You are here

Home » API reference » Workflow 8 » WorkflowHistoryAccess.php » WorkflowHistoryAccess

public function WorkflowHistoryAccess::access in Workflow 8

Check if the user has permissions to view this workflow.

Parameters

\Drupal\Core\Session\AccountInterface $account: Current user account.

\Drupal\Core\Routing\RouteMatchInterface $routeMatch: Current routeMatch.

\Symfony\Component\Routing\Route $route: Current route.

Return value

\Drupal\Core\Access\AccessResultAllowed|\Drupal\Core\Access\AccessResultForbidden If the user can access to this workflow.

File

src/Access/WorkflowHistoryAccess.php, line 30

Class

WorkflowHistoryAccess
Checks access to Workflow tab.

Namespace

Drupal\workflow\Access

Code

public function access(AccountInterface $account, RouteMatchInterface $routeMatch, Route $route) {
  static $access = [];
  $entity = workflow_url_get_entity(NULL, $routeMatch);
  if (!$entity) {
    return AccessResult::forbidden();
  }
  $entity_id = $entity
    ->id();
  $entity_type = $entity
    ->getEntityTypeId();
  $entity_bundle = $entity
    ->bundle();
  $field_name = workflow_url_get_parameter('field_name');

  // @todo This doesn't work.
  $uid = $account ? $account
    ->id() : -1;
  if (isset($access[$uid][$entity_type][$entity_id][$field_name ? $field_name : 'no_field'])) {
    return $access[$uid][$entity_type][$entity_id][$field_name ? $field_name : 'no_field'];
  }

  // When having multiple workflows per bundle, use Views display
  // 'Workflow history per entity' instead!
  $fields = _workflow_info_fields($entity, $entity_type, $entity_bundle, $field_name);
  if (!$fields) {
    return AccessResult::forbidden();
  }
  $access_result = AccessResult::forbidden();

  // @todo Keep below code aligned between WorkflowState, ~Transition, ~HistoryAccess
  // Determine if user is owner of the entity.
  $is_owner = WorkflowManager::isOwner($account, $entity);

  /*
   * Determine if user has Access. Fill the cache.
   */

  // @todo What to do with multiple workflow_fields per bundle? Use Views instead! Or introduce a setting.
  // @todo Use proper 'WORKFLOW_TYPE' permissions for workflow_tab_access.
  foreach ($fields as $definition) {
    $type_id = $definition
      ->getSetting('workflow_type');
    if ($account
      ->hasPermission("access any {$type_id} workflow_transion overview")) {
      $access_result = AccessResult::allowed();
    }
    elseif ($is_owner && $account
      ->hasPermission("access own {$type_id} workflow_transion overview")) {
      $access_result = AccessResult::allowed();
    }
    elseif ($account
      ->hasPermission('administer nodes')) {
      $access_result = AccessResult::allowed();
    }
    $access[$uid][$entity_type][$entity_id][$field_name ? $field_name : 'no_field'] = $access_result;
  }
  return $access_result;
}