You are here

Home » API reference » Taxonomy access fix 8.3 » VocabularyAccessControlHandler.php » VocabularyAccessControlHandler

protected function VocabularyAccessControlHandler::checkAccess in Taxonomy access fix 8.3

Same name and namespace in other branches
  1. 8.2 src/VocabularyAccessControlHandler.php \Drupal\taxonomy_access_fix\VocabularyAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides VocabularyAccessControlHandler::checkAccess

File

src/VocabularyAccessControlHandler.php, line 49

Class

VocabularyAccessControlHandler
Extends access control for Taxonomy Vocabulary entities.

Namespace

Drupal\taxonomy_access_fix

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  if ($operation !== 'reorder_terms') {
    $access_result = parent::checkAccess($entity, $operation, $account);
    if (in_array($operation, [
      'access taxonomy overview',
      'view',
    ])) {
      $taxonomy_term_access_control_handler = $this->entityTypeManager
        ->getAccessControlHandler('taxonomy_term');
      $access_result_operation = AccessResult::allowedIf($taxonomy_term_access_control_handler
        ->createAccess($entity
        ->id(), $account))
        ->orIf(AccessResult::allowedIf($account
        ->hasPermission('delete terms in ' . $entity
        ->id())))
        ->orIf(AccessResult::allowedIf($account
        ->hasPermission('edit terms in ' . $entity
        ->id())))
        ->orIf($this
        ->checkAccess($entity, 'reorder_terms', $account));

      /** @var \Drupal\Core\Access\AccessResult $access_result */
      $access_result = $access_result
        ->andIf($access_result_operation);
      $access_result
        ->cachePerPermissions()
        ->addCacheableDependency($entity);
      if (!$access_result
        ->isAllowed()) {

        /** @var \Drupal\Core\Access\AccessResultReasonInterface $access_result */
        $access_result
          ->setReason("The 'access taxonomy overview' and one of the 'create terms in {$entity->id()}', 'delete terms in {$entity->id()}', 'edit terms in {$entity->id()}', 'reorder terms in {$entity->id()}' permissions OR the 'administer taxonomy' permission are required.");
      }
    }
    return $access_result;
  }
  if ($account
    ->hasPermission('administer taxonomy')) {
    return AccessResult::allowed()
      ->cachePerPermissions();
  }
  $access_result = AccessResult::forbidden();
  if ($operation === 'reorder_terms') {
    $access_result = AccessResult::allowedIfHasPermission($account, "reorder terms in {$entity->id()}")
      ->cachePerPermissions()
      ->addCacheableDependency($entity);
    if (!$access_result
      ->isAllowed()) {

      /** @var \Drupal\Core\Access\AccessResultReasonInterface $access_result */
      $access_result
        ->setReason("The 'reorder terms in {$entity->id()}' OR the 'administer taxonomy' permission is required.");
    }
  }
  return $access_result;
}