You are here

class EntityAccess in Workspace 8.2

Same name and namespace in other branches
  1. 8 src/EntityAccess.php \Drupal\workspace\EntityAccess

Service wrapper for hooks relating to entity access control.

@internal

Hierarchy

Expanded class hierarchy of EntityAccess

1 file declares its use of EntityAccess
workspace.module in ./workspace.module
Provides full-site preview functionality for content staging.

File

src/EntityAccess.php, line 18

Namespace

Drupal\workspace
View source
class EntityAccess implements ContainerInjectionInterface {
  use StringTranslationTrait;

  /**
   * The entity type manager service.
   *
   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
   */
  protected $entityTypeManager;

  /**
   * The workspace manager service.
   *
   * @var \Drupal\workspace\WorkspaceManagerInterface
   */
  protected $workspaceManager;

  /**
   * Constructs a new EntityAccess instance.
   *
   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
   *   The entity type manager service.
   * @param \Drupal\workspace\WorkspaceManagerInterface $workspace_manager
   *   The workspace manager service.
   */
  public function __construct(EntityTypeManagerInterface $entity_type_manager, WorkspaceManagerInterface $workspace_manager) {
    $this->entityTypeManager = $entity_type_manager;
    $this->workspaceManager = $workspace_manager;
  }

  /**
   * {@inheritdoc}
   */
  public static function create(ContainerInterface $container) {
    return new static($container
      ->get('entity_type.manager'), $container
      ->get('workspace.manager'));
  }

  /**
   * Implements a hook bridge for hook_entity_access().
   *
   * @param \Drupal\Core\Entity\EntityInterface $entity
   *   The entity to check access for.
   * @param string $operation
   *   The operation being performed.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user account making the to check access for.
   *
   * @return \Drupal\Core\Access\AccessResult
   *   The result of the access check.
   *
   * @see hook_entity_access()
   */
  public function entityOperationAccess(EntityInterface $entity, $operation, AccountInterface $account) {

    // Workspaces themselves are handled by their own access handler and we
    // should not try to do any access checks for entity types that can not
    // belong to a workspace.
    if ($entity
      ->getEntityTypeId() === 'workspace' || !$this->workspaceManager
      ->isEntityTypeSupported($entity
      ->getEntityType())) {
      return AccessResult::neutral();
    }
    return $this
      ->bypassAccessResult($account);
  }

  /**
   * Implements a hook bridge for hook_entity_create_access().
   *
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user account making the to check access for.
   * @param array $context
   *   The context of the access check.
   * @param string $entity_bundle
   *   The bundle of the entity.
   *
   * @return \Drupal\Core\Access\AccessResult
   *   The result of the access check.
   *
   * @see hook_entity_create_access()
   */
  public function entityCreateAccess(AccountInterface $account, array $context, $entity_bundle) {

    // Workspaces themselves are handled by their own access handler and we
    // should not try to do any access checks for entity types that can not
    // belong to a workspace.
    $entity_type = $this->entityTypeManager
      ->getDefinition($context['entity_type_id']);
    if ($entity_type
      ->id() === 'workspace' || !$this->workspaceManager
      ->isEntityTypeSupported($entity_type)) {
      return AccessResult::neutral();
    }
    return $this
      ->bypassAccessResult($account);
  }

  /**
   * Checks the 'bypass' permissions.
   *
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user account making the to check access for.
   *
   * @return \Drupal\Core\Access\AccessResult
   *   The result of the access check.
   */
  protected function bypassAccessResult(AccountInterface $account) {

    // This approach assumes that the current "global" active workspace is
    // correct, i.e. if you're "in" a given workspace then you get ALL THE PERMS
    // to ALL THE THINGS! That's why this is a dangerous permission.
    $active_workspace = $this->workspaceManager
      ->getActiveWorkspace();
    return AccessResult::allowedIf($active_workspace
      ->getOwnerId() == $account
      ->id())
      ->cachePerUser()
      ->addCacheableDependency($active_workspace)
      ->andIf(AccessResult::allowedIfHasPermission($account, 'bypass entity access own workspace'));
  }

}

Members

Namesort descending Modifiers Type Description Overrides
EntityAccess::$entityTypeManager protected property The entity type manager service.
EntityAccess::$workspaceManager protected property The workspace manager service.
EntityAccess::bypassAccessResult protected function Checks the 'bypass' permissions.
EntityAccess::create public static function Instantiates a new instance of this class. Overrides ContainerInjectionInterface::create
EntityAccess::entityCreateAccess public function Implements a hook bridge for hook_entity_create_access().
EntityAccess::entityOperationAccess public function Implements a hook bridge for hook_entity_access().
EntityAccess::__construct public function Constructs a new EntityAccess instance.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.