function ProtectedUserFieldConstraintValidator::validate

phpcs:ignore Drupal.Commenting.FunctionComment.VoidReturn

Return value

void

File

core/modules/user/src/Plugin/Validation/Constraint/ProtectedUserFieldConstraintValidator.php, line 60

Class

ProtectedUserFieldConstraintValidator

Validates the ProtectedUserFieldConstraint constraint.

Namespace

Code

public function validate($items, Constraint $constraint) {
  if (!isset($items)) {
    return;
  }
  /** @var \Drupal\Core\Field\FieldItemListInterface $items */
  $field = $items->getFieldDefinition();
  /** @var \Drupal\user\UserInterface $account */
  $account = $items->getEntity();
  if (!isset($account) || !empty($account->_skipProtectedUserFieldConstraint)) {
    // Looks like we are validating a field not being part of a user, or the
    // constraint should be skipped, so do nothing.
    return;
  }
  // Only validate for existing entities and if this is the current user.
  if (!$account->isNew() && $account->id() == $this->currentUser
    ->id()) {
    /** @var \Drupal\user\UserInterface $account_unchanged */
    $account_unchanged = $this->userStorage
      ->loadUnchanged($account->id());
    $changed = FALSE;
    // Special case for the password, it being empty means that the existing
    // password should not be changed, ignore empty password fields.
    $value = $items->value;
    if ($field->getName() != 'pass' || !empty($value)) {
      // Compare the values of the field this is being validated on.
      $changed = $items->getValue() != $account_unchanged->get($field->getName())
        ->getValue();
    }
    if ($changed && !$account->checkExistingPassword($account_unchanged)) {
      $this->context
        ->addViolation($constraint->message, [
        '%name' => $field->getLabel(),
      ]);
    }
  }
}