You are here

public static function WebformNodeAccess::checkAccess in Webform 8.5

Same name and namespace in other branches
  1. 6.x modules/webform_node/src/Access/WebformNodeAccess.php \Drupal\webform_node\Access\WebformNodeAccess::checkAccess()

Check whether the user can access a node's webform and/or submission.

Parameters

string $operation: Operation being performed.

string $entity_access: Entity access rule that needs to be checked.

\Drupal\node\NodeInterface $node: A node.

\Drupal\webform\WebformSubmissionInterface $webform_submission: A webform submission.

\Drupal\Core\Session\AccountInterface $account: Run access checks for this account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

5 calls to WebformNodeAccess::checkAccess()
WebformNodeAccess::checkWebformAccess in modules/webform_node/src/Access/WebformNodeAccess.php
Check whether the user can access a node's webform.
WebformNodeAccess::checkWebformDraftsAccess in modules/webform_node/src/Access/WebformNodeAccess.php
Check whether the user can access a node's webform drafts.
WebformNodeAccess::checkWebformResultsAccess in modules/webform_node/src/Access/WebformNodeAccess.php
Check whether the user can access a node's webform results.
WebformNodeAccess::checkWebformSubmissionAccess in modules/webform_node/src/Access/WebformNodeAccess.php
Check whether the user can access a node's webform submission.
WebformShareAccess::checkNodeAccess in modules/webform_share/src/Access/WebformShareAccess.php
Check whether the webform node can be shared.

File

modules/webform_node/src/Access/WebformNodeAccess.php, line 180

Class

WebformNodeAccess
Defines the custom access control handler for the webform node.

Namespace

Drupal\webform_node\Access

Code

public static function checkAccess($operation, $entity_access, NodeInterface $node, WebformSubmissionInterface $webform_submission = NULL, AccountInterface $account = NULL) {

  /** @var \Drupal\webform\WebformEntityReferenceManagerInterface $entity_reference_manager */
  $entity_reference_manager = \Drupal::service('webform.entity_reference_manager');
  $webform = $entity_reference_manager
    ->getWebform($node);

  // Check that the node has a valid webform reference.
  if (!$webform) {
    return AccessResult::forbidden();
  }

  // Check that the webform submission was created via the webform node.
  if ($webform_submission) {
    $source_node = $webform_submission
      ->getSourceEntity();
    if (!$source_node || $source_node
      ->id() !== $node
      ->id()) {
      return AccessResult::forbidden();
    }
  }

  // Determine if this is a group node.
  $is_group_node = \Drupal::moduleHandler()
    ->moduleExists('webform_group') && \Drupal::entityTypeManager()
    ->getStorage('group_content')
    ->loadByEntity($node);

  // Check the node operation.
  if (!$operation) {
    $result = AccessResult::neutral();
  }
  elseif ($is_group_node && strpos($operation, 'webform_submission_') === 0) {

    // For group nodes, we need to bypass node access checking for
    // 'webform_submission_*' operations which trigger access forbidden.
    // @see group_entity_access()
    // @see https://www.drupal.org/project/webform/issues/3132204
    // @todo Add Webform node group permission provider w/ submission perms.
    $result = webform_node_node_access($node, $operation, $account);
  }
  else {
    $result = $node
      ->access($operation, $account, TRUE);
  }

  // Check entity access.
  if ($entity_access) {

    // Check entity access for the webform.
    if (strpos($entity_access, 'webform.') === 0) {
      $result = $result
        ->orIf($webform
        ->access(str_replace('webform.', '', $entity_access), $account, TRUE));
    }

    // Check entity access for the webform submission.
    if (strpos($entity_access, 'webform_submission.') === 0) {
      $result = $result
        ->orIf($webform_submission
        ->access(str_replace('webform_submission.', '', $entity_access), $account, TRUE));
    }
  }
  return $result;
}