You are here

Home » API reference » State Machine 8 » StateTransitionAccessCheck.php » StateTransitionAccessCheck

public function StateTransitionAccessCheck::access in State Machine 8

Checks access to the state transition confirmation form.

Parameters

\Drupal\Core\Routing\RouteMatchInterface $route_match: The route match.

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

File

src/Access/StateTransitionAccessCheck.php, line 26

Class

StateTransitionAccessCheck
Defines an access checker for the state transition confirmation form.

Namespace

Drupal\state_machine\Access

Code

public function access(RouteMatchInterface $route_match, AccountInterface $account) {

  // Get the entity type from the route name.
  // The entity route name is 'entity.{entity_type}.state_transition_form'.
  $parts = explode('.', $route_match
    ->getRouteName());
  $entity_type = $parts[1];
  $parameters = $route_match
    ->getParameters();

  // Check if one of the required parameter is missing.
  foreach ([
    $entity_type,
    'field_name',
    'transition_id',
  ] as $required_parameter) {
    if (!$parameters
      ->has($required_parameter)) {
      return AccessResult::neutral();
    }
  }

  /** @var \Drupal\Core\Entity\ContentEntityInterface $entity */
  $entity = $route_match
    ->getParameter($entity_type);
  $field_name = $route_match
    ->getParameter('field_name');

  // Ensures the passed entity has a state field matching the field name
  // passed in the url.
  if (!$entity || !$entity
    ->hasField($field_name)) {
    return AccessResult::forbidden();
  }

  /** @var \Drupal\state_machine\Plugin\Field\FieldType\StateItemInterface $state_item */
  $state_item = $entity
    ->get($field_name)
    ->first();
  $allowed_transitions = array_keys($state_item
    ->getTransitions());

  // Now check if the requested transition is allowed.
  $requested_transition = $route_match
    ->getParameter('transition_id');
  if (!in_array($requested_transition, $allowed_transitions, TRUE)) {
    return AccessResult::forbidden()
      ->addCacheableDependency($entity);
  }

  // Now finally check that the current user can update the given entity.
  return $entity
    ->access('update', $account, TRUE);
}