protected function PostAccessControlHandler::checkAccess in Open Social 8.9
Same name and namespace in other branches
- 8 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 8.2 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 8.3 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 8.4 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 8.5 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 8.6 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 8.7 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 8.8 modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 10.3.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 10.0.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 10.1.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
- 10.2.x modules/social_features/social_post/src/PostAccessControlHandler.php \Drupal\social_post\PostAccessControlHandler::checkAccess()
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides EntityAccessControlHandler::checkAccess
File
- modules/
social_features/ social_post/ src/ PostAccessControlHandler.php, line 55
Class
- PostAccessControlHandler
- Access controller for the Post entity.
Namespace
Drupal\social_postCode
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\social_post\Entity\PostInterface $entity */
switch ($operation) {
case 'view':
// Public = ALL.
if ($entity
->isPublished()) {
$visibility = $entity->field_visibility->value;
switch ($visibility) {
// Recipient.
case "0":
if (AccessResult::allowedIfHasPermission($account, 'view community posts')
->isAllowed()) {
// Check if the post has been posted in a group.
$group_id = $entity->field_recipient_group->target_id;
if ($group_id) {
$group = entity_load('group', $group_id);
if ($group !== NULL && $group
->hasPermission('access posts in group', $account) && $this
->checkDefaultAccess($entity, $operation, $account)) {
return AccessResult::allowed();
}
else {
return AccessResult::forbidden();
}
}
// Fallback for invalid groups or if there is no group
// recipient.
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
// Public.
case "1":
if (AccessResult::allowedIfHasPermission($account, 'view public posts')
->isAllowed()) {
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
// Community.
case "2":
if (AccessResult::allowedIfHasPermission($account, 'view community posts')
->isAllowed()) {
return $this
->checkDefaultAccess($entity, $operation, $account);
}
return AccessResult::forbidden();
// Group.
case "3":
// Check if the post has been posted in a group.
$group_id = $entity->field_recipient_group->target_id;
if ($group_id !== NULL) {
/* @var \Drupal\group\Entity\Group $group */
$group = entity_load('group', $group_id);
}
if ($group !== NULL) {
$permission = 'access posts in group';
if ($group
->hasPermission($permission, $account) && $this
->checkDefaultAccess($entity, $operation, $account)) {
if ($group
->getGroupType()
->id() === 'flexible_group') {
// User has access if outsider with manager role or member.
$account_roles = $account
->getRoles();
foreach ([
'sitemanager',
'contentmanager',
'administrator',
] as $manager_role) {
if (in_array($manager_role, $account_roles)) {
return AccessResult::allowed()
->cachePerUser()
->addCacheableDependency($entity);
}
}
$group_role_storage = $this->entityTypeManager
->getStorage('group_role');
$group_roles = $group_role_storage
->loadByUserAndGroup($account, $group);
/** @var \Drupal\group\Entity\GroupRoleInterface $group_role */
foreach ($group_roles as $group_role) {
if ($group_role
->isOutsider()) {
return AccessResult::forbidden()
->cachePerUser()
->addCacheableDependency($entity);
}
}
if ($group
->getMember($account)) {
return AccessResult::allowed()
->cachePerUser()
->addCacheableDependency($entity);
}
}
return AccessResult::allowed();
}
return AccessResult::forbidden();
}
return AccessResult::forbidden();
}
}
else {
// Fetch information from the entity object if possible.
$uid = $entity
->getOwnerId();
// Check if authors can view their own unpublished posts.
if ($operation === 'view' && $account
->hasPermission('view own unpublished post entities') && $account
->isAuthenticated() && $account
->id() == $uid) {
return AccessResult::allowed()
->cachePerPermissions()
->cachePerUser()
->addCacheableDependency($entity);
}
}
case 'update':
// Check if the user has permission to edit any or own post entities.
if ($account
->hasPermission('edit any post entities', $account)) {
return AccessResult::allowed();
}
elseif ($account
->hasPermission('edit own post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::neutral();
case 'delete':
// Check if the user has permission to delete any or own post entities.
if ($account
->hasPermission('delete any post entities', $account)) {
return AccessResult::allowed();
}
elseif ($account
->hasPermission('delete own post entities', $account) && $account
->id() == $entity
->getOwnerId()) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
}
// Unknown operation, no opinion.
return AccessResult::neutral();
}