class PostAccessControlHandler in Open Social 10.1.x
Same name and namespace in other branches
- 8.9 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.2 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.3 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.4 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.5 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.6 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.7 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.8 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 10.3.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 10.0.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 10.2.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
Access controller for the Post entity.
Hierarchy
- class \Drupal\Core\Entity\EntityHandlerBase uses DependencySerializationTrait, StringTranslationTrait
- class \Drupal\Core\Entity\EntityAccessControlHandler implements EntityAccessControlHandlerInterface
- class \Drupal\social_post\PostAccessControlHandler implements EntityHandlerInterface
- class \Drupal\Core\Entity\EntityAccessControlHandler implements EntityAccessControlHandlerInterface
Expanded class hierarchy of PostAccessControlHandler
See also
\Drupal\social_post\Entity\Post.
File
- modules/
social_features/ social_post/ src/ PostAccessControlHandler.php, line 20
Namespace
Drupal\social_postView source
class PostAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
/**
* The entity type manager.
*
* @var \Drupal\Core\Entity\EntityTypeManagerInterface
*/
protected $entityTypeManager;
/**
* {@inheritdoc}
*/
public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
return new static($entity_type, $container
->get('entity_type.manager'));
}
/**
* PostAccessControlHandler constructor.
*
* @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
* The entity type interface.
* @param \Drupal\Core\Entity\EntityTypeManagerInterface $entityTypeManager
* The entity type manager.
*/
public function __construct(EntityTypeInterface $entity_type, EntityTypeManagerInterface $entityTypeManager) {
parent::__construct($entity_type);
$this->entityTypeManager = $entityTypeManager;
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\social_post\Entity\PostInterface $entity */
switch ($operation) {
case 'view':
// Public = ALL.
if ($entity
->isPublished()) {
$visibility = $entity->field_visibility->value;
switch ($visibility) {
// Recipient.
case "0":
if (AccessResult::allowedIfHasPermission($account, 'view community posts')
->isAllowed()) {
// Check if the post has been posted in a group.
$group_id = $entity->field_recipient_group->target_id;
if ($group_id) {
$group = \Drupal::service('entity_type.manager')
->getStorage('group')
->load($group_id);
if ($group !== NULL && $group
->hasPermission('access posts in group', $account) && $this
->checkDefaultAccess($entity, $operation, $account)) {
return AccessResult::allowed();
}
else {
return AccessResult::forbidden();
}
}
// Fallback for invalid groups or if there is no group
// recipient.
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
// Public.
case "1":
if (AccessResult::allowedIfHasPermission($account, 'view public posts')
->isAllowed()) {
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
// Community.
case "2":
if (AccessResult::allowedIfHasPermission($account, 'view community posts')
->isAllowed()) {
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
// Group.
case "3":
// Check if the post has been posted in a group.
$group_id = $entity->field_recipient_group->target_id;
if ($group_id !== NULL) {
/** @var \Drupal\group\Entity\Group $group */
$group = \Drupal::service('entity_type.manager')
->getStorage('group')
->load($group_id);
}
if ($group !== NULL) {
$permission = 'access posts in group';
if ($group
->hasPermission($permission, $account) && $this
->checkDefaultAccess($entity, $operation, $account)) {
if ($group
->getGroupType()
->id() === 'flexible_group') {
// User has access if outsider with manager role or member.
$account_roles = $account
->getRoles();
foreach ([
'sitemanager',
'contentmanager',
'administrator',
] as $manager_role) {
if (in_array($manager_role, $account_roles)) {
return AccessResult::allowed()
->cachePerUser()
->addCacheableDependency($entity);
}
}
$group_role_storage = $this->entityTypeManager
->getStorage('group_role');
$group_roles = $group_role_storage
->loadByUserAndGroup($account, $group);
/** @var \Drupal\group\Entity\GroupRoleInterface $group_role */
foreach ($group_roles as $group_role) {
if ($group_role
->isOutsider()) {
return AccessResult::forbidden()
->cachePerUser()
->addCacheableDependency($entity);
}
}
if ($group
->getMember($account)) {
return AccessResult::allowed()
->cachePerUser()
->addCacheableDependency($entity);
}
}
return AccessResult::allowed();
}
return AccessResult::forbidden();
}
return AccessResult::forbidden();
}
}
else {
// Fetch information from the entity object if possible.
$uid = $entity
->getOwnerId();
// Check if authors can view their own unpublished posts.
if ($operation === 'view' && $account
->hasPermission('view own unpublished post entities') && $account
->isAuthenticated() && $account
->id() == $uid) {
return AccessResult::allowed()
->cachePerPermissions()
->cachePerUser()
->addCacheableDependency($entity);
}
}
case 'update':
// Check if the user has permission to edit any or own post entities.
if ($account
->hasPermission('edit any post entities', $account)) {
return AccessResult::allowed();
}
elseif ($account
->hasPermission('edit own post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::neutral();
case 'delete':
// Check if the user has permission to delete any or own post entities.
if ($account
->hasPermission('delete any post entities', $account)) {
return AccessResult::allowed();
}
elseif ($account
->hasPermission('delete own post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
}
// Unknown operation, no opinion.
return AccessResult::neutral();
}
/**
* {@inheritdoc}
*/
protected function checkDefaultAccess(EntityInterface $entity, $operation, AccountInterface $account) {
switch ($operation) {
case 'view':
if (!$entity
->isPublished()) {
if ($account
->hasPermission('view own unpublished post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::allowedIfHasPermission($account, 'view unpublished post entities');
}
return AccessResult::allowedIfHasPermission($account, 'view published post entities');
case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit any post entities');
case 'delete':
return AccessResult::allowedIfHasPermission($account, 'delete any post entities');
}
// Unknown operation, no opinion.
return AccessResult::neutral();
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
// If group context is active.
$group = _social_group_get_current_group();
if ($group instanceof GroupInterface) {
if ($group
->hasPermission('add post entities in group', $account)) {
if ($group
->getGroupType()
->id() === 'public_group') {
$config = \Drupal::config('entity_access_by_field.settings');
if ($config
->get('disable_public_visibility') === 1 && !$account
->hasPermission('override disabled public visibility')) {
return AccessResult::forbidden();
}
}
return AccessResult::allowed();
}
else {
// Not allowed to create posts.
return AccessResult::forbidden();
}
}
// Fallback.
$access = AccessResult::allowedIfHasPermission($account, 'add post entities');
if ($entity_bundle !== NULL) {
return $access
->orIf(AccessResult::allowedIfHasPermission($account, "add {$entity_bundle} post entities"));
}
return $access;
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
DependencySerializationTrait:: |
protected | property | ||
DependencySerializationTrait:: |
protected | property | ||
DependencySerializationTrait:: |
public | function | 2 | |
DependencySerializationTrait:: |
public | function | 2 | |
EntityAccessControlHandler:: |
protected | property | Stores calculated access check results. | |
EntityAccessControlHandler:: |
protected | property | Information about the entity type. | |
EntityAccessControlHandler:: |
protected | property | The entity type ID of the access control handler instance. | |
EntityAccessControlHandler:: |
protected | property | Allows to grant access to just the labels. | 5 |
EntityAccessControlHandler:: |
public | function |
Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface:: |
1 |
EntityAccessControlHandler:: |
protected | function | Default field access as determined by this access control handler. | 4 |
EntityAccessControlHandler:: |
public | function |
Checks access to create an entity. Overrides EntityAccessControlHandlerInterface:: |
1 |
EntityAccessControlHandler:: |
public | function |
Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface:: |
|
EntityAccessControlHandler:: |
protected | function | Tries to retrieve a previously cached access value from the static cache. | |
EntityAccessControlHandler:: |
protected | function | Loads the current account object, if it does not exist yet. | |
EntityAccessControlHandler:: |
protected | function | We grant access to the entity if both of these conditions are met: | |
EntityAccessControlHandler:: |
public | function |
Clears all cached access checks. Overrides EntityAccessControlHandlerInterface:: |
|
EntityAccessControlHandler:: |
protected | function | Statically caches whether the given user has access. | |
EntityHandlerBase:: |
protected | property | The module handler to invoke hooks on. | 5 |
EntityHandlerBase:: |
protected | function | Gets the module handler. | 5 |
EntityHandlerBase:: |
public | function | Sets the module handler for this handler. | |
PostAccessControlHandler:: |
protected | property | The entity type manager. | |
PostAccessControlHandler:: |
protected | function |
Performs access checks. Overrides EntityAccessControlHandler:: |
|
PostAccessControlHandler:: |
protected | function |
Performs create access checks. Overrides EntityAccessControlHandler:: |
|
PostAccessControlHandler:: |
protected | function | ||
PostAccessControlHandler:: |
public static | function |
Instantiates a new instance of this entity handler. Overrides EntityHandlerInterface:: |
|
PostAccessControlHandler:: |
public | function |
PostAccessControlHandler constructor. Overrides EntityAccessControlHandler:: |
|
StringTranslationTrait:: |
protected | property | The string translation service. | 4 |
StringTranslationTrait:: |
protected | function | Formats a string containing a count of items. | |
StringTranslationTrait:: |
protected | function | Returns the number of plurals supported by a given language. | |
StringTranslationTrait:: |
protected | function | Gets the string translation service. | |
StringTranslationTrait:: |
public | function | Sets the string translation service to use. | 2 |
StringTranslationTrait:: |
protected | function | Translates a string to the current language or to a given language. |