}
}
return AccessResult::forbidden();
}