You are here

class WebformSubmissionAccessControlHandler in Webform 6.x

Same name and namespace in other branches
  1. 8.5 src/WebformSubmissionAccessControlHandler.php \Drupal\webform\WebformSubmissionAccessControlHandler

Defines the access control handler for the webform submission entity type.

Hierarchy

Expanded class hierarchy of WebformSubmissionAccessControlHandler

See also

\Drupal\webform\Entity\WebformSubmission.

File

src/WebformSubmissionAccessControlHandler.php, line 18

Namespace

Drupal\webform
View source
class WebformSubmissionAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {

  /**
   * Webform access rules manager service.
   *
   * @var \Drupal\webform\WebformAccessRulesManagerInterface
   */
  protected $accessRulesManager;

  /**
   * The current request.
   *
   * @var \Symfony\Component\HttpFoundation\Request
   */
  protected $request;

  /**
   * {@inheritdoc}
   */
  public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
    $instance = new static($entity_type);
    $instance->accessRulesManager = $container
      ->get('webform.access_rules_manager');
    $instance->request = $container
      ->get('request_stack')
      ->getCurrentRequest();
    return $instance;
  }

  /**
   * {@inheritdoc}
   */
  public function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

    /** @var \Drupal\webform\WebformSubmissionInterface $entity */

    // Check 'administer webform' permission.
    if ($account
      ->hasPermission('administer webform')) {
      return WebformAccessResult::allowed();
    }

    // Check 'administer webform submission' permission.
    if ($account
      ->hasPermission('administer webform submission')) {
      return WebformAccessResult::allowed();
    }

    // Check webform 'update' permission.
    if ($entity
      ->getWebform()
      ->access('update', $account)) {
      return WebformAccessResult::allowed($entity, TRUE);
    }

    // Check view and delete operations token access.
    if (($operation === 'view' || $operation === 'delete') && $entity
      ->getWebform()
      ->getSetting('token_' . $operation)) {
      $token = $this->request->query
        ->get('token');
      if ($token === $entity
        ->getToken()) {
        return WebformAccessResult::allowed($entity)
          ->addCacheContexts([
          'url.query_args:token',
        ]);
      }
    }

    // Check 'any' or 'own' webform submission permissions.
    $operations = [
      'view' => 'view',
      'update' => 'edit',
      'delete' => 'delete',
    ];
    if (isset($operations[$operation])) {
      $action = $operations[$operation];

      // Check operation any.
      if ($account
        ->hasPermission("{$action} any webform submission")) {
        return WebformAccessResult::allowed();
      }

      // Check operation own.
      if ($account
        ->hasPermission("{$action} own webform submission") && $entity
        ->isOwner($account)) {
        return WebformAccessResult::allowed($entity, TRUE);
      }
    }

    // Check other operations.
    switch ($operation) {
      case 'duplicate':

        // Check for 'create' or 'update' access.
        return WebformAccessResult::allowedIf($entity
          ->access('create', $account) || $entity
          ->access('update', $account));
      case 'resend':

        // Check for 'update any submission' access.
        return WebformAccessResult::allowedIf($entity
          ->getWebform()
          ->access('submission_update_any', $account));
    }

    // Check webform access rules.
    $webform_access = $this->accessRulesManager
      ->checkWebformSubmissionAccess($operation, $account, $entity);
    if ($webform_access
      ->isAllowed()) {
      return $webform_access;
    }
    return parent::checkAccess($entity, $operation, $account);
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property
DependencySerializationTrait::$_serviceIds protected property
DependencySerializationTrait::__sleep public function 2
DependencySerializationTrait::__wakeup public function 2
EntityAccessControlHandler::$accessCache protected property Stores calculated access check results.
EntityAccessControlHandler::$entityType protected property Information about the entity type.
EntityAccessControlHandler::$entityTypeId protected property The entity type ID of the access control handler instance.
EntityAccessControlHandler::$viewLabelOperation protected property Allows to grant access to just the labels. 5
EntityAccessControlHandler::access public function Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface::access 1
EntityAccessControlHandler::checkCreateAccess protected function Performs create access checks. 14
EntityAccessControlHandler::checkFieldAccess protected function Default field access as determined by this access control handler. 4
EntityAccessControlHandler::createAccess public function Checks access to create an entity. Overrides EntityAccessControlHandlerInterface::createAccess 1
EntityAccessControlHandler::fieldAccess public function Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface::fieldAccess
EntityAccessControlHandler::getCache protected function Tries to retrieve a previously cached access value from the static cache.
EntityAccessControlHandler::prepareUser protected function Loads the current account object, if it does not exist yet.
EntityAccessControlHandler::processAccessHookResults protected function We grant access to the entity if both of these conditions are met:
EntityAccessControlHandler::resetCache public function Clears all cached access checks. Overrides EntityAccessControlHandlerInterface::resetCache
EntityAccessControlHandler::setCache protected function Statically caches whether the given user has access.
EntityAccessControlHandler::__construct public function Constructs an access control handler instance. 6
EntityHandlerBase::$moduleHandler protected property The module handler to invoke hooks on. 5
EntityHandlerBase::moduleHandler protected function Gets the module handler. 5
EntityHandlerBase::setModuleHandler public function Sets the module handler for this handler.
StringTranslationTrait::$stringTranslation protected property The string translation service. 4
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.
WebformSubmissionAccessControlHandler::$accessRulesManager protected property Webform access rules manager service.
WebformSubmissionAccessControlHandler::$request protected property The current request.
WebformSubmissionAccessControlHandler::checkAccess public function Performs access checks. Overrides EntityAccessControlHandler::checkAccess
WebformSubmissionAccessControlHandler::createInstance public static function Instantiates a new instance of this entity handler. Overrides EntityHandlerInterface::createInstance