You are here

class FlexibleGroupContentAccessCheck in Open Social 10.3.x

Same name and namespace in other branches
  1. 8.9 modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupContentAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupContentAccessCheck
  2. 8.6 modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupContentAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupContentAccessCheck
  3. 8.7 modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupContentAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupContentAccessCheck
  4. 8.8 modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupContentAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupContentAccessCheck
  5. 10.0.x modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupContentAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupContentAccessCheck
  6. 10.1.x modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupContentAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupContentAccessCheck
  7. 10.2.x modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupContentAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupContentAccessCheck

Determines access to routes based flexible_group membership and settings.

Hierarchy

Expanded class hierarchy of FlexibleGroupContentAccessCheck

1 string reference to 'FlexibleGroupContentAccessCheck'
social_group_flexible_group.services.yml in modules/social_features/social_group/modules/social_group_flexible_group/social_group_flexible_group.services.yml
modules/social_features/social_group/modules/social_group_flexible_group/social_group_flexible_group.services.yml
1 service uses FlexibleGroupContentAccessCheck
social_group_flexible_group_access.group.permission in modules/social_features/social_group/modules/social_group_flexible_group/social_group_flexible_group.services.yml
Drupal\social_group_flexible_group\Access\FlexibleGroupContentAccessCheck

File

modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupContentAccessCheck.php, line 17

Namespace

Drupal\social_group_flexible_group\Access
View source
class FlexibleGroupContentAccessCheck implements AccessInterface {

  /**
   * Checks access.
   *
   * @param \Symfony\Component\Routing\Route $route
   *   The route to check against.
   * @param \Drupal\Core\Routing\RouteMatchInterface $route_match
   *   The parametrized route.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The account to check access for.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The access result.
   */
  public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) {
    $permission = $route
      ->getRequirement('_flexible_group_content_visibility');

    // Don't interfere if no permission was specified.
    if ($permission === NULL) {
      return AccessResult::allowed();
    }

    // Don't interfere if no group was specified.
    $parameters = $route_match
      ->getParameters();
    if (!$parameters
      ->has('group')) {
      return AccessResult::allowed();
    }

    // Don't interfere if the group isn't a real group.
    $group = $parameters
      ->get('group');
    if (!$group instanceof Group) {
      return AccessResult::allowed();
    }

    // A user with this access can definitely do everything.
    if ($account
      ->hasPermission('manage all groups')) {
      return AccessResult::allowed();
    }

    // Handling the visibility of a group.
    if ($group
      ->hasField('field_flexible_group_visibility')) {
      $group_visibility_value = $group
        ->getFieldValue('field_flexible_group_visibility', 'value');
      $is_member = $group
        ->getMember($account) instanceof GroupMembership;
      switch ($group_visibility_value) {
        case 'members':
          if (!$is_member) {
            return AccessResult::forbidden();
          }
          break;
        case 'community':
          if ($account
            ->isAnonymous()) {
            return AccessResult::forbidden();
          }
          break;
      }
    }
    $type = $group
      ->getGroupType();

    // Don't interfere if the group isn't a flexible group.
    if ($type instanceof GroupTypeInterface && $type
      ->id() !== 'flexible_group') {
      return AccessResult::allowed();
    }

    // AN Users aren't allowed anything if Public isn't an option.
    if (!$account
      ->isAuthenticated() && !social_group_flexible_group_public_enabled($group)) {
      return AccessResult::forbidden();
    }

    // If User is a member we can also rely on Group to take permissions.
    if ($group
      ->getMember($account) !== FALSE) {
      return AccessResult::allowed()
        ->addCacheableDependency($group);
    }

    // It's a non member but Community isn't enabled.
    // No access for you only for the about page.
    if ($account
      ->isAuthenticated() && !social_group_flexible_group_community_enabled($group) && !social_group_flexible_group_public_enabled($group) && $route_match
      ->getRouteName() !== 'view.group_information.page_group_about' && $route_match
      ->getRouteName() !== 'entity.group.canonical' && $route_match
      ->getRouteName() !== 'view.group_members.page_group_members') {
      return AccessResult::forbidden()
        ->addCacheableDependency($group);
    }

    // We allow it but lets add the group as dependency to the cache
    // now because field value might be edited and cache should
    // clear accordingly.
    return AccessResult::allowed()
      ->addCacheableDependency($group);
  }

}

Members