You are here

protected function PostAccessControlHandler::checkAccess in Open Social 8

Same name and namespace in other branches
  1. 8.9 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  2. 8.2 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  3. 8.3 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  4. 8.4 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  5. 8.5 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  6. 8.6 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  7. 8.7 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  8. 8.8 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  9. 10.3.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  10. 10.0.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  11. 10.1.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
  12. 10.2.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

modules/social_features/social_post/src/PostAccessControlHandler.php, line 21

Class

PostAccessControlHandler
Access controller for the Post entity.

Namespace

Drupal\social_post

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\social_post\PostInterface $entity */
  switch ($operation) {
    case 'view':

      // Public = ALL.
      $visibility = $entity->field_visibility->value;
      switch ($visibility) {

        // Recipient.
        case "0":
          if (AccessResult::allowedIfHasPermission($account, 'view community posts')
            ->isAllowed()) {

            // Check if the post has been posted in a group.
            $group_id = $entity->field_recipient_group->target_id;
            if ($group_id) {
              $group = entity_load('group', $group_id);
              if ($group
                ->hasPermission('access posts in group', $account) && $this
                ->checkDefaultAccess($entity, $operation, $account)) {
                return AccessResult::allowed();
              }
              else {
                return AccessResult::forbidden();
              }
            }

            // Fallback for invalid groups or if there is no group recipient.
            return $this
              ->checkDefaultAccess($entity, $operation, $account);
          }
          return AccessResult::forbidden();

        // Public.
        case "1":
          if (AccessResult::allowedIfHasPermission($account, 'view public posts')
            ->isAllowed()) {
            return $this
              ->checkDefaultAccess($entity, $operation, $account);
          }
          return AccessResult::forbidden();

        // Community.
        case "2":
          if (AccessResult::allowedIfHasPermission($account, 'view community posts')
            ->isAllowed()) {
            return $this
              ->checkDefaultAccess($entity, $operation, $account);
          }
          return AccessResult::forbidden();

        // Group.
        case "3":

          // Check if the post has been posted in a group.
          $group_id = $entity->field_recipient_group->target_id;
          if ($group_id) {

            /* @var \Drupal\group\Entity\Group; $group */
            $group = entity_load('group', $group_id);
            if ($group
              ->hasPermission('access posts in group', $account) && $this
              ->checkDefaultAccess($entity, $operation, $account)) {
              return AccessResult::allowed();
            }
            else {
              return AccessResult::forbidden();
            }
          }
          return AccessResult::forbidden();
      }
    case 'update':

      // Check if the user has permission to edit any or own post entities.
      if ($account
        ->hasPermission('edit any post entities', $account)) {
        return AccessResult::allowed();
      }
      elseif ($account
        ->hasPermission('edit own post entities', $account) && $account
        ->id() == $entity
        ->getOwnerId()) {
        return AccessResult::allowed();
      }
      return AccessResult::forbidden();
    case 'delete':

      // Check if the user has permission to delete any or own post entities.
      if ($account
        ->hasPermission('delete any post entities', $account)) {
        return AccessResult::allowed();
      }
      elseif ($account
        ->hasPermission('delete own post entities', $account) && $account
        ->id() == $entity
        ->getOwnerId()) {
        return AccessResult::allowed();
      }
      return AccessResult::forbidden();
  }

  // Unknown operation, no opinion.
  return AccessResult::neutral();
}