Nigel Banks
3 years ago
4 changed files with 16 additions and 143 deletions
@ -1,133 +0,0 @@ |
|||||||
<?php |
|
||||||
|
|
||||||
namespace Drupal\dgi_fixity\Access; |
|
||||||
|
|
||||||
use Drupal\Core\Access\AccessResult; |
|
||||||
use Drupal\Core\Entity\EntityTypeManagerInterface; |
|
||||||
use Drupal\Core\Routing\Access\AccessInterface; |
|
||||||
use Drupal\Core\Session\AccountInterface; |
|
||||||
use Drupal\dgi_fixity\FixityCheckInterface; |
|
||||||
use Symfony\Component\Routing\Route; |
|
||||||
|
|
||||||
/** |
|
||||||
* Provides an access checker for fixity_check revisions. |
|
||||||
* |
|
||||||
* @ingroup fixity_check_access |
|
||||||
*/ |
|
||||||
class FixityCheckRevisionAccessCheck implements AccessInterface { |
|
||||||
|
|
||||||
/** |
|
||||||
* The fixity_check storage. |
|
||||||
* |
|
||||||
* @var \Drupal\dgi_fixity\FixityCheckStorageInterface |
|
||||||
*/ |
|
||||||
protected $storage; |
|
||||||
|
|
||||||
/** |
|
||||||
* The fixity_check access control handler. |
|
||||||
* |
|
||||||
* @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface |
|
||||||
*/ |
|
||||||
protected $accessControlHandler; |
|
||||||
|
|
||||||
/** |
|
||||||
* A static cache of access checks. |
|
||||||
* |
|
||||||
* @var array |
|
||||||
*/ |
|
||||||
protected $access = []; |
|
||||||
|
|
||||||
/** |
|
||||||
* Constructs a new FixityCheckRevisionAccessCheck. |
|
||||||
* |
|
||||||
* @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager |
|
||||||
* The entity type manager. |
|
||||||
*/ |
|
||||||
public function __construct(EntityTypeManagerInterface $entity_type_manager) { |
|
||||||
$this->storage = $entity_type_manager->getStorage('fixity_check'); |
|
||||||
$this->accessControlHandler = $entity_type_manager->getAccessControlHandler('fixity_check'); |
|
||||||
} |
|
||||||
|
|
||||||
/** |
|
||||||
* Checks routing access for the fixity_check revision. |
|
||||||
* |
|
||||||
* @param \Symfony\Component\Routing\Route $route |
|
||||||
* The route to check against. |
|
||||||
* @param \Drupal\Core\Session\AccountInterface $account |
|
||||||
* The currently logged in account. |
|
||||||
* @param int $fixity_check_revision |
|
||||||
* (optional) The fixity_check revision ID. If not specified, but |
|
||||||
* $fixity_check is, access is checked for that object's revision. |
|
||||||
* @param \Drupal\dgi_fixity\FixityCheckInterface $fixity_check |
|
||||||
* (optional) A fixity_check object. Used for checking access to a |
|
||||||
* fixity_check's default revision when $fixity_check_revision is |
|
||||||
* unspecified. Ignored when $fixity_check_revision is specified. |
|
||||||
* If neither $fixity_check_revision nor $fixity_check are specified, |
|
||||||
* then access is denied. |
|
||||||
* |
|
||||||
* @return \Drupal\Core\Access\AccessResultInterface |
|
||||||
* The access result. |
|
||||||
*/ |
|
||||||
public function access(Route $route, AccountInterface $account, $fixity_check_revision = NULL, FixityCheckInterface $fixity_check = NULL) { |
|
||||||
if ($fixity_check_revision) { |
|
||||||
$fixity_check = $this->storage->loadRevision($fixity_check_revision); |
|
||||||
} |
|
||||||
$operation = $route->getRequirement('_access_fixity_check_revision'); |
|
||||||
return AccessResult::allowedIf($fixity_check && $this->checkAccess($fixity_check, $account, $operation))->cachePerPermissions()->addCacheableDependency($fixity_check); |
|
||||||
} |
|
||||||
|
|
||||||
/** |
|
||||||
* Checks fixity_check revision access. |
|
||||||
* |
|
||||||
* @param \Drupal\dgi_fixity\FixityCheckInterface $fixity_check |
|
||||||
* The fixity_check revision to check. |
|
||||||
* @param \Drupal\Core\Session\AccountInterface $account |
|
||||||
* A user object representing the user for whom the operation is to be |
|
||||||
* performed. |
|
||||||
* @param string $op |
|
||||||
* (optional) The specific operation being checked. Defaults to 'view'. |
|
||||||
* |
|
||||||
* @return bool |
|
||||||
* TRUE if the operation may be performed, FALSE otherwise. |
|
||||||
*/ |
|
||||||
public function checkAccess(FixityCheckInterface $fixity_check, AccountInterface $account, $op = 'view') { |
|
||||||
$map = [ |
|
||||||
'view' => 'view fixity checks', |
|
||||||
'delete' => 'administer fixity checks', |
|
||||||
]; |
|
||||||
|
|
||||||
if (!$fixity_check || !isset($map[$op])) { |
|
||||||
// If there was no fixity_check to check against, or the $op was not one |
|
||||||
// of the supported ones, we return access denied. |
|
||||||
return FALSE; |
|
||||||
} |
|
||||||
|
|
||||||
// Statically cache access by revision ID, user account ID, and operation. |
|
||||||
$cid = $fixity_check->getRevisionId() . ':' . $account->id() . ':' . $op; |
|
||||||
|
|
||||||
if (!isset($this->access[$cid])) { |
|
||||||
$has_perm = $account->hasPermission($map[$op]); |
|
||||||
$has_admin_perm = $account->hasPermission($fixity_check->getEntityType()->getAdminPermission()); |
|
||||||
// Perform basic permission checks first. |
|
||||||
if (!$has_perm && !$has_admin_perm) { |
|
||||||
$this->access[$cid] = FALSE; |
|
||||||
return $this->access[$cid]; |
|
||||||
} |
|
||||||
// Do not allow for the deletion of the the default revision. |
|
||||||
elseif ($fixity_check->isDefaultRevision() && $op === 'delete') { |
|
||||||
$this->access[$cid] = FALSE; |
|
||||||
} |
|
||||||
elseif ($has_admin_perm) { |
|
||||||
$this->access[$cid] = TRUE; |
|
||||||
} |
|
||||||
else { |
|
||||||
// First check the access to the default revision and finally, if the |
|
||||||
// fixity_check passed in is not the default revision then check access |
|
||||||
// to that, too. |
|
||||||
$this->access[$cid] = $this->accessControlHandler->access($this->storage->load($fixity_check->id()), $op, $account) && ($fixity_check->isDefaultRevision() || $this->accessControlHandler->access($fixity_check, $op, $account)); |
|
||||||
} |
|
||||||
} |
|
||||||
return $this->access[$cid]; |
|
||||||
} |
|
||||||
|
|
||||||
} |
|
||||||
Loading…
Reference in new issue