protected function WorkspaceAccessControlHandler::checkAccess in Workspace 8.2
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides EntityAccessControlHandler::checkAccess
File
- src/
WorkspaceAccessControlHandler.php, line 20
Class
- WorkspaceAccessControlHandler
- Defines the access control handler for the workspace entity type.
Namespace
Drupal\workspaceCode
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\workspace\WorkspaceInterface $entity */
if ($operation === 'delete' && $entity
->isDefaultWorkspace()) {
return AccessResult::forbidden()
->addCacheableDependency($entity);
}
if ($account
->hasPermission('administer workspaces')) {
return AccessResult::allowed()
->cachePerPermissions();
}
// The default workspace is always viewable, no matter what.
if ($operation == 'view' && $entity
->isDefaultWorkspace()) {
return AccessResult::allowed()
->addCacheableDependency($entity);
}
$permission_operation = $operation === 'update' ? 'edit' : $operation;
// Check if the user has permission to access all workspaces.
$access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');
// Check if it's their own workspace, and they have permission to access
// their own workspace.
if ($access_result
->isNeutral() && $account
->isAuthenticated() && $account
->id() === $entity
->getOwnerId()) {
$access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' own workspace')
->cachePerUser()
->addCacheableDependency($entity);
}
return $access_result;
}