class PostAccessControlHandler in Open Social 8
Same name and namespace in other branches
- 8.9 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.2 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.3 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.4 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.5 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.6 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.7 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 8.8 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 10.3.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 10.0.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 10.1.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
- 10.2.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler
Access controller for the Post entity.
Hierarchy
- class \Drupal\Core\Entity\EntityHandlerBase uses DependencySerializationTrait, StringTranslationTrait
- class \Drupal\Core\Entity\EntityAccessControlHandler implements EntityAccessControlHandlerInterface
- class \Drupal\social_post\PostAccessControlHandler
- class \Drupal\Core\Entity\EntityAccessControlHandler implements EntityAccessControlHandlerInterface
Expanded class hierarchy of PostAccessControlHandler
See also
\Drupal\social_post\Entity\Post.
File
- modules/
social_features/ social_post/ src/ PostAccessControlHandler.php, line 16
Namespace
Drupal\social_postView source
class PostAccessControlHandler extends EntityAccessControlHandler {
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\social_post\PostInterface $entity */
switch ($operation) {
case 'view':
// Public = ALL.
$visibility = $entity->field_visibility->value;
switch ($visibility) {
// Recipient.
case "0":
if (AccessResult::allowedIfHasPermission($account, 'view community posts')
->isAllowed()) {
// Check if the post has been posted in a group.
$group_id = $entity->field_recipient_group->target_id;
if ($group_id) {
$group = entity_load('group', $group_id);
if ($group
->hasPermission('access posts in group', $account) && $this
->checkDefaultAccess($entity, $operation, $account)) {
return AccessResult::allowed();
}
else {
return AccessResult::forbidden();
}
}
// Fallback for invalid groups or if there is no group recipient.
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
// Public.
case "1":
if (AccessResult::allowedIfHasPermission($account, 'view public posts')
->isAllowed()) {
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
// Community.
case "2":
if (AccessResult::allowedIfHasPermission($account, 'view community posts')
->isAllowed()) {
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
// Group.
case "3":
// Check if the post has been posted in a group.
$group_id = $entity->field_recipient_group->target_id;
if ($group_id) {
/* @var \Drupal\group\Entity\Group; $group */
$group = entity_load('group', $group_id);
if ($group
->hasPermission('access posts in group', $account) && $this
->checkDefaultAccess($entity, $operation, $account)) {
return AccessResult::allowed();
}
else {
return AccessResult::forbidden();
}
}
return AccessResult::forbidden();
}
case 'update':
// Check if the user has permission to edit any or own post entities.
if ($account
->hasPermission('edit any post entities', $account)) {
return AccessResult::allowed();
}
elseif ($account
->hasPermission('edit own post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
case 'delete':
// Check if the user has permission to delete any or own post entities.
if ($account
->hasPermission('delete any post entities', $account)) {
return AccessResult::allowed();
}
elseif ($account
->hasPermission('delete own post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
}
// Unknown operation, no opinion.
return AccessResult::neutral();
}
/**
* {@inheritdoc}
*/
protected function checkDefaultAccess(EntityInterface $entity, $operation, AccountInterface $account) {
switch ($operation) {
case 'view':
if (!$entity
->isPublished()) {
return AccessResult::allowedIfHasPermission($account, 'view unpublished post entities');
}
return AccessResult::allowedIfHasPermission($account, 'view published post entities');
case 'update':
return AccessResult::allowedIfHasPermission($account, 'edit any post entities');
case 'delete':
return AccessResult::allowedIfHasPermission($account, 'delete any post entities');
}
// Unknown operation, no opinion.
return AccessResult::neutral();
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
// If group context is active.
$group = _social_group_get_current_group();
if ($group instanceof GroupInterface) {
if ($group
->hasPermission('add post entities in group', $account)) {
if ($group
->getGroupType()
->id() === 'public_group') {
$config = \Drupal::config('entity_access_by_field.settings');
if ($config
->get('disable_public_visibility') === 1 && !$account
->hasPermission('override disabled public visibility')) {
return AccessResult::forbidden();
}
}
return AccessResult::allowed();
}
else {
// Not allowed to create posts.
return AccessResult::forbidden();
}
}
// Fallback.
return AccessResult::allowedIfHasPermission($account, 'add post entities');
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
DependencySerializationTrait:: |
protected | property | An array of entity type IDs keyed by the property name of their storages. | |
|
DependencySerializationTrait:: |
protected | property | An array of service IDs keyed by property name used for serialization. | |
|
DependencySerializationTrait:: |
public | function | 1 | |
|
DependencySerializationTrait:: |
public | function | 2 | |
|
EntityAccessControlHandler:: |
protected | property | Stores calculated access check results. | |
|
EntityAccessControlHandler:: |
protected | property | Information about the entity type. | |
|
EntityAccessControlHandler:: |
protected | property | The entity type ID of the access control handler instance. | |
|
EntityAccessControlHandler:: |
protected | property | Allows to grant access to just the labels. | 5 |
|
EntityAccessControlHandler:: |
public | function |
Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface:: |
1 |
|
EntityAccessControlHandler:: |
protected | function | Default field access as determined by this access control handler. | 4 |
|
EntityAccessControlHandler:: |
public | function |
Checks access to create an entity. Overrides EntityAccessControlHandlerInterface:: |
1 |
|
EntityAccessControlHandler:: |
public | function |
Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface:: |
|
|
EntityAccessControlHandler:: |
protected | function | Tries to retrieve a previously cached access value from the static cache. | |
|
EntityAccessControlHandler:: |
protected | function | Loads the current account object, if it does not exist yet. | |
|
EntityAccessControlHandler:: |
protected | function | We grant access to the entity if both of these conditions are met: | |
|
EntityAccessControlHandler:: |
public | function |
Clears all cached access checks. Overrides EntityAccessControlHandlerInterface:: |
|
|
EntityAccessControlHandler:: |
protected | function | Statically caches whether the given user has access. | |
|
EntityAccessControlHandler:: |
public | function | Constructs an access control handler instance. | 5 |
|
EntityHandlerBase:: |
protected | property | The module handler to invoke hooks on. | 2 |
|
EntityHandlerBase:: |
protected | function | Gets the module handler. | 2 |
|
EntityHandlerBase:: |
public | function | Sets the module handler for this handler. | |
|
PostAccessControlHandler:: |
protected | function |
Performs access checks. Overrides EntityAccessControlHandler:: |
|
|
PostAccessControlHandler:: |
protected | function |
Performs create access checks. Overrides EntityAccessControlHandler:: |
|
|
PostAccessControlHandler:: |
protected | function | ||
|
StringTranslationTrait:: |
protected | property | The string translation service. | 1 |
|
StringTranslationTrait:: |
protected | function | Formats a string containing a count of items. | |
|
StringTranslationTrait:: |
protected | function | Returns the number of plurals supported by a given language. | |
|
StringTranslationTrait:: |
protected | function | Gets the string translation service. | |
|
StringTranslationTrait:: |
public | function | Sets the string translation service to use. | 2 |
|
StringTranslationTrait:: |
protected | function | Translates a string to the current language or to a given language. |