/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $payment, $operation, AccountInterface $account)
{
/** @var \Drupal\payment\Entity\PaymentInterface $payment */
if ($operation == 'update_status') {
$payment_method = $payment->getPaymentMethod();
if ($payment_method instanceof PaymentMethodUpdatePaymentStatusInterface && !$payment_method->updatePaymentStatusAccess($account)) {
return AccessResult::forbidden();
}
} elseif ($operation == 'capture') {
$payment_method = $payment->getPaymentMethod();
if ($payment_method instanceof PaymentMethodCapturePaymentInterface) {
return AccessResult::allowedIf($payment_method instanceof PaymentMethodCapturePaymentInterface)->andIf(AccessResult::allowedIf($payment_method->capturePaymentAccess($account)))->andIf($this->checkAccessPermission($payment, $operation, $account));
}
return AccessResult::forbidden();
} elseif ($operation == 'refund') {
$payment_method = $payment->getPaymentMethod();
if ($payment_method instanceof PaymentMethodRefundPaymentInterface) {
return AccessResult::allowedIf($payment_method->refundPaymentAccess($account))->andIf($this->checkAccessPermission($payment, $operation, $account));
}
return AccessResult::forbidden();
} elseif ($operation == 'complete') {
if ($payment->getPaymentMethod()) {
return AccessResult::allowedIf($payment->getOwnerId() == $account->id())->orIf(AccessResult::forbiddenIf($payment->getPaymentMethod()->getPaymentExecutionResult()->isCompleted()));
} else {
return AccessResult::forbidden();
}
}
return $this->checkAccessPermission($payment, $operation, $account);
}
/**
* Control access to a block instance.
*
* Modules may implement this hook if they want to have a say in whether or not
* a given user has access to perform a given operation on a block instance.
*
* @param \Drupal\block\Entity\Block $block
* The block instance.
* @param string $operation
* The operation to be performed; for instance, 'view', 'create', 'delete', or
* 'update'.
* @param \Drupal\Core\Session\AccountInterface $account
* The user object to perform the access check operation on.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result. If all implementations of this hook return
* AccessResultInterface objects whose value is !isAllowed() and
* !isForbidden(), then default access rules from
* \Drupal\block\BlockAccessControlHandler::checkAccess() are used.
*
* @see \Drupal\Core\Entity\EntityAccessControlHandler::access()
* @see \Drupal\block\BlockAccessControlHandler::checkAccess()
* @ingroup block_api
*/
function hook_block_access(\Drupal\block\Entity\Block $block, $operation, \Drupal\Core\Session\AccountInterface $account)
{
// Example code that would prevent displaying the 'Powered by Drupal' block in
// a region different than the footer.
if ($operation == 'view' && $block->getPluginId() == 'system_powered_by_block') {
return AccessResult::forbiddenIf($block->getRegion() != 'footer')->cacheUntilEntityChanges($block);
}
// No opinion.
return AccessResult::neutral();
}
/**
* {@inheritdoc}
*/
public function access($object, AccountInterface $account = NULL, $return_as_object = FALSE)
{
$result = parent::access($object, $account, TRUE)->andif(AccessResult::forbiddenIf($this->moderationInfo->isModeratedEntity($object))->addCacheableDependency($object));
return $return_as_object ? $result : $result->isAllowed();
}
/**
* @covers ::forbiddenIf
* @covers ::isAllowed
* @covers ::isForbidden
* @covers ::isNeutral
*/
public function testAccessConditionallyForbidden()
{
$verify = function (AccessResult $access, $forbidden) {
$this->assertFalse($access->isAllowed());
$this->assertSame($forbidden, $access->isForbidden());
$this->assertSame(!$forbidden, $access->isNeutral());
$this->assertDefaultCacheability($access);
};
$b1 = AccessResult::forbiddenIf(TRUE);
$verify($b1, TRUE);
$b2 = AccessResult::forbiddenIf(FALSE);
$verify($b2, FALSE);
}
/**
* Control access to a block instance.
*
* Modules may implement this hook if they want to have a say in whether or not
* a given user has access to perform a given operation on a block instance.
*
* @param \Drupal\block\Entity\Block $block
* The block instance.
* @param string $operation
* The operation to be performed, e.g., 'view', 'create', 'delete', 'update'.
* @param \Drupal\user\Entity\User $account
* The user object to perform the access check operation on.
* @param string $langcode
* The language code to perform the access check operation on.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result. If all implementations of this hook return
* AccessResultInterface objects whose value is !isAllowed() and
* !isForbidden(), then default access rules from
* \Drupal\block\BlockAccessControlHandler::checkAccess() are used.
*
* @see \Drupal\Core\Entity\EntityAccessControlHandler::access()
* @see \Drupal\block\BlockAccessControlHandler::checkAccess()
* @ingroup block_api
*/
function hook_block_access(\Drupal\block\Entity\Block $block, $operation, \Drupal\user\Entity\User $account, $langcode)
{
// Example code that would prevent displaying the 'Powered by Drupal' block in
// a region different than the footer.
if ($operation == 'view' && $block->get('plugin') == 'system_powered_by_block') {
return AccessResult::forbiddenIf($block->get('region') != 'footer')->cacheUntilEntityChanges($block);
}
// No opinion.
return AccessResult::neutral();
}
