/**
* {@inheritdoc}
*/
public function defaultAccess($operation = 'view', AccountInterface $account = NULL)
{
if ($operation == 'view') {
return AccessResult::allowed();
}
return AccessResult::allowedIfHasPermissions($account, ['create url aliases', 'administer url aliases'], 'OR')->cachePerPermissions();
}
/**
* {@inheritdoc}
*/
protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL)
{
if ($operation == 'edit') {
return AccessResult::allowedIfHasPermissions($account, ['administer tmgmt', 'administer translation tasks']);
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
/**
* {@inheritdoc}
*/
protected function blockAccess(AccountInterface $account)
{
if ($this->masquerade->isMasquerading()) {
return AccessResult::forbidden()->addCacheContexts(['is_masquerading']);
}
// Display block for all users that has any of masquerade permissions.
return AccessResult::allowedIfHasPermissions($account, $this->masquerade->getPermissions(), 'OR');
}
/**
* Check to see if user has any permissions to masquerade.
*
* @param \Drupal\Core\Session\AccountInterface $account
* Run access checks for this account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(AccountInterface $account)
{
// Uid 1 may masquerade as anyone.
if ($account->id() == 1) {
return AccessResult::allowed()->cachePerUser();
}
$permissions = $this->masquerade->getPermissions();
return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
$access_result = AccessResult::allowedIfHasPermissions($account, ["create {$entity_bundle} entityqueue", 'manipulate all entityqueues', 'administer entityqueue'], 'OR');
if ($entity_bundle) {
$queue = EntityQueue::load($entity_bundle);
$access_result = AccessResult::allowedIf(!$queue->getHandlerPlugin()->hasAutomatedSubqueues());
}
return $access_result;
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL)
{
$contact_type_is_active = empty($entity_bundle);
// Load the contact type entity.
if (!empty($entity_bundle)) {
/* @var \Drupal\crm_core_contact\Entity\ContactType $contact_type_entity */
$contact_type_entity = ContactType::load($entity_bundle);
$contact_type_is_active = $contact_type_entity->status();
}
return AccessResult::allowedIf($contact_type_is_active)->andIf(AccessResult::allowedIfHasPermissions($account, ['administer crm_core_contact entities', 'create crm_core_contact entities', 'create crm_core_contact entities of bundle ' . $entity_bundle], 'OR'));
}
/**
* Checks access.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, AccountInterface $account)
{
$permission = $route->getRequirement('_permission');
// Allow to conjunct the permissions with OR ('+') or AND (',').
$split = explode(',', $permission);
if (count($split) > 1) {
return AccessResult::allowedIfHasPermissions($account, $split, 'AND');
} else {
$split = explode('+', $permission);
return AccessResult::allowedIfHasPermissions($account, $split, 'OR');
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
/** @var ScheduledUpdate $entity */
if ($operation == 'view') {
return AccessResult::allowedIfHasPermission($account, 'view scheduled update entities');
}
$type_id = $entity->bundle();
if ($entity->getOwnerId() == $account->id()) {
// If owner that needs either own or any permission, not both.
return AccessResult::allowedIfHasPermissions($account, ["{$operation} any {$type_id} scheduled updates", "{$operation} own {$type_id} scheduled updates"], 'OR');
} else {
return AccessResult::allowedIfHasPermission($account, "{$operation} any {$type_id} scheduled updates");
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
switch ($operation) {
case 'view':
return AccessResult::allowedIfHasPermission($account, 'access content');
case 'update':
return AccessResult::allowedIfHasPermissions($account, ["edit terms in {$entity->bundle()}", 'administer taxonomy'], 'OR');
case 'delete':
return AccessResult::allowedIfHasPermissions($account, ["delete terms in {$entity->bundle()}", 'administer taxonomy'], 'OR');
default:
// No opinion.
return AccessResult::neutral();
}
}
/**
* {@inheritdoc}
*/
public function access(AccountInterface $account)
{
$domain = $this->domainNegotiator->getActiveDomain();
// Is the domain allowed?
// No domain, let it pass.
if (empty($domain)) {
return AccessResult::allowed()->setCacheMaxAge(0);
}
// Active domain, let it pass.
if ($domain->status()) {
return AccessResult::allowed()->setCacheMaxAge(0);
} else {
$permissions = array('administer domains', 'access inactive domains');
$operator = 'OR';
return AccessResult::allowedIfHasPermissions($account, $permissions, $operator)->setCacheMaxAge(0);
}
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL)
{
return AccessResult::allowedIfHasPermission($account, 'administer shortcuts')->orIf(AccessResult::allowedIfHasPermissions($account, ['access shortcuts', 'customize shortcut links'], 'AND'));
}
/**
* Custom access check for continuous job form.
*
* @param \Drupal\Core\Session\AccountInterface $account
* Run access checks for this account.
*
* @return \Drupal\Core\Access\AccessResult
* Returns allowed if we have a translator with ContinuousSourceInterface
* and the logged in user has permission to create translation jobs.
*/
public function access(AccountInterface $account)
{
if (\Drupal::service('tmgmt.continuous')->checkIfContinuousTranslatorAvailable()) {
return AccessResult::allowedIfHasPermissions($account, ['administer tmgmt'])->addCacheTags(['config:tmgmt_translator_list']);
}
return AccessResult::forbidden()->addCacheTags(['config:tmgmt_translator_list']);
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL)
{
return AccessResult::allowedIfHasPermissions($account, ['add any ' . $entity_bundle . ' profile', 'add own ' . $entity_bundle . ' profile'], 'OR');
}
/**
* Determine access to update add page.
*
* If user has permission to add any types they should have access to this page.
*
* @param \Drupal\Core\Session\AccountInterface $account
*
* @return \Drupal\Core\Access\AccessResult
*/
public function addPageAccess(AccountInterface $account)
{
$types = $this->typeStorage->loadMultiple();
$perms = [];
foreach ($types as $type_id => $type) {
$perms[] = "create {$type_id} scheduled updates";
}
return AccessResult::allowedIfHasPermissions($account, $perms, 'OR');
}
/**
* Tests allowedIfHasPermissions().
*
* @covers ::allowedIfHasPermissions
*
* @dataProvider providerTestAllowedIfHasPermissions
*/
public function testAllowedIfHasPermissions($permissions, $conjunction, $expected_access)
{
$account = $this->getMock('\\Drupal\\Core\\Session\\AccountInterface');
$account->expects($this->any())->method('hasPermission')->willReturnMap([['allowed', TRUE], ['denied', FALSE]]);
$access_result = AccessResult::allowedIfHasPermissions($account, $permissions, $conjunction);
$this->assertEquals($expected_access, $access_result);
}
/**
* Overrides \Drupal\block\BlockBase::access().
*/
public function access(AccountInterface $account, $return_as_object = FALSE)
{
return AccessResult::allowedIfHasPermissions($account, array('administer domains', 'view domain information'), 'OR');
}
/**
* Overrides \Drupal\block\BlockBase::access().
*/
public function access(AccountInterface $account, $return_as_object = FALSE)
{
return AccessResult::allowedIfHasPermissions($account, array('administer domains', 'use domain switcher block'), 'OR');
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL)
{
return AccessResult::allowedIfHasPermissions($account, ['administer entity_test content', 'administer entity_test_with_bundle content', 'create ' . $entity_bundle . ' entity_test_with_bundle entities'], 'OR');
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL)
{
return AccessResult::allowedIfHasPermission($account, 'administer grade item data')->orIf(AccessResult::allowedIfHasPermissions($account, ['access grade item data', 'customize grade item data'], 'AND'));
}
