class NodeRevisionAccessCheck

class NodeRevisionAccessCheck implements AccessInterface {
    
    /**
     * The node storage.
     *
     * @var \Drupal\node\NodeStorageInterface
     */
    protected $nodeStorage;
    
    /**
     * The node access control handler.
     *
     * @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface
     */
    protected $nodeAccess;
    
    /**
     * A static cache of access checks.
     *
     * @var array
     */
    protected $access = [];
    
    /**
     * Constructs a new NodeRevisionAccessCheck.
     *
     * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
     *   The entity type manager.
     */
    public function __construct(EntityTypeManagerInterface $entity_type_manager) {
        $this->nodeStorage = $entity_type_manager->getStorage('node');
        $this->nodeAccess = $entity_type_manager->getAccessControlHandler('node');
    }
    
    /**
     * Checks routing access for the node revision.
     *
     * @param \Symfony\Component\Routing\Route $route
     *   The route to check against.
     * @param \Drupal\Core\Session\AccountInterface $account
     *   The currently logged in account.
     * @param int $node_revision
     *   (optional) The node revision ID. If not specified, but $node is, access
     *   is checked for that object's revision.
     * @param \Drupal\node\NodeInterface $node
     *   (optional) A node object. Used for checking access to a node's default
     *   revision when $node_revision is unspecified. Ignored when $node_revision
     *   is specified. If neither $node_revision nor $node are specified, then
     *   access is denied.
     *
     * @return \Drupal\Core\Access\AccessResultInterface
     *   The access result.
     */
    public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL) {
        if ($node_revision) {
            $node = $this->nodeStorage
                ->loadRevision($node_revision);
        }
        $operation = $route->getRequirement('_access_node_revision');
        return AccessResult::allowedIf($node && $this->checkAccess($node, $account, $operation))
            ->cachePerPermissions()
            ->addCacheableDependency($node);
    }
    
    /**
     * Checks node revision access.
     *
     * @param \Drupal\node\NodeInterface $node
     *   The node to check.
     * @param \Drupal\Core\Session\AccountInterface $account
     *   A user object representing the user for whom the operation is to be
     *   performed.
     * @param string $op
     *   (optional) The specific operation being checked. Defaults to 'view.'
     *
     * @return bool
     *   TRUE if the operation may be performed, FALSE otherwise.
     */
    public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view') {
        $map = [
            'view' => 'view all revisions',
            'update' => 'revert all revisions',
            'delete' => 'delete all revisions',
        ];
        $bundle = $node->bundle();
        $type_map = [
            'view' => "view {$bundle} revisions",
            'update' => "revert {$bundle} revisions",
            'delete' => "delete {$bundle} revisions",
        ];
        if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {
            // If there was no node to check against, or the $op was not one of the
            // supported ones, we return access denied.
            return FALSE;
        }
        // Statically cache access by revision ID, language code, user account ID,
        // and operation.
        $langcode = $node->language()
            ->getId();
        $cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op;
        if (!isset($this->access[$cid])) {
            // Perform basic permission checks first.
            if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) {
                $this->access[$cid] = FALSE;
                return FALSE;
            }
            // If the revisions checkbox is selected for the content type, display the
            // revisions tab.
            $bundle_entity_type = $node->getEntityType()
                ->getBundleEntityType();
            $bundle_entity = \Drupal::entityTypeManager()->getStorage($bundle_entity_type)
                ->load($bundle);
            if ($bundle_entity->shouldCreateNewRevision() && $op === 'view') {
                $this->access[$cid] = TRUE;
            }
            else {
                // There should be at least two revisions. If the vid of the given node
                // and the vid of the default revision differ, then we already have two
                // different revisions so there is no need for a separate database
                // check. Also, if you try to revert to or delete the default revision,
                // that's not good.
                if ($node->isDefaultRevision() && ($this->nodeStorage
                    ->countDefaultLanguageRevisions($node) == 1 || $op === 'update' || $op === 'delete')) {
                    $this->access[$cid] = FALSE;
                }
                elseif ($account->hasPermission('administer nodes')) {
                    $this->access[$cid] = TRUE;
                }
                else {
                    // First check the access to the default revision and finally, if the
                    // node passed in is not the default revision then check access to
                    // that, too.
                    $this->access[$cid] = $this->nodeAccess
                        ->access($this->nodeStorage
                        ->load($node->id()), $op, $account) && ($node->isDefaultRevision() || $this->nodeAccess
                        ->access($node, $op, $account));
                }
            }
        }
        return $this->access[$cid];
    }

}