function WorkspaceProviderBase::checkAccess

Checks access for a given workspace.

It is strongly recommended to inherit this method from the base provider class, and call the parent method before or after any custom logic.

Parameters

\Drupal\workspaces\WorkspaceInterface $workspace: The workspace for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user session for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides WorkspaceProviderInterface::checkAccess

File

core/modules/workspaces/src/Provider/WorkspaceProviderBase.php, line 42

Class

WorkspaceProviderBase
Defines the base class for workspace providers.

Namespace

Drupal\workspaces\Provider

Code

public function checkAccess(WorkspaceInterface $workspace, string $operation, AccountInterface $account) : AccessResultInterface {
  if ($operation === 'publish' && $workspace->hasParent()) {
    $message = $this->t('Only top-level workspaces can be published.');
    return AccessResult::forbidden((string) $message)->addCacheableDependency($workspace);
  }
  if ($account->hasPermission('administer workspaces')) {
    return AccessResult::allowed()->cachePerPermissions();
  }
  // @todo Consider adding explicit "publish any|own workspace" permissions in
  //   https://www.drupal.org/project/drupal/issues/3084260.
  switch ($operation) {
    case 'update':
    case 'publish':
      $permission_operation = 'edit';
      break;

    case 'view all revisions':
      $permission_operation = 'view';
      break;

    default:
      $permission_operation = $operation;
      break;

  }
  // Check if the user has permission to access all workspaces.
  $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');
  // Check if it's their own workspace, and they have permission to access
  // their own workspace.
  if ($access_result->isNeutral() && $account->isAuthenticated() && $account->id() === $workspace->getOwnerId()) {
    $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' own workspace')->cachePerUser()
      ->addCacheableDependency($workspace);
  }
  return $access_result;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.