function WorkspaceAccessControlHandler::checkAccess

Same name in other branches
  1. 9 core/modules/workspaces/src/WorkspaceAccessControlHandler.php \Drupal\workspaces\WorkspaceAccessControlHandler::checkAccess()
  2. 8.9.x core/modules/workspaces/src/WorkspaceAccessControlHandler.php \Drupal\workspaces\WorkspaceAccessControlHandler::checkAccess()
  3. 11.x core/modules/workspaces/src/WorkspaceAccessControlHandler.php \Drupal\workspaces\WorkspaceAccessControlHandler::checkAccess()

Overrides EntityAccessControlHandler::checkAccess

File

core/modules/workspaces/src/WorkspaceAccessControlHandler.php, line 20

Class

WorkspaceAccessControlHandler
Defines the access control handler for the workspace entity type.

Namespace

Drupal\workspaces

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    
    /** @var \Drupal\workspaces\WorkspaceInterface $entity */
    if ($operation === 'publish' && $entity->hasParent()) {
        $message = $this->t('Only top-level workspaces can be published.');
        return AccessResult::forbidden((string) $message)->addCacheableDependency($entity);
    }
    if ($account->hasPermission('administer workspaces')) {
        return AccessResult::allowed()->cachePerPermissions();
    }
    // @todo Consider adding explicit "publish any|own workspace" permissions in
    //   https://www.drupal.org/project/drupal/issues/3084260.
    switch ($operation) {
        case 'update':
        case 'publish':
            $permission_operation = 'edit';
            break;
        case 'view all revisions':
            $permission_operation = 'view';
            break;
        default:
            $permission_operation = $operation;
            break;
    }
    // Check if the user has permission to access all workspaces.
    $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');
    // Check if it's their own workspace, and they have permission to access
    // their own workspace.
    if ($access_result->isNeutral() && $account->isAuthenticated() && $account->id() === $entity->getOwnerId()) {
        $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' own workspace')->cachePerUser()
            ->addCacheableDependency($entity);
    }
    return $access_result;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.