Code
/
reserve
7
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Branch 4.0.x-roblib is currently the same as Drupals main branch but with our patches applied.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
4 Branches
0 Tags
858 KiB
Tree: c0391680c4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c0391680c4'
${ noResults }
reserve/src/ReserveReservationAccessCon...

60 lines
2.0 KiB
Raw Normal View History Unescape

initial commit
6 years ago
<?php
namespace Drupal\reserve;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Access\AccessResult;
/**
* Access controller for the Reservation entity.
*
* @see \Drupal\reserve\Entity\ReserveReservation.
*/
class ReserveReservationAccessControlHandler extends EntityAccessControlHandler {
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\reserve\Entity\ReserveReservationInterface $entity */
switch ($operation) {
case 'view':
if (!$entity->isPublished()) {
fix edit/delete any/own on reservation entity: https://www.drupal.org/project/reserve/issues/3047518
6 years ago
$access = AccessResult::allowedIfHasPermission($account, 'view unpublished reservations');
initial commit
6 years ago
}
fix edit/delete any/own on reservation entity: https://www.drupal.org/project/reserve/issues/3047518
6 years ago
$access = AccessResult::allowedIfHasPermission($account, 'view published reservations');
break;
initial commit
6 years ago
case 'update':
fix edit/delete any/own on reservation entity: https://www.drupal.org/project/reserve/issues/3047518
6 years ago
$access = AccessResult::allowedIfHasPermission($account, 'edit any reservation');
if (!$access->isAllowed() && $account->hasPermission('edit own reservation')) {
$access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId())->cachePerUser()->addCacheableDependency($entity));
}
break;
initial commit
6 years ago
case 'delete':
fix edit/delete any/own on reservation entity: https://www.drupal.org/project/reserve/issues/3047518
6 years ago
$access = AccessResult::allowedIfHasPermission($account, 'delete any reservation');
added case for user to only delete their own reservations
3 years ago
if (!$access->isAllowed() && $account->hasPermission('delete own reservation')) {
$access = $access->orIf(AccessResult::allowedIf($account->id() == $entity->getOwnerId())->cachePerUser()->addCacheableDependency($entity));
}
fix edit/delete any/own on reservation entity: https://www.drupal.org/project/reserve/issues/3047518
6 years ago
break;
// Unknown operation, no opinion.
default:
$access = AccessResult::neutral();
initial commit
6 years ago
}
fix edit/delete any/own on reservation entity: https://www.drupal.org/project/reserve/issues/3047518
6 years ago
return $access;
initial commit
6 years ago
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermission($account, 'add reservations');
}
}