You are here

class PostAccessControlHandler in Open Social 8

Same name and namespace in other branches
  1. 8.9 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  2. 8.2 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  3. 8.3 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  4. 8.4 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  5. 8.5 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  6. 8.6 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  7. 8.7 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  8. 8.8 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  9. 10.3.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  10. 10.0.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  11. 10.1.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
  12. 10.2.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler

Access controller for the Post entity.

Hierarchy

Expanded class hierarchy of PostAccessControlHandler

See also

\Drupal\social_post\Entity\Post.

File

modules/social_features/social_post/src/PostAccessControlHandler.php, line 16

Namespace

Drupal\social_post
View source
class PostAccessControlHandler extends EntityAccessControlHandler {

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

    /** @var \Drupal\social_post\PostInterface $entity */
    switch ($operation) {
      case 'view':

        // Public = ALL.
        $visibility = $entity->field_visibility->value;
        switch ($visibility) {

          // Recipient.
          case "0":
            if (AccessResult::allowedIfHasPermission($account, 'view community posts')
              ->isAllowed()) {

              // Check if the post has been posted in a group.
              $group_id = $entity->field_recipient_group->target_id;
              if ($group_id) {
                $group = entity_load('group', $group_id);
                if ($group
                  ->hasPermission('access posts in group', $account) && $this
                  ->checkDefaultAccess($entity, $operation, $account)) {
                  return AccessResult::allowed();
                }
                else {
                  return AccessResult::forbidden();
                }
              }

              // Fallback for invalid groups or if there is no group recipient.
              return $this
                ->checkDefaultAccess($entity, $operation, $account);
            }
            return AccessResult::forbidden();

          // Public.
          case "1":
            if (AccessResult::allowedIfHasPermission($account, 'view public posts')
              ->isAllowed()) {
              return $this
                ->checkDefaultAccess($entity, $operation, $account);
            }
            return AccessResult::forbidden();

          // Community.
          case "2":
            if (AccessResult::allowedIfHasPermission($account, 'view community posts')
              ->isAllowed()) {
              return $this
                ->checkDefaultAccess($entity, $operation, $account);
            }
            return AccessResult::forbidden();

          // Group.
          case "3":

            // Check if the post has been posted in a group.
            $group_id = $entity->field_recipient_group->target_id;
            if ($group_id) {

              /* @var \Drupal\group\Entity\Group; $group */
              $group = entity_load('group', $group_id);
              if ($group
                ->hasPermission('access posts in group', $account) && $this
                ->checkDefaultAccess($entity, $operation, $account)) {
                return AccessResult::allowed();
              }
              else {
                return AccessResult::forbidden();
              }
            }
            return AccessResult::forbidden();
        }
      case 'update':

        // Check if the user has permission to edit any or own post entities.
        if ($account
          ->hasPermission('edit any post entities', $account)) {
          return AccessResult::allowed();
        }
        elseif ($account
          ->hasPermission('edit own post entities', $account) && $account
          ->id() == $entity
          ->getOwnerId()) {
          return AccessResult::allowed();
        }
        return AccessResult::forbidden();
      case 'delete':

        // Check if the user has permission to delete any or own post entities.
        if ($account
          ->hasPermission('delete any post entities', $account)) {
          return AccessResult::allowed();
        }
        elseif ($account
          ->hasPermission('delete own post entities', $account) && $account
          ->id() == $entity
          ->getOwnerId()) {
          return AccessResult::allowed();
        }
        return AccessResult::forbidden();
    }

    // Unknown operation, no opinion.
    return AccessResult::neutral();
  }

  /**
   * {@inheritdoc}
   */
  protected function checkDefaultAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    switch ($operation) {
      case 'view':
        if (!$entity
          ->isPublished()) {
          return AccessResult::allowedIfHasPermission($account, 'view unpublished post entities');
        }
        return AccessResult::allowedIfHasPermission($account, 'view published post entities');
      case 'update':
        return AccessResult::allowedIfHasPermission($account, 'edit any post entities');
      case 'delete':
        return AccessResult::allowedIfHasPermission($account, 'delete any post entities');
    }

    // Unknown operation, no opinion.
    return AccessResult::neutral();
  }

  /**
   * {@inheritdoc}
   */
  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {

    // If group context is active.
    $group = _social_group_get_current_group();
    if ($group instanceof GroupInterface) {
      if ($group
        ->hasPermission('add post entities in group', $account)) {
        if ($group
          ->getGroupType()
          ->id() === 'public_group') {
          $config = \Drupal::config('entity_access_by_field.settings');
          if ($config
            ->get('disable_public_visibility') === 1 && !$account
            ->hasPermission('override disabled public visibility')) {
            return AccessResult::forbidden();
          }
        }
        return AccessResult::allowed();
      }
      else {

        // Not allowed to create posts.
        return AccessResult::forbidden();
      }
    }

    // Fallback.
    return AccessResult::allowedIfHasPermission($account, 'add post entities');
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
EntityAccessControlHandler::$accessCache protected property Stores calculated access check results.
EntityAccessControlHandler::$entityType protected property Information about the entity type.
EntityAccessControlHandler::$entityTypeId protected property The entity type ID of the access control handler instance.
EntityAccessControlHandler::$viewLabelOperation protected property Allows to grant access to just the labels. 5
EntityAccessControlHandler::access public function Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface::access 1
EntityAccessControlHandler::checkFieldAccess protected function Default field access as determined by this access control handler. 4
EntityAccessControlHandler::createAccess public function Checks access to create an entity. Overrides EntityAccessControlHandlerInterface::createAccess 1
EntityAccessControlHandler::fieldAccess public function Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface::fieldAccess
EntityAccessControlHandler::getCache protected function Tries to retrieve a previously cached access value from the static cache.
EntityAccessControlHandler::prepareUser protected function Loads the current account object, if it does not exist yet.
EntityAccessControlHandler::processAccessHookResults protected function We grant access to the entity if both of these conditions are met:
EntityAccessControlHandler::resetCache public function Clears all cached access checks. Overrides EntityAccessControlHandlerInterface::resetCache
EntityAccessControlHandler::setCache protected function Statically caches whether the given user has access.
EntityAccessControlHandler::__construct public function Constructs an access control handler instance. 5
EntityHandlerBase::$moduleHandler protected property The module handler to invoke hooks on. 2
EntityHandlerBase::moduleHandler protected function Gets the module handler. 2
EntityHandlerBase::setModuleHandler public function Sets the module handler for this handler.
PostAccessControlHandler::checkAccess protected function Performs access checks. Overrides EntityAccessControlHandler::checkAccess
PostAccessControlHandler::checkCreateAccess protected function Performs create access checks. Overrides EntityAccessControlHandler::checkCreateAccess
PostAccessControlHandler::checkDefaultAccess protected function
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.