You are here

public function FlexibleGroupJoinPermissionAccessCheck::access in Open Social 10.1.x

Same name and namespace in other branches
  1. 8.9 modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupJoinPermissionAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupJoinPermissionAccessCheck::access()
  2. 8.6 modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupJoinPermissionAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupJoinPermissionAccessCheck::access()
  3. 8.7 modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupJoinPermissionAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupJoinPermissionAccessCheck::access()
  4. 8.8 modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupJoinPermissionAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupJoinPermissionAccessCheck::access()
  5. 10.3.x modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupJoinPermissionAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupJoinPermissionAccessCheck::access()
  6. 10.0.x modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupJoinPermissionAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupJoinPermissionAccessCheck::access()
  7. 10.2.x modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupJoinPermissionAccessCheck.php \Drupal\social_group_flexible_group\Access\FlexibleGroupJoinPermissionAccessCheck::access()

Checks access.

Parameters

\Symfony\Component\Routing\Route $route: The route to check against.

\Drupal\Core\Routing\RouteMatchInterface $route_match: The parametrized route.

\Drupal\Core\Session\AccountInterface $account: The account to check access for.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

File

modules/social_features/social_group/modules/social_group_flexible_group/src/Access/FlexibleGroupJoinPermissionAccessCheck.php, line 33

Class

FlexibleGroupJoinPermissionAccessCheck
Determines access to routes based flexible_group membership and settings.

Namespace

Drupal\social_group_flexible_group\Access

Code

public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) {
  $permission = $route
    ->getRequirement('_flexible_group_join_permission');
  $group_permission = $route
    ->getRequirement('_group_permission');

  // Don't interfere if no permission was specified.
  if ($permission === NULL) {
    return AccessResult::neutral();
  }

  // Don't interfere if no group was specified.
  $parameters = $route_match
    ->getParameters();
  if (!$parameters
    ->has('group')) {
    return AccessResult::neutral();
  }

  // Don't interfere if the group isn't a real group.
  $group = $parameters
    ->get('group');
  if (!$group instanceof GroupInterface) {
    $group = _social_group_get_current_group();
    if (!$group instanceof GroupInterface) {
      return AccessResult::neutral();
    }
  }
  $type = $group
    ->getGroupType();

  // Don't interfere if the group isn't a flexible group.
  if ($type instanceof GroupTypeInterface && $type
    ->id() !== 'flexible_group') {
    if (!empty($group_permission)) {
      return GroupAccessResult::allowedIfHasGroupPermissions($group, $account, [
        $group_permission,
      ]);
    }

    // We need this fallback for SM/CM.
    // Neutral will break because the manage tab doesn't work with
    // group permission but with general permissions.
    $condition1 = $account
      ->hasPermission('manage all groups');
    $condition2 = $group
      ->hasPermission('administer members', $account);
    return AccessResult::allowedIf($condition1 || $condition2)
      ->addCacheableDependency($group);
  }

  // GM is allowed to go to Add Directly page, adding new members directly.
  if ($permission === 'join added' && $group
    ->hasPermission('administer members', $account)) {
    return AccessResult::allowed()
      ->addCacheableDependency($group);
  }

  // A user with this access can definitely do everything.
  if ($account
    ->hasPermission('manage all groups')) {
    return AccessResult::allowed()
      ->addCacheableDependency($group);
  }

  // AN Users aren't allowed anything.
  if (!$account
    ->isAuthenticated()) {
    return AccessResult::forbidden()
      ->addCacheableDependency($group);
  }

  // Outsider LU are only allowed when Direct is an option.
  $allowed = $this
    ->calculateJoinPermission($permission, $group, $account, $route_match);
  if (!$allowed) {
    return AccessResult::forbidden()
      ->addCacheableDependency($group);
  }

  // We allow it but lets add the group as dependency to the cache
  // now because field value might be editted and cache should
  // clear accordingly.
  if (!empty($group_permission)) {
    return GroupAccessResult::allowedIfHasGroupPermissions($group, $account, [
      $group_permission,
    ])
      ->addCacheableDependency($group);
  }
  return AccessResult::allowed()
    ->addCacheableDependency($group);
}