You are here

Home » API reference » Search API Saved Searches 8 » SavedSearchAccessControlHandler.php » SavedSearchAccessControlHandler

protected function SavedSearchAccessControlHandler::checkFieldAccess in Search API Saved Searches 8

Default field access as determined by this access control handler.

Parameters

string $operation: The operation access should be checked for. Usually one of "view" or "edit".

\Drupal\Core\Field\FieldDefinitionInterface $field_definition: The field definition.

\Drupal\Core\Session\AccountInterface $account: The user session for which to check access.

\Drupal\Core\Field\FieldItemListInterface $items: (optional) The field values for which to check access, or NULL if access is checked for the field definition, without any specific value available. Defaults to NULL.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkFieldAccess

File

src/Entity/SavedSearchAccessControlHandler.php, line 145

Class

SavedSearchAccessControlHandler
Provides access checking for saved searches.

Namespace

Drupal\search_api_saved_searches\Entity

Code

protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
  $field_name = $field_definition
    ->getName();

  // Only admins can edit administrative fields.
  $administrative_fields = [
    'uid',
    'status',
    'created',
    'last_executed',
    'next_execution',
  ];
  if ($operation === 'edit' && in_array($field_name, $administrative_fields, TRUE)) {
    return AccessResult::allowedIfHasPermission($account, self::ADMIN_PERMISSION);
  }

  // For serialized fields, neither viewing nor editing makes sense.
  $serialized_fields = [
    'query',
  ];
  if (in_array($field_name, $serialized_fields, TRUE)) {
    return AccessResult::forbidden();
  }

  // The index ID cannot be edited, but can be viewed by admins.
  if ($field_name === 'index_id') {
    if ($operation === 'edit') {
      return AccessResult::forbidden();
    }
    return AccessResult::allowedIfHasPermission($account, self::ADMIN_PERMISSION);
  }

  // Allow for access checks on fields defined by notification plugins.
  if ($field_definition instanceof BundleFieldDefinition) {
    $plugin_id = $field_definition
      ->getSetting('notification_plugin');
    $bundle = $field_definition
      ->getTargetBundle();
    if ($plugin_id && $bundle) {

      /** @var \Drupal\search_api_saved_searches\SavedSearchTypeInterface $type */
      $type = $this
        ->getEntityTypeManager()
        ->getStorage('search_api_saved_search_type')
        ->load($bundle);
      if ($type && $type
        ->isValidNotificationPlugin($plugin_id)) {
        return $type
          ->getNotificationPlugin($plugin_id)
          ->checkFieldAccess($operation, $field_definition, $account, $items);
      }
    }

    // In doubt (that is, when some part of the previous code didn't work
    // out), only allow admin access.
    return AccessResult::allowedIfHasPermission($account, self::ADMIN_PERMISSION);
  }
  return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}