You are here

protected function GroupCommentAccessControlHandler::checkAccess in Open Social 10.1.x

Same name and namespace in other branches
  1. 8.9 modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  2. 8 modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  3. 8.2 modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  4. 8.3 modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  5. 8.4 modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  6. 8.5 modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  7. 8.6 modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  8. 8.7 modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  9. 8.8 modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  10. 10.3.x modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  11. 10.0.x modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()
  12. 10.2.x modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php \Drupal\group_core_comments\GroupCommentAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides CommentAccessControlHandler::checkAccess

File

modules/custom/group_core_comments/src/GroupCommentAccessControlHandler.php, line 24

Class

GroupCommentAccessControlHandler
Defines the access control handler for the comment entity type.

Namespace

Drupal\group_core_comments

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\comment\CommentInterface|\Drupal\user\EntityOwnerInterface $entity */
  $parent_access = parent::checkAccess($entity, $operation, $account);
  $commented_entity = $entity
    ->getCommentedEntity();
  if (!$commented_entity instanceof ContentEntityInterface) {
    return AccessResult::neutral();
  }
  $group_contents = GroupContent::loadByEntity($commented_entity);

  // Check for 'delete all comments' permission in case content is not from
  // group.
  if (empty($group_contents) && $account
    ->hasPermission('delete all comments')) {
    $administer_access = AccessResult::allowed();
  }
  else {
    $administer_access = $this
      ->getPermissionInGroups('administer comments', $account, $group_contents);
  }
  if ($administer_access
    ->isAllowed()) {
    $access = AccessResult::allowed()
      ->cachePerPermissions();
    return $operation != 'view' ? $access : $access
      ->andIf($entity
      ->getCommentedEntity()
      ->access($operation, $account, TRUE));
  }

  // @todo Only react on if $parent === allowed Is this good/safe enough?
  if ($parent_access
    ->isAllowed()) {

    // Only react if it is actually posted inside a group.
    if (!empty($group_contents)) {
      switch ($operation) {
        case 'view':
          return $this
            ->getPermissionInGroups('access comments', $account, $group_contents);
        case 'update':
          return $this
            ->getPermissionInGroups('edit own comments', $account, $group_contents);
        default:

          // No opinion.
          return AccessResult::neutral()
            ->cachePerPermissions();
      }
    }
  }

  // Fallback.
  return $parent_access;
}