You are here

Home » API reference » Webform 8.5 » WebformElementBase.php » WebformElementBase

public function WebformElementBase::checkAccessRules in Webform 8.5

Same name and namespace in other branches
  1. 6.x src/Plugin/WebformElementBase.php \Drupal\webform\Plugin\WebformElementBase::checkAccessRules()

Check element access (rules).

Parameters

string $operation: The operation access should be checked for. Usually "create", "update", or "view".

array $element: An element.

\Drupal\Core\Session\AccountInterface $account: The user session for which to check access.

Return value

bool TRUE is the element can be accessed by the user.

Throws

|\Exception Throws exception when the webform entity has not been set for the element.

Overrides WebformElementInterface::checkAccessRules

See also

\Drupal\webform\WebformAccessRulesManagerInterface::checkWebformAccess

1 call to WebformElementBase::checkAccessRules()
WebformElementBase::prepare in src/Plugin/WebformElementBase.php
Prepare an element to be rendered within a webform.

File

src/Plugin/WebformElementBase.php, line 930

Class

WebformElementBase
Provides a base class for a webform element.

Namespace

Drupal\webform\Plugin

Code

public function checkAccessRules($operation, array $element, AccountInterface $account = NULL) {

  // Respect elements that already have their #access set to FALSE.
  if (isset($element['#access']) && $element['#access'] === FALSE) {
    return FALSE;
  }

  // Get the current user, webform, and webform submission.
  $account = $account ?: $this->currentUser;
  $webform = $this
    ->getWebform();
  $webform_submission = $this
    ->getWebformSubmission();

  // If webform is missing, throw an exception.
  if (!$webform) {
    throw new \Exception("Webform entity is required to check and element's access (rules).");
  }

  // If #private, check that the current user can 'view any submission'.
  if (!empty($element['#private']) && !$webform
    ->access('submission_view_any', $account)) {
    return FALSE;
  }

  // Check webform and other modules access results.
  $access_result = $this
    ->checkAccessRule($element, $operation, $account) ? AccessResult::allowed() : AccessResult::neutral();

  // Allow webform handlers to adjust the access and/or directly set an
  // element's #access to FALSE.
  $handler_result = $webform
    ->invokeHandlers('accessElement', $element, $operation, $account, $webform_submission);
  $access_result = $access_result
    ->orIf($handler_result);

  // Allow modules to adjust the element's access.
  $context = [
    'webform' => $webform,
    'webform_submission' => $webform_submission,
  ];
  $modules = \Drupal::moduleHandler()
    ->getImplementations('webform_element_access');
  foreach ($modules as $module) {
    $hook = $module . '_webform_element_access';
    $hook_result = $hook($operation, $element, $account, $context);
    $access_result = $access_result
      ->orIf($hook_result);
  }

  // Grant access as provided by webform, webform handler(s) and/or
  // hook_webform_element_access() implementation.
  return $access_result
    ->isAllowed();
}