function CommentController::replyFormAccess

Same name and namespace in other branches
  1. 9 core/modules/comment/src/Controller/CommentController.php \Drupal\comment\Controller\CommentController::replyFormAccess()
  2. 8.9.x core/modules/comment/src/Controller/CommentController.php \Drupal\comment\Controller\CommentController::replyFormAccess()
  3. 11.x core/modules/comment/src/Controller/CommentController.php \Drupal\comment\Controller\CommentController::replyFormAccess()

Access check for the reply form.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity this comment belongs to.

string $field_name: The field_name to which the comment belongs.

int $pid: (optional) Some comments are replies to other comments. In those cases, $pid is the parent comment's comment ID. Defaults to NULL.

Return value

\Drupal\Core\Access\AccessResultInterface An access result

Throws

\Symfony\Component\HttpKernel\Exception\NotFoundHttpException

1 string reference to 'CommentController::replyFormAccess'
comment.routing.yml in core/modules/comment/comment.routing.yml
core/modules/comment/comment.routing.yml

File

core/modules/comment/src/Controller/CommentController.php, line 272

Class

CommentController
Controller for the comment entity.

Namespace

Drupal\comment\Controller

Code

public function replyFormAccess(EntityInterface $entity, $field_name, $pid = NULL) {
  // Check if entity and field exists.
  $fields = $this->commentManager
    ->getFields($entity->getEntityTypeId());
  if (empty($fields[$field_name])) {
    throw new NotFoundHttpException();
  }
  $account = $this->currentUser();
  // Check if the user has the proper permissions.
  $access = AccessResult::allowedIfHasPermission($account, 'post comments');
  // If commenting is open on the entity.
  $status = $entity->{$field_name}->status;
  $access = $access->andIf(AccessResult::allowedIf($status == CommentItemInterface::OPEN)->addCacheableDependency($entity))
    ->andIf(AccessResult::allowedIf($entity->access('view')));
  // $pid indicates that this is a reply to a comment.
  if ($pid) {
    // Check if the user has the proper permissions.
    $access = $access->andIf(AccessResult::allowedIfHasPermission($account, 'access comments'));
    // Load the parent comment.
    $comment = $this->entityTypeManager()
      ->getStorage('comment')
      ->load($pid);
    // Check if the parent comment is published and belongs to the entity.
    $access = $access->andIf(AccessResult::allowedIf($comment && $comment->isPublished() && $comment->getCommentedEntityId() == $entity->id()));
    if ($comment) {
      $access->addCacheableDependency($comment);
    }
  }
  return $access;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.