function WorkspaceAccessControlHandler::checkAccess

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

core/modules/workspaces/src/WorkspaceAccessControlHandler.php, line 20

Class

WorkspaceAccessControlHandler
Defines the access control handler for the workspace entity type.

Namespace

Drupal\workspaces

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  /** @var \Drupal\workspaces\WorkspaceInterface $entity */
  if ($operation === 'publish' && $entity->hasParent()) {
    $message = $this->t('Only top-level workspaces can be published.');
    return AccessResult::forbidden((string) $message)->addCacheableDependency($entity);
  }
  if ($account->hasPermission('administer workspaces')) {
    return AccessResult::allowed()->cachePerPermissions();
  }
  // @todo Consider adding explicit "publish any|own workspace" permissions in
  //   https://www.drupal.org/project/drupal/issues/3084260.
  switch ($operation) {
    case 'update':
    case 'publish':
      $permission_operation = 'edit';
      break;

    case 'view all revisions':
      $permission_operation = 'view';
      break;

    default:
      $permission_operation = $operation;
      break;

  }
  // Check if the user has permission to access all workspaces.
  $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');
  // Check if it's their own workspace, and they have permission to access
  // their own workspace.
  if ($access_result->isNeutral() && $account->isAuthenticated() && $account->id() === $entity->getOwnerId()) {
    $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' own workspace')->cachePerUser()
      ->addCacheableDependency($entity);
  }
  return $access_result;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.