View source
<?php
namespace Drupal\workflow;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityHandlerInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\workflow\Entity\WorkflowManager;
use Symfony\Component\DependencyInjection\ContainerInterface;
class WorkflowAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
public function __construct(EntityTypeInterface $entity_type = NULL) {
$this->entityType = $entity_type;
if ($entity_type) {
parent::__construct($entity_type);
}
}
public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
return new static($entity_type);
}
public function access(EntityInterface $entity, $operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
$account = workflow_current_user($account);
$result = parent::access($entity, $operation, $account, TRUE);
switch ($entity
->getEntityTypeId()) {
case 'workflow_scheduled_transition':
switch ($operation) {
case 'update':
$result = AccessResult::forbidden();
break;
case 'delete':
$result = AccessResult::forbidden();
break;
case 'revert':
$result = AccessResult::forbidden();
break;
default:
$result = parent::access($entity, $operation, $account, TRUE);
break;
}
break;
case 'workflow_transition':
$transition = $entity;
$is_owner = WorkflowManager::isOwner($account, $transition);
$type_id = $transition
->getWorkflowId();
switch ($operation) {
case 'update':
if ($account
->hasPermission("bypass {$type_id} workflow_transition access")) {
$result = AccessResult::allowed()
->cachePerPermissions();
}
elseif ($account
->hasPermission("edit any {$type_id} workflow_transition")) {
$result = AccessResult::allowed()
->cachePerPermissions();
}
elseif ($is_owner && $account
->hasPermission("edit own {$type_id} workflow_transition")) {
$result = AccessResult::allowed()
->cachePerPermissions();
}
return $return_as_object ? $result : $result
->isAllowed();
case 'delete':
$result = AccessResult::forbidden();
break;
case 'revert':
if (!$transition
->isRevertable()) {
$result = AccessResult::forbidden();
}
elseif ($account
->hasPermission("revert any {$type_id} workflow_transition")) {
$result = AccessResult::allowed();
}
elseif ($is_owner && $account
->hasPermission("revert own {$type_id} workflow_transition")) {
$result = AccessResult::allowed();
}
else {
$result = AccessResult::forbidden();
}
if ($result == AccessResult::allowed()) {
$permitted = \Drupal::moduleHandler()
->invokeAll('workflow', [
'transition revert',
$transition,
$account,
]);
if (in_array(FALSE, $permitted, TRUE)) {
$result = AccessResult::forbidden();
}
}
break;
default:
$result = parent::access($entity, $operation, $account, TRUE);
break;
}
break;
case 'workflow_config_transition':
break;
case 'workflow_state':
switch ($operation) {
case 'view label':
$result = AccessResult::allowed();
return $return_as_object ? $result : $result
->isAllowed();
default:
break;
}
break;
}
$result = $result
->cachePerPermissions();
return $return_as_object ? $result : $result
->isAllowed();
}
public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = [], $return_as_object = FALSE) {
workflow_debug(__FILE__, __FUNCTION__, __LINE__);
$result = parent::createAccess($entity_bundle, $account, $context, TRUE);
$result = $result
->cachePerPermissions();
return $return_as_object ? $result : $result
->isAllowed();
}
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
workflow_debug(__FILE__, __FUNCTION__, __LINE__);
return AccessResult::allowedIf($account
->hasPermission('create ' . $entity_bundle . ' content'))
->cachePerPermissions();
}
}