You are here

class SubscriberAccessControlHandler in Simplenews 3.x

Same name and namespace in other branches
  1. 8.2 src/SubscriberAccessControlHandler.php \Drupal\simplenews\SubscriberAccessControlHandler
  2. 8 src/SubscriberAccessControlHandler.php \Drupal\simplenews\SubscriberAccessControlHandler

Defines the access control handler for the simplenews subscriber entity type.

Hierarchy

Expanded class hierarchy of SubscriberAccessControlHandler

See also

\Drupal\simplenews\Entity\Subscriber

File

src/SubscriberAccessControlHandler.php, line 17

Namespace

Drupal\simplenews
View source
class SubscriberAccessControlHandler extends EntityAccessControlHandler {

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

    // Administrators can view/update/delete all subscribers.
    if ($account
      ->hasPermission('administer simplenews subscriptions')) {
      return AccessResult::allowed()
        ->cachePerPermissions();
    }
    if ($operation != 'delete' && $entity
      ->getUserId()) {

      // For a subscription that corresponds to a user, access to view/update
      // is allowed for that user if they have permission. Don't allow users to
      // delete the subscription entirely, as we need to keep a record of the
      // subscription history.
      return AccessResult::allowedIf($entity
        ->getUserId() == $account
        ->id())
        ->andIf(AccessResult::allowedIfHasPermission($account, 'subscribe to newsletters'))
        ->addCacheableDependency($entity);
    }

    // Allow access to view subscribers based on the related permission.
    if ($operation == 'view') {
      return AccessResult::allowedIfHasPermission($account, 'view simplenews subscriptions');
    }

    // No opinion.
    return AccessResult::neutral();
  }

  /**
   * {@inheritdoc}
   */
  protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {

    // Protect access to viewing the mail field.
    if ($field_definition
      ->getName() == 'mail' && $operation == 'view') {

      // Allow based on permissions.
      if ($account
        ->hasPermission('administer simplenews subscriptions') || $account
        ->hasPermission('view simplenews subscriptions')) {
        return AccessResult::allowed()
          ->cachePerPermissions();
      }

      // Users can view their own value.
      if ($account
        ->isAuthenticated() && $items && ($entity = $items
        ->getEntity()) && $entity
        ->getUserId() == $account
        ->id()) {
        return AccessResult::allowed()
          ->addCacheableDependency($entity);
      }

      // Otherwise don't give access.
      return AccessResult::neutral();
    }
    if ($operation == 'edit') {
      switch ($field_definition
        ->getName()) {
        case 'uid':

          // No edit access even for admins.
          return AccessResult::forbidden();
        case 'status':
        case 'created':

          // Only admin can edit.
          return AccessResult::allowedIfHasPermission($account, 'administer simplenews subscriptions');
        case 'mail':
        case 'langcode':

          // No edit access if 'uid' is set.
          if ($items && ($entity = $items
            ->getEntity()) && $entity
            ->getUserId()) {
            return AccessResult::forbidden();
          }
          break;
      }
    }
    return parent::checkFieldAccess($operation, $field_definition, $account, $items);
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property
DependencySerializationTrait::$_serviceIds protected property
DependencySerializationTrait::__sleep public function 2
DependencySerializationTrait::__wakeup public function 2
EntityAccessControlHandler::$accessCache protected property Stores calculated access check results.
EntityAccessControlHandler::$entityType protected property Information about the entity type.
EntityAccessControlHandler::$entityTypeId protected property The entity type ID of the access control handler instance.
EntityAccessControlHandler::$viewLabelOperation protected property Allows to grant access to just the labels. 5
EntityAccessControlHandler::access public function Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface::access 1
EntityAccessControlHandler::checkCreateAccess protected function Performs create access checks. 14
EntityAccessControlHandler::createAccess public function Checks access to create an entity. Overrides EntityAccessControlHandlerInterface::createAccess 1
EntityAccessControlHandler::fieldAccess public function Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface::fieldAccess
EntityAccessControlHandler::getCache protected function Tries to retrieve a previously cached access value from the static cache.
EntityAccessControlHandler::prepareUser protected function Loads the current account object, if it does not exist yet.
EntityAccessControlHandler::processAccessHookResults protected function We grant access to the entity if both of these conditions are met:
EntityAccessControlHandler::resetCache public function Clears all cached access checks. Overrides EntityAccessControlHandlerInterface::resetCache
EntityAccessControlHandler::setCache protected function Statically caches whether the given user has access.
EntityAccessControlHandler::__construct public function Constructs an access control handler instance. 6
EntityHandlerBase::$moduleHandler protected property The module handler to invoke hooks on. 5
EntityHandlerBase::moduleHandler protected function Gets the module handler. 5
EntityHandlerBase::setModuleHandler public function Sets the module handler for this handler.
StringTranslationTrait::$stringTranslation protected property The string translation service. 4
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.
SubscriberAccessControlHandler::checkAccess protected function Performs access checks. Overrides EntityAccessControlHandler::checkAccess
SubscriberAccessControlHandler::checkFieldAccess protected function Default field access as determined by this access control handler. Overrides EntityAccessControlHandler::checkFieldAccess