You are here

Home » API reference » Transaction 8 » TransactionAccessControlHandler.php » TransactionAccessControlHandler

protected function TransactionAccessControlHandler::checkAccess in Transaction 8

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

src/TransactionAccessControlHandler.php, line 20

Class

TransactionAccessControlHandler
Access controller for the transaction entity.

Namespace

Drupal\transaction

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\transaction\TransactionInterface $entity */
  $result = parent::checkAccess($entity, $operation, $account);
  if ($result
    ->isForbidden()) {
    return $result;
  }
  if ($operation == 'view label') {
    $operation = 'view';
  }

  // Executed transactions cannot be executed, or updated or deleted by
  // non-admin.
  if (!$entity
    ->isPending() && ($operation == 'execute' || $operation != 'view' && !$account
    ->hasPermission('administer transactions'))) {
    return AccessResult::forbidden();
  }

  // Having access to the target entity is mandatory.
  if ($target_entity = $entity
    ->getTargetEntity()) {
    $target_result = $entity
      ->getTargetEntity()
      ->access($operation, $account, TRUE);
    if ($target_result
      ->isForbidden()) {
      return $target_result;
    }
    $result = $result
      ->andIf($target_result);
  }

  // At this point, if allowed, user is admin.
  if (!$result
    ->isAllowed()) {

    // Treat view label operation as view.
    if ($operation == 'view label') {
      $operation = 'view';
    }

    // Finally rely on transaction type permissions.
    $type = $entity
      ->getTypeId();
    $result = AccessResult::allowedIfHasPermission($account, "{$operation} any {$type} transaction");
    if ($result
      ->isNeutral() && $entity
      ->getOwnerId() == $account
      ->id()) {
      $result = AccessResult::allowedIfHasPermission($account, "{$operation} own {$type} transaction");
    }
  }
  return $target_entity ? $result
    ->addCacheableDependency($target_entity) : $result;
}