/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var \Drupal\crm_core_contact\Entity\ContactType $entity */ // First check permission. if (parent::checkAccess($entity, $operation, $account)->isForbidden()) { return AccessResult::forbidden(); } switch ($operation) { case 'enable': // Only disabled contact type can be enabled. return AccessResult::allowedIf(!$entity->status()); case 'disable': return AccessResult::allowedIf($entity->status()); case 'delete': // If contact instance of this contact type exist, you can't delete it. $results = \Drupal::entityQuery('crm_core_contact')->condition('type', $entity->id())->execute(); return AccessResult::allowedIf(empty($results)); // @todo Which is it? // @todo Which is it? case 'edit': case 'update': // If the contact type is locked, you can't edit it. return AccessResult::allowed(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation === 'view') { return AccessResult::allowedIfHasPermission($account, 'access content'); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var \Drupal\crm_core_match\Matcher\MatcherConfigInterface $entity */ return parent::checkAccess($entity, $operation, $account); // Deny delete access. // ->andIf(AccessResult::allowedIf($operation != 'delete')); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $filter_format, $operation, $langcode, AccountInterface $account) { /** @var \Drupal\filter\FilterFormatInterface $filter_format */ // All users are allowed to use the fallback filter. if ($operation == 'use') { if ($filter_format->isFallbackFormat()) { return AccessResult::allowed(); } else { return AccessResult::allowedIfHasPermission($account, $filter_format->getPermissionName()); } } // The fallback format may not be disabled. if ($operation == 'disable' && $filter_format->isFallbackFormat()) { return AccessResult::forbidden(); } // We do not allow filter formats to be deleted through the UI, because that // would render any content that uses them unusable. if ($operation == 'delete') { return AccessResult::forbidden(); } if (in_array($operation, array('disable', 'update'))) { return parent::checkAccess($filter_format, $operation, $langcode, $account); } // No opinion. return AccessResult::neutral(); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation === 'view') { return AccessResult::allowed(); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $access = parent::checkAccess($entity, $operation, $account); if ($operation === 'view') { $access = $access->orIf(AccessResult::allowedIfHasPermission($account, 'access ' . $entity->getEntityTypeId())); } return $access; }
/** * Performs access checks. * * Uses permissions from host entity. * * @param \Drupal\Core\Entity\EntityInterface $entity * The entity for which to check 'create' access. * @param string $operation * The entity operation. Usually one of 'view', 'update', 'create' or * 'delete'. * @param \Drupal\Core\Session\AccountInterface $account * The user for which to check access. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $result = parent::checkAccess($entity, $operation, $account); if ($result->isForbidden()) { return $result; } return $entity->getHost()->access($operation, $account, TRUE); }
/** * {@inheritdoc} */ public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { if ($operation == 'view') { return AccessResult::allowed(); } else { return parent::checkAccess($entity, $operation, $langcode, $account); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var \Drupal\block\BlockInterface $entity */ if ($operation != 'view') { return parent::checkAccess($entity, $operation, $account); } // Don't grant access to disabled blocks. if (!$entity->status()) { return AccessResult::forbidden()->addCacheableDependency($entity); } else { $conditions = []; $missing_context = FALSE; foreach ($entity->getVisibilityConditions() as $condition_id => $condition) { if ($condition instanceof ContextAwarePluginInterface) { try { $contexts = $this->contextRepository->getRuntimeContexts(array_values($condition->getContextMapping())); $this->contextHandler->applyContextMapping($condition, $contexts); } catch (ContextException $e) { $missing_context = TRUE; } } $conditions[$condition_id] = $condition; } if ($missing_context) { // If any context is missing then we might be missing cacheable // metadata, and don't know based on what conditions the block is // accessible or not. For example, blocks that have a node type // condition will have a missing context on any non-node route like the // frontpage. // @todo Avoid setting max-age 0 for some or all cases, for example by // treating available contexts without value differently in // https://www.drupal.org/node/2521956. $access = AccessResult::forbidden()->setCacheMaxAge(0); } elseif ($this->resolveConditions($conditions, 'and') !== FALSE) { // Delegate to the plugin. $block_plugin = $entity->getPlugin(); try { if ($block_plugin instanceof ContextAwarePluginInterface) { $contexts = $this->contextRepository->getRuntimeContexts(array_values($block_plugin->getContextMapping())); $this->contextHandler->applyContextMapping($block_plugin, $contexts); } $access = $block_plugin->access($account, TRUE); } catch (ContextException $e) { // Setting access to forbidden if any context is missing for the same // reasons as with conditions (described in the comment above). // @todo Avoid setting max-age 0 for some or all cases, for example by // treating available contexts without value differently in // https://www.drupal.org/node/2521956. $access = AccessResult::forbidden()->setCacheMaxAge(0); } } else { $access = AccessResult::forbidden(); } $this->mergeCacheabilityFromConditions($access, $conditions); // Ensure that access is evaluated again when the block changes. return $access->addCacheableDependency($entity); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $admin_access = parent::checkAccess($entity, $operation, $account); // Allow view with other permission. if ($operation === 'view') { return AccessResult::allowedIfHasPermission($account, 'view moderation states')->orIf($admin_access); } return $admin_access; }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { // ZZ is the fallback address format and it must always be present. if ($operation == 'delete' && $entity->id() == 'ZZ') { return AccessResult::forbidden(); } else { return parent::checkAccess($entity, $operation, $account); } }
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { if ($operation == 'submit') { /** @var \Drupal\eform\entity\EFormsubmission $entity */ $roles = $entity->getEFormType()->roles; $eform_roles = $account->getRoles(); return AccessResult::allowed(); } return parent::checkAccess($entity, $operation, $langcode, $account); // TODO: Change the autogenerated stub }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'view': return AccessResult::allowedIfHasPermission($account, 'access content'); break; default: return parent::checkAccess($entity, $operation, $account); break; } }
/** * {@inheritdoc} */ public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { // The $opereration parameter tells you what sort of operation access is // being checked for. if ($operation == 'view') { return TRUE; } // Other than the view operation, we're going to be insanely lax about // access. Don't try this at home! return parent::checkAccess($entity, $operation, $langcode, $account); }
/** * {@inheritdoc} */ public function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation == 'view') { // Allow viewing the configuration entity. return AccessResult::allowed(); } if ($entity->isLocked()) { return AccessResult::forbidden(); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'delete': if ($entity->id() == RoleInterface::ANONYMOUS_ID || $entity->id() == RoleInterface::AUTHENTICATED_ID) { return AccessResult::forbidden(); } default: return parent::checkAccess($entity, $operation, $account); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { if ($operation == 'delete') { if ($entity->isLocked()) { return AccessResult::forbidden()->cacheUntilEntityChanges($entity); } else { return parent::checkAccess($entity, $operation, $langcode, $account)->cacheUntilEntityChanges($entity); } } return parent::checkAccess($entity, $operation, $langcode, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation == 'view') { // Do not allow access personal form via site-wide route. return AccessResult::allowedIf($account->hasPermission('access site-wide contact form') && $entity->id() !== 'personal')->cachePerPermissions(); } elseif ($operation == 'delete' || $operation == 'update') { // Do not allow the 'personal' form to be deleted, as it's used for // the personal contact form. return AccessResult::allowedIf($account->hasPermission('administer contact forms') && $entity->id() !== 'personal')->cachePerPermissions(); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { switch ($operation) { case 'update': case 'delete': /* @var \Drupal\Core\Language\LanguageInterface $entity */ return AccessResult::allowedIf(!$entity->isLocked())->cacheUntilEntityChanges($entity)->andIf(parent::checkAccess($entity, $operation, $langcode, $account)); default: // No opinion. return AccessResult::neutral(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation === 'view') { return AccessResult::allowed(); } elseif ($operation == 'delete') { if ($entity->isLocked()) { return AccessResult::forbidden()->addCacheableDependency($entity); } else { return parent::checkAccess($entity, $operation, $account)->addCacheableDependency($entity); } } return parent::checkAccess($entity, $operation, $account); }
/** * Performs access checks. * * Uses permissions from host entity. * * @param \Drupal\Core\Entity\EntityInterface $entity * The entity for which to check 'create' access. * @param string $operation * The entity operation. Usually one of 'view', 'update', 'create' or * 'delete'. * @param \Drupal\Core\Session\AccountInterface $account * The user for which to check access. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $result = parent::checkAccess($entity, $operation, $account); if ($result->isForbidden()) { return $result; } /** @var \Drupal\Core\Entity\ContentEntityInterface $host */ if ($host = $entity->getHost()) { return $host->access($operation, $account, TRUE); } else { // @todo Log error when no host found. return AccessResult::forbidden(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'create': case 'update': return AccessResult::allowedIfHasPermission($account, 'administer site configuration'); case 'delete': if ($entity->isLocked()) { return AccessResult::forbidden(); } return AccessResult::allowedIfHasPermission($account, 'administer site configuration'); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'view': return AccessResult::allowedIfHasPermission($account, 'view scheduled update entities'); break; case 'delete': return parent::checkAccess($entity, $operation, $account)->cacheUntilEntityChanges($entity); break; default: return parent::checkAccess($entity, $operation, $account); break; } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { // There are no restrictions on viewing a date format. if ($operation == 'view') { return AccessResult::allowed(); } elseif (in_array($operation, array('update', 'delete'))) { if ($entity->isLocked()) { return AccessResult::forbidden()->addCacheableDependency($entity); } else { return parent::checkAccess($entity, $operation, $account)->addCacheableDependency($entity); } } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { /** @var $entity \Drupal\block\BlockInterface */ if ($operation != 'view') { return parent::checkAccess($entity, $operation, $langcode, $account); } // Don't grant access to disabled blocks. if (!$entity->status()) { return AccessResult::forbidden()->cacheUntilEntityChanges($entity); } else { // Delegate to the plugin. return $entity->getPlugin()->access($account)->cacheUntilEntityChanges($entity); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'update': /* @var \Drupal\Core\Language\LanguageInterface $entity */ return AccessResult::allowedIf(!$entity->isLocked())->addCacheableDependency($entity)->andIf(parent::checkAccess($entity, $operation, $account)); case 'delete': /* @var \Drupal\Core\Language\LanguageInterface $entity */ return AccessResult::allowedIf(!$entity->isLocked())->addCacheableDependency($entity)->andIf(AccessResult::allowedIf(!$entity->isDefault())->addCacheableDependency($entity))->andIf(parent::checkAccess($entity, $operation, $account)); default: // No opinion. return AccessResult::neutral(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var \Drupal\page_manager\PageVariantInterface $entity */ if ($operation === 'view') { $contexts = $entity->getContexts(); $conditions = $entity->getSelectionConditions(); foreach ($conditions as $condition) { if ($condition instanceof ContextAwarePluginInterface) { $this->contextHandler()->applyContextMapping($condition, $contexts); } } return AccessResult::allowedIf($this->resolveConditions($conditions, $entity->getSelectionLogic())); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'view': return AccessResult::allowedIfHasPermission($account, 'access content'); case 'delete': if ($entity->isLocked()) { return AccessResult::forbidden()->addCacheableDependency($entity); } else { return parent::checkAccess($entity, $operation, $account)->addCacheableDependency($entity); } break; default: return parent::checkAccess($entity, $operation, $account); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var \Drupal\page_manager\PageInterface $entity */ if ($operation == 'view') { if (!$entity->status()) { return AccessResult::forbidden()->addCacheableDependency($entity); } $conditions = $entity->getAccessConditions(); $contexts = $entity->getExecutable()->getContexts(); foreach ($conditions as $condition) { if ($condition instanceof ContextAwarePluginInterface) { $this->contextHandler()->applyContextMapping($condition, $contexts); } } return AccessResult::allowedIf($this->resolveConditions($conditions, $entity->getAccessLogic())); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { // First check drupal permission. if (parent::checkAccess($entity, $operation, $langcode, $account)->isForbidden()) { return AccessResult::forbidden(); } switch ($operation) { case 'enable': // Only disabled activity type can be enabled. return AccessResult::allowedIf(!$entity->status()); case 'disable': return AccessResult::allowedIf($entity->status()); case 'delete': // If activity instance of this activity type exist, you can't delete it. $count = \Drupal::entityQuery('crm_core_activity')->condition('type', $entity->id())->count()->execute(); return AccessResult::allowedIf($count == 0); case 'update': return AccessResult::allowed(); } }