public function YamlForm::checkAccessRules in YAML Form 8
Checks form access to an operation on a form's submission.
Parameters
string $operation: The operation access should be checked for. Usually "create", "view", "update", "delete", "purge", or "admin".
\Drupal\Core\Session\AccountInterface $account: The user session for which to check access.
\Drupal\yamlform\YamlFormSubmissionInterface|null $yamlform_submission: (optional) A form submission.
Return value
bool The access result. Returns a TRUE if access is allowed.
Overrides YamlFormInterface::checkAccessRules
File
- src/
Entity/ YamlForm.php, line 595
Class
- YamlForm
- Defines the form entity.
Namespace
Drupal\yamlform\EntityCode
public function checkAccessRules($operation, AccountInterface $account, YamlFormSubmissionInterface $yamlform_submission = NULL) {
// Always grant access to "admin" which are form and form
// submission administrators.
if ($account
->hasPermission('administer yamlform') || $account
->hasPermission('administer yamlform submission')) {
return TRUE;
}
// The "page" operation is the same as "create" but requires that the
// Form is allowed to be displayed as dedicated page.
// Used by the 'entity.yamlform.canonical' route.
if ($operation == 'page') {
if (empty($this->settings['page'])) {
return FALSE;
}
else {
$operation = 'create';
}
}
$access_rules = $this
->getAccessRules();
if (isset($access_rules[$operation]) && in_array($operation, [
'create',
'view_any',
'update_any',
'delete_any',
'purge_any',
'view_own',
]) && $this
->checkAccessRule($access_rules[$operation], $account)) {
return TRUE;
}
elseif (isset($access_rules[$operation . '_any']) && $this
->checkAccessRule($access_rules[$operation . '_any'], $account)) {
return TRUE;
}
elseif (isset($access_rules[$operation . '_own']) && $account
->isAuthenticated() && $yamlform_submission && $account
->id() === $yamlform_submission
->getOwnerId() && $this
->checkAccessRule($access_rules[$operation . '_own'], $account)) {
return TRUE;
}
else {
return FALSE;
}
}