You are here

Home » API reference » Webform 6.x » WebformAccessRulesManager.php

class WebformAccessRulesManager in Webform 6.x

Same name and namespace in other branches
  1. 8.5 src/WebformAccessRulesManager.php \Drupal\webform\WebformAccessRulesManager

The webform access rules manager service.

Hierarchy

Expanded class hierarchy of WebformAccessRulesManager

1 string reference to 'WebformAccessRulesManager'
webform.services.yml in ./webform.services.yml
webform.services.yml
1 service uses WebformAccessRulesManager
webform.access_rules_manager in ./webform.services.yml
Drupal\webform\WebformAccessRulesManager

File

src/WebformAccessRulesManager.php, line 14

Namespace

Drupal\webform
View source 
class WebformAccessRulesManager implements WebformAccessRulesManagerInterface {
  use StringTranslationTrait;

  /**
   * Module handler service.
   *
   * @var \Drupal\Core\Extension\ModuleHandlerInterface
   */
  protected $moduleHandler;

  /**
   * WebformAccessRulesManager constructor.
   *
   * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
   *   Module handler service.
   */
  public function __construct(ModuleHandlerInterface $module_handler) {
    $this->moduleHandler = $module_handler;
  }

  /**
   * {@inheritdoc}
   */
  public function checkWebformAccess($operation, AccountInterface $account, WebformInterface $webform) {
    $access_rules = $this
      ->getAccessRules($webform);
    $cache_per_user = $this
      ->cachePerUser($access_rules);
    $condition = $this
      ->checkAccessRules($operation, $account, $access_rules);
    return WebformAccessResult::allowedIf($condition, $webform, $cache_per_user);
  }

  /**
   * {@inheritdoc}
   */
  public function checkWebformSubmissionAccess($operation, AccountInterface $account, WebformSubmissionInterface $webform_submission) {
    $webform = $webform_submission
      ->getWebform();
    $access_rules = $this
      ->getAccessRules($webform);
    $cache_per_user = $this
      ->cachePerUser($access_rules);

    // Check operation.
    if ($this
      ->checkAccessRules($operation, $account, $access_rules)) {
      return WebformAccessResult::allowed($webform_submission, $cache_per_user);
    }

    // Check *_own operation.
    if ($webform_submission
      ->isOwner($account) && isset($access_rules[$operation . '_own']) && $this
      ->checkAccessRule($access_rules[$operation . '_own'], $account)) {
      return WebformAccessResult::allowed($webform_submission, $cache_per_user);
    }

    // Check *_any operation.
    if (isset($access_rules[$operation . '_any']) && $this
      ->checkAccessRule($access_rules[$operation . '_any'], $account)) {
      return WebformAccessResult::allowed($webform_submission, $cache_per_user);
    }
    return WebformAccessResult::neutral($webform_submission, $cache_per_user);
  }

  /****************************************************************************/

  // Get access rules methods.

  /****************************************************************************/

  /**
   * {@inheritdoc}
   */
  public function getDefaultAccessRules() {
    $access_rules = [];
    foreach ($this
      ->getAccessRulesInfo() as $access_rule => $info) {
      $access_rules[$access_rule] = [
        'roles' => $info['roles'],
        'users' => $info['users'],
        'permissions' => $info['permissions'],
      ];
    }
    return $access_rules;
  }

  /**
   * {@inheritdoc}
   */
  public function getAccessRulesInfo() {
    $access_rules = $this->moduleHandler
      ->invokeAll('webform_access_rules');
    $this->moduleHandler
      ->alter('webform_access_rules', $access_rules);

    // Set access rule default values.
    foreach ($access_rules as $access_rule => $info) {
      $access_rules[$access_rule] += [
        'title' => NULL,
        'description' => NULL,
        'weight' => 0,
        'roles' => [],
        'users' => [],
        'permissions' => [],
      ];
    }
    uasort($access_rules, [
      SortArray::class,
      'sortByWeightElement',
    ]);
    return $access_rules;
  }

  /**
   * {@inheritdoc}
   */
  public function getAccessRules(WebformInterface $webform) {
    return $webform
      ->getAccessRules() + $this
      ->getDefaultAccessRules();
  }

  /****************************************************************************/

  // Check access rules methods.

  /****************************************************************************/

  /**
   * {@inheritdoc}
   */
  public function checkAccessRules($operation, AccountInterface $account, array $access_rules) {

    // Check administer access rule and grant full access to user.
    if ($this
      ->checkAccessRule($access_rules['administer'], $account)) {
      return TRUE;
    }

    // Check operation.
    if (isset($access_rules[$operation]) && $this
      ->checkAccessRule($access_rules[$operation], $account)) {
      return TRUE;
    }
    return FALSE;
  }

  /**
   * Checks an access rule against a user account's roles and id.
   *
   * @param array $access_rule
   *   An access rule.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user session for which to check access.
   *
   * @return bool
   *   Returns a TRUE if access is allowed.
   *
   * @see \Drupal\webform\Plugin\WebformElementBase::checkAccessRule
   */
  protected function checkAccessRule(array $access_rule, AccountInterface $account) {
    if (!empty($access_rule['roles']) && array_intersect($access_rule['roles'], $account
      ->getRoles())) {
      return TRUE;
    }
    elseif (!empty($access_rule['users']) && in_array($account
      ->id(), $access_rule['users'])) {
      return TRUE;
    }
    elseif (!empty($access_rule['permissions'])) {
      foreach ($access_rule['permissions'] as $permission) {
        if ($account
          ->hasPermission($permission)) {
          return TRUE;
        }
      }
    }
    return FALSE;
  }

  /**
   * {@inheritdoc}
   */
  public function cachePerUser(array $access_rules) {
    foreach ($access_rules as $access_rule) {
      if (!empty($access_rule['users'])) {
        return TRUE;
      }
    }
    return FALSE;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
StringTranslationTrait::$stringTranslation protected property The string translation service. 4
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.
WebformAccessRulesManager::$moduleHandler protected property Module handler service.
WebformAccessRulesManager::cachePerUser public function Determine if access rules should be cached per user. Overrides WebformAccessRulesManagerInterface::cachePerUser
WebformAccessRulesManager::checkAccessRule protected function Checks an access rule against a user account's roles and id.
WebformAccessRulesManager::checkAccessRules public function Check access for a given operation and set of access rules. Overrides WebformAccessRulesManagerInterface::checkAccessRules
WebformAccessRulesManager::checkWebformAccess public function Check if operation is allowed through access rules for a given webform. Overrides WebformAccessRulesManagerInterface::checkWebformAccess
WebformAccessRulesManager::checkWebformSubmissionAccess public function Check if operation is allowed through access rules for a submission. Overrides WebformAccessRulesManagerInterface::checkWebformSubmissionAccess
WebformAccessRulesManager::getAccessRules public function Retrieve a list of access rules from a webform. Overrides WebformAccessRulesManagerInterface::getAccessRules
WebformAccessRulesManager::getAccessRulesInfo public function Collect metadata on known access rules. Overrides WebformAccessRulesManagerInterface::getAccessRulesInfo
WebformAccessRulesManager::getDefaultAccessRules public function Returns the webform default access rules. Overrides WebformAccessRulesManagerInterface::getDefaultAccessRules
WebformAccessRulesManager::__construct public function WebformAccessRulesManager constructor.