View source
<?php
namespace Drupal\social_post;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityHandlerInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\group\Entity\GroupInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
class PostAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
protected $entityTypeManager;
public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
return new static($entity_type, $container
->get('entity_type.manager'));
}
public function __construct(EntityTypeInterface $entity_type, EntityTypeManagerInterface $entityTypeManager) {
parent::__construct($entity_type);
$this->entityTypeManager = $entityTypeManager;
}
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
switch ($operation) {
case 'view':
if ($entity
->isPublished()) {
$visibility = $entity->field_visibility->value;
switch ($visibility) {
case "0":
if (AccessResult::allowedIfHasPermission($account, 'view community posts')
->isAllowed()) {
$group_id = $entity->field_recipient_group->target_id;
if ($group_id) {
$group = entity_load('group', $group_id);
if ($group !== NULL && $group
->hasPermission('access posts in group', $account) && $this
->checkDefaultAccess($entity, $operation, $account)) {
return AccessResult::allowed();
}
else {
return AccessResult::forbidden();
}
}
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
case "1":
if (AccessResult::allowedIfHasPermission($account, 'view public posts')
->isAllowed()) {
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
case "2":
if (AccessResult::allowedIfHasPermission($account, 'view community posts')
->isAllowed()) {
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
case "3":
$group_id = $entity->field_recipient_group->target_id;
if ($group_id !== NULL) {
$group = entity_load('group', $group_id);
}
if ($group !== NULL) {
$permission = 'access posts in group';
if ($group
->hasPermission($permission, $account) && $this
->checkDefaultAccess($entity, $operation, $account)) {
if ($group
->getGroupType()
->id() === 'flexible_group') {
$account_roles = $account
->getRoles();
foreach ([
'sitemanager',
'contentmanager',
'administrator',
] as $manager_role) {
if (in_array($manager_role, $account_roles)) {
return AccessResult::allowed()
->cachePerUser()
->addCacheableDependency($entity);
}
}
$group_role_storage = $this->entityTypeManager
->getStorage('group_role');
$group_roles = $group_role_storage
->loadByUserAndGroup($account, $group);
foreach ($group_roles as $group_role) {
if ($group_role
->isOutsider()) {
return AccessResult::forbidden()
->cachePerUser()
->addCacheableDependency($entity);
}
}
if ($group
->getMember($account)) {
return AccessResult::allowed()
->cachePerUser()
->addCacheableDependency($entity);
}
}
return AccessResult::allowed();
}
return AccessResult::forbidden();
}
return AccessResult::forbidden();
}
}
else {
$uid = $entity
->getOwnerId();
if ($operation === 'view' && $account
->hasPermission('view own unpublished post entities') && $account
->isAuthenticated() && $account
->id() == $uid) {
return AccessResult::allowed()
->cachePerPermissions()
->cachePerUser()
->addCacheableDependency($entity);
}
}
case 'update':
if ($account
->hasPermission('edit any post entities', $account)) {
return AccessResult::allowed();
}
elseif ($account
->hasPermission('edit own post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::neutral();
case 'delete':
if ($account
->hasPermission('delete any post entities', $account)) {
return AccessResult::allowed();
}
elseif ($account
->hasPermission('delete own post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
}
return AccessResult::neutral();
}
protected function checkDefaultAccess(EntityInterface $entity, $operation, AccountInterface $account) {
switch ($operation) {
case 'view':
if (!$entity
->isPublished()) {
if ($account
->hasPermission('view own unpublished post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::allowedIfHasPermission($account, 'view unpublished post entities');
}
return AccessResult::allowedIfHasPermission($account, 'view published post entities');
case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit any post entities');
case 'delete':
return AccessResult::allowedIfHasPermission($account, 'delete any post entities');
}
return AccessResult::neutral();
}
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
$group = _social_group_get_current_group();
if ($group instanceof GroupInterface) {
if ($group
->hasPermission('add post entities in group', $account)) {
if ($group
->getGroupType()
->id() === 'public_group') {
$config = \Drupal::config('entity_access_by_field.settings');
if ($config
->get('disable_public_visibility') === 1 && !$account
->hasPermission('override disabled public visibility')) {
return AccessResult::forbidden();
}
}
return AccessResult::allowed();
}
else {
return AccessResult::forbidden();
}
}
$access = AccessResult::allowedIfHasPermission($account, 'add post entities');
if ($entity_bundle !== NULL) {
return $access
->orIf(AccessResult::allowedIfHasPermission($account, "add {$entity_bundle} post entities"));
}
return $access;
}
}