You are here

Home » API reference » Zircon Profile 8 » UserAccessControlHandler.php » UserAccessControlHandler

protected function UserAccessControlHandler::checkAccess in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/user/src/UserAccessControlHandler.php \Drupal\user\UserAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

core/modules/user/src/UserAccessControlHandler.php, line 27
Contains \Drupal\user\UserAccessControlHandler.

Class

UserAccessControlHandler
Defines the access control handler for the user entity type.

Namespace

Drupal\user

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\user\UserInterface $entity*/

  // The anonymous user's profile can neither be viewed, updated nor deleted.
  if ($entity
    ->isAnonymous()) {
    return AccessResult::forbidden();
  }

  // Administrators can view/update/delete all user profiles.
  if ($account
    ->hasPermission('administer users')) {
    return AccessResult::allowed()
      ->cachePerPermissions();
  }
  switch ($operation) {
    case 'view':

      // Only allow view access if the account is active.
      if ($account
        ->hasPermission('access user profiles') && $entity
        ->isActive()) {
        return AccessResult::allowed()
          ->cachePerPermissions()
          ->cacheUntilEntityChanges($entity);
      }
      else {
        if ($account
          ->id() == $entity
          ->id()) {
          return AccessResult::allowed()
            ->cachePerUser();
        }
      }
      break;
    case 'update':

      // Users can always edit their own account.
      return AccessResult::allowedIf($account
        ->id() == $entity
        ->id())
        ->cachePerUser();
    case 'delete':

      // Users with 'cancel account' permission can cancel their own account.
      return AccessResult::allowedIf($account
        ->id() == $entity
        ->id() && $account
        ->hasPermission('cancel account'))
        ->cachePerPermissions()
        ->cachePerUser();
  }

  // No opinion.
  return AccessResult::neutral();
}