You are here

Home » API reference » Webform 6.x » webform_access.module

function webform_access_webform_submission_access in Webform 6.x

Same name and namespace in other branches
  1. 8.5 modules/webform_access/webform_access.module \webform_access_webform_submission_access()

Implements hook_ENTITY_TYPE_access() for webform_submission entities.

File

modules/webform_access/webform_access.module, line 204
Provides webform access controls for webform nodes.

Code

function webform_access_webform_submission_access(WebformSubmissionInterface $webform_submission, $operation, AccountInterface $account) {
  if (!in_array($operation, [
    'view',
    'update',
    'delete',
  ])) {
    return AccessResult::neutral();
  }
  $webform = $webform_submission
    ->getWebform();
  $source_entity = $webform_submission
    ->getSourceEntity([
    'webform_submission',
  ]);
  if (!$source_entity) {
    return AccessResult::neutral();
  }

  /** @var \Drupal\webform_access\WebformAccessGroupStorageInterface $webform_access_group */
  $webform_access_group_storage = \Drupal::entityTypeManager()
    ->getStorage('webform_access_group');
  $webform_access_groups = $webform_access_group_storage
    ->loadByEntities($webform, $source_entity, $account);
  if (empty($webform_access_groups)) {
    return AccessResult::neutral();
  }
  foreach ($webform_access_groups as $webforn_access_group) {
    $permissions = $webforn_access_group
      ->get('permissions');
    if (in_array('administer', $permissions) || in_array($operation . '_any', $permissions) || in_array($operation . '_own', $permissions) && $webform_submission
      ->getOwnerId() === $account
      ->id()) {
      return AccessResult::allowed()
        ->cachePerUser()
        ->addCacheableDependency($webforn_access_group);
    }
  }

  // No opinion.
  return AccessResult::neutral();
}