class SubscriberAccessControlHandler in Simplenews 3.x
Same name and namespace in other branches
- 8.2 src/SubscriberAccessControlHandler.php \Drupal\simplenews\SubscriberAccessControlHandler
- 8 src/SubscriberAccessControlHandler.php \Drupal\simplenews\SubscriberAccessControlHandler
Defines the access control handler for the simplenews subscriber entity type.
Hierarchy
- class \Drupal\Core\Entity\EntityHandlerBase uses DependencySerializationTrait, StringTranslationTrait
- class \Drupal\Core\Entity\EntityAccessControlHandler implements EntityAccessControlHandlerInterface
- class \Drupal\simplenews\SubscriberAccessControlHandler
- class \Drupal\Core\Entity\EntityAccessControlHandler implements EntityAccessControlHandlerInterface
Expanded class hierarchy of SubscriberAccessControlHandler
See also
\Drupal\simplenews\Entity\Subscriber
File
- src/
SubscriberAccessControlHandler.php, line 17
Namespace
Drupal\simplenewsView source
class SubscriberAccessControlHandler extends EntityAccessControlHandler {
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
// Administrators can view/update/delete all subscribers.
if ($account
->hasPermission('administer simplenews subscriptions')) {
return AccessResult::allowed()
->cachePerPermissions();
}
if ($operation != 'delete' && $entity
->getUserId()) {
// For a subscription that corresponds to a user, access to view/update
// is allowed for that user if they have permission. Don't allow users to
// delete the subscription entirely, as we need to keep a record of the
// subscription history.
return AccessResult::allowedIf($entity
->getUserId() == $account
->id())
->andIf(AccessResult::allowedIfHasPermission($account, 'subscribe to newsletters'))
->addCacheableDependency($entity);
}
// Allow access to view subscribers based on the related permission.
if ($operation == 'view') {
return AccessResult::allowedIfHasPermission($account, 'view simplenews subscriptions');
}
// No opinion.
return AccessResult::neutral();
}
/**
* {@inheritdoc}
*/
protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
// Protect access to viewing the mail field.
if ($field_definition
->getName() == 'mail' && $operation == 'view') {
// Allow based on permissions.
if ($account
->hasPermission('administer simplenews subscriptions') || $account
->hasPermission('view simplenews subscriptions')) {
return AccessResult::allowed()
->cachePerPermissions();
}
// Users can view their own value.
if ($account
->isAuthenticated() && $items && ($entity = $items
->getEntity()) && $entity
->getUserId() == $account
->id()) {
return AccessResult::allowed()
->addCacheableDependency($entity);
}
// Otherwise don't give access.
return AccessResult::neutral();
}
if ($operation == 'edit') {
switch ($field_definition
->getName()) {
case 'uid':
// No edit access even for admins.
return AccessResult::forbidden();
case 'status':
case 'created':
// Only admin can edit.
return AccessResult::allowedIfHasPermission($account, 'administer simplenews subscriptions');
case 'mail':
case 'langcode':
// No edit access if 'uid' is set.
if ($items && ($entity = $items
->getEntity()) && $entity
->getUserId()) {
return AccessResult::forbidden();
}
break;
}
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
DependencySerializationTrait:: |
protected | property | ||
DependencySerializationTrait:: |
protected | property | ||
DependencySerializationTrait:: |
public | function | 2 | |
DependencySerializationTrait:: |
public | function | 2 | |
EntityAccessControlHandler:: |
protected | property | Stores calculated access check results. | |
EntityAccessControlHandler:: |
protected | property | Information about the entity type. | |
EntityAccessControlHandler:: |
protected | property | The entity type ID of the access control handler instance. | |
EntityAccessControlHandler:: |
protected | property | Allows to grant access to just the labels. | 5 |
EntityAccessControlHandler:: |
public | function |
Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface:: |
1 |
EntityAccessControlHandler:: |
protected | function | Performs create access checks. | 14 |
EntityAccessControlHandler:: |
public | function |
Checks access to create an entity. Overrides EntityAccessControlHandlerInterface:: |
1 |
EntityAccessControlHandler:: |
public | function |
Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface:: |
|
EntityAccessControlHandler:: |
protected | function | Tries to retrieve a previously cached access value from the static cache. | |
EntityAccessControlHandler:: |
protected | function | Loads the current account object, if it does not exist yet. | |
EntityAccessControlHandler:: |
protected | function | We grant access to the entity if both of these conditions are met: | |
EntityAccessControlHandler:: |
public | function |
Clears all cached access checks. Overrides EntityAccessControlHandlerInterface:: |
|
EntityAccessControlHandler:: |
protected | function | Statically caches whether the given user has access. | |
EntityAccessControlHandler:: |
public | function | Constructs an access control handler instance. | 6 |
EntityHandlerBase:: |
protected | property | The module handler to invoke hooks on. | 5 |
EntityHandlerBase:: |
protected | function | Gets the module handler. | 5 |
EntityHandlerBase:: |
public | function | Sets the module handler for this handler. | |
StringTranslationTrait:: |
protected | property | The string translation service. | 4 |
StringTranslationTrait:: |
protected | function | Formats a string containing a count of items. | |
StringTranslationTrait:: |
protected | function | Returns the number of plurals supported by a given language. | |
StringTranslationTrait:: |
protected | function | Gets the string translation service. | |
StringTranslationTrait:: |
public | function | Sets the string translation service to use. | 2 |
StringTranslationTrait:: |
protected | function | Translates a string to the current language or to a given language. | |
SubscriberAccessControlHandler:: |
protected | function |
Performs access checks. Overrides EntityAccessControlHandler:: |
|
SubscriberAccessControlHandler:: |
protected | function |
Default field access as determined by this access control handler. Overrides EntityAccessControlHandler:: |