/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
if ($operation === 'view') {
return AccessResult::allowedIfHasPermission($account, 'access content');
}
return parent::checkAccess($entity, $operation, $account);
}
/**
* {@inheritdoc}
*/
protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL)
{
if ($operation == 'edit') {
return AccessResult::allowedIfHasPermissions($account, ['administer tmgmt', 'administer translation tasks']);
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
public function __construct(EntityTypeInterface $entity_type, FillPdfAccessHelperInterface $access_helper, FillPdfLinkManipulatorInterface $link_manipulator, FillPdfContextManagerInterface $context_manager) {
parent::__construct($entity_type);
$this->accessHelper = $access_helper;
$this->linkManipulator = $link_manipulator;
$this->contextManager = $context_manager;
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
/** @var \Drupal\crm_core_contact\Entity\ContactType $entity */
// First check permission.
if (parent::checkAccess($entity, $operation, $account)->isForbidden()) {
return AccessResult::forbidden();
}
switch ($operation) {
case 'enable':
// Only disabled contact type can be enabled.
return AccessResult::allowedIf(!$entity->status());
case 'disable':
return AccessResult::allowedIf($entity->status());
case 'delete':
// If contact instance of this contact type exist, you can't delete it.
$results = \Drupal::entityQuery('crm_core_contact')->condition('type', $entity->id())->execute();
return AccessResult::allowedIf(empty($results));
// @todo Which is it?
// @todo Which is it?
case 'edit':
case 'update':
// If the contact type is locked, you can't edit it.
return AccessResult::allowed();
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $filter_format, $operation, $langcode, AccountInterface $account)
{
/** @var \Drupal\filter\FilterFormatInterface $filter_format */
// All users are allowed to use the fallback filter.
if ($operation == 'use') {
if ($filter_format->isFallbackFormat()) {
return AccessResult::allowed();
} else {
return AccessResult::allowedIfHasPermission($account, $filter_format->getPermissionName());
}
}
// The fallback format may not be disabled.
if ($operation == 'disable' && $filter_format->isFallbackFormat()) {
return AccessResult::forbidden();
}
// We do not allow filter formats to be deleted through the UI, because that
// would render any content that uses them unusable.
if ($operation == 'delete') {
return AccessResult::forbidden();
}
if (in_array($operation, array('disable', 'update'))) {
return parent::checkAccess($filter_format, $operation, $langcode, $account);
}
// No opinion.
return AccessResult::neutral();
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
if ($operation === 'view') {
return AccessResult::allowed();
}
return parent::checkAccess($entity, $operation, $account);
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
/** @var \Drupal\crm_core_match\Matcher\MatcherConfigInterface $entity */
return parent::checkAccess($entity, $operation, $account);
// Deny delete access.
// ->andIf(AccessResult::allowedIf($operation != 'delete'));
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
$access = parent::checkAccess($entity, $operation, $account);
if ($operation === 'view') {
$access = $access->orIf(AccessResult::allowedIfHasPermission($account, 'access ' . $entity->getEntityTypeId()));
}
return $access;
}
/**
* Performs access checks.
*
* Uses permissions from host entity.
*
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity for which to check 'create' access.
* @param string $operation
* The entity operation. Usually one of 'view', 'update', 'create' or
* 'delete'.
* @param \Drupal\Core\Session\AccountInterface $account
* The user for which to check access.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
$result = parent::checkAccess($entity, $operation, $account);
if ($result->isForbidden()) {
return $result;
}
return $entity->getHost()->access($operation, $account, TRUE);
}
/**
* {@inheritdoc}
*/
public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account)
{
if ($operation == 'view') {
return AccessResult::allowed();
} else {
return parent::checkAccess($entity, $operation, $langcode, $account);
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
/** @var \Drupal\block\BlockInterface $entity */
if ($operation != 'view') {
return parent::checkAccess($entity, $operation, $account);
}
// Don't grant access to disabled blocks.
if (!$entity->status()) {
return AccessResult::forbidden()->addCacheableDependency($entity);
} else {
$conditions = [];
$missing_context = FALSE;
foreach ($entity->getVisibilityConditions() as $condition_id => $condition) {
if ($condition instanceof ContextAwarePluginInterface) {
try {
$contexts = $this->contextRepository->getRuntimeContexts(array_values($condition->getContextMapping()));
$this->contextHandler->applyContextMapping($condition, $contexts);
} catch (ContextException $e) {
$missing_context = TRUE;
}
}
$conditions[$condition_id] = $condition;
}
if ($missing_context) {
// If any context is missing then we might be missing cacheable
// metadata, and don't know based on what conditions the block is
// accessible or not. For example, blocks that have a node type
// condition will have a missing context on any non-node route like the
// frontpage.
// @todo Avoid setting max-age 0 for some or all cases, for example by
// treating available contexts without value differently in
// https://www.drupal.org/node/2521956.
$access = AccessResult::forbidden()->setCacheMaxAge(0);
} elseif ($this->resolveConditions($conditions, 'and') !== FALSE) {
// Delegate to the plugin.
$block_plugin = $entity->getPlugin();
try {
if ($block_plugin instanceof ContextAwarePluginInterface) {
$contexts = $this->contextRepository->getRuntimeContexts(array_values($block_plugin->getContextMapping()));
$this->contextHandler->applyContextMapping($block_plugin, $contexts);
}
$access = $block_plugin->access($account, TRUE);
} catch (ContextException $e) {
// Setting access to forbidden if any context is missing for the same
// reasons as with conditions (described in the comment above).
// @todo Avoid setting max-age 0 for some or all cases, for example by
// treating available contexts without value differently in
// https://www.drupal.org/node/2521956.
$access = AccessResult::forbidden()->setCacheMaxAge(0);
}
} else {
$access = AccessResult::forbidden();
}
$this->mergeCacheabilityFromConditions($access, $conditions);
// Ensure that access is evaluated again when the block changes.
return $access->addCacheableDependency($entity);
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
$admin_access = parent::checkAccess($entity, $operation, $account);
// Allow view with other permission.
if ($operation === 'view') {
return AccessResult::allowedIfHasPermission($account, 'view moderation states')->orIf($admin_access);
}
return $admin_access;
}
/**
* {@inheritdoc}
*/
protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL)
{
// No user can edit the status of a file. Prevents saving a new file as
// persistent before even validating it.
if ($field_definition->getName() === 'status' && $operation === 'edit') {
return AccessResult::forbidden();
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
// ZZ is the fallback address format and it must always be present.
if ($operation == 'delete' && $entity->id() == 'ZZ') {
return AccessResult::forbidden();
} else {
return parent::checkAccess($entity, $operation, $account);
}
}
/**
* {@inheritdoc}
*/
public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = [], $return_as_object = FALSE)
{
$account = $this->prepareUser($account);
if ($account->hasPermission('bypass profile access')) {
$result = AccessResult::allowed()->cachePerPermissions();
return $return_as_object ? $result : $result->isAllowed();
}
$result = parent::createAccess($entity_bundle, $account, $context, TRUE)->cachePerPermissions();
return $return_as_object ? $result : $result->isAllowed();
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
switch ($operation) {
case 'view':
return AccessResult::allowedIfHasPermission($account, 'access content');
break;
default:
return parent::checkAccess($entity, $operation, $account);
break;
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
switch ($operation) {
case 'delete':
if ($entity->id() == RoleInterface::ANONYMOUS_ID || $entity->id() == RoleInterface::AUTHENTICATED_ID) {
return AccessResult::forbidden();
}
default:
return parent::checkAccess($entity, $operation, $account);
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account)
{
if ($operation == 'delete') {
if ($entity->isLocked()) {
return AccessResult::forbidden()->cacheUntilEntityChanges($entity);
} else {
return parent::checkAccess($entity, $operation, $langcode, $account)->cacheUntilEntityChanges($entity);
}
}
return parent::checkAccess($entity, $operation, $langcode, $account);
}
/**
* {@inheritdoc}
*/
public function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
if ($operation == 'view') {
// Allow viewing the configuration entity.
return AccessResult::allowed();
}
if ($entity->isLocked()) {
return AccessResult::forbidden();
}
return parent::checkAccess($entity, $operation, $account);
}
/**
* {@inheritdoc}
*/
public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account)
{
// The $opereration parameter tells you what sort of operation access is
// being checked for.
if ($operation == 'view') {
return TRUE;
}
// Other than the view operation, we're going to be insanely lax about
// access. Don't try this at home!
return parent::checkAccess($entity, $operation, $langcode, $account);
}
/**
* {@inheritdoc}
*/
public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account)
{
switch ($operation) {
case 'update':
case 'delete':
/* @var \Drupal\Core\Language\LanguageInterface $entity */
return AccessResult::allowedIf(!$entity->isLocked())->cacheUntilEntityChanges($entity)->andIf(parent::checkAccess($entity, $operation, $langcode, $account));
default:
// No opinion.
return AccessResult::neutral();
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
if ($operation == 'view') {
// Do not allow access personal form via site-wide route.
return AccessResult::allowedIf($account->hasPermission('access site-wide contact form') && $entity->id() !== 'personal')->cachePerPermissions();
} elseif ($operation == 'delete' || $operation == 'update') {
// Do not allow the 'personal' form to be deleted, as it's used for
// the personal contact form.
return AccessResult::allowedIf($account->hasPermission('administer contact forms') && $entity->id() !== 'personal')->cachePerPermissions();
}
return parent::checkAccess($entity, $operation, $account);
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
if ($operation === 'view') {
return AccessResult::allowed();
} elseif ($operation == 'delete') {
if ($entity->isLocked()) {
return AccessResult::forbidden()->addCacheableDependency($entity);
} else {
return parent::checkAccess($entity, $operation, $account)->addCacheableDependency($entity);
}
}
return parent::checkAccess($entity, $operation, $account);
}
/**
* Performs access checks.
*
* Uses permissions from host entity.
*
* @param \Drupal\Core\Entity\EntityInterface $entity
* The entity for which to check 'create' access.
* @param string $operation
* The entity operation. Usually one of 'view', 'update', 'create' or
* 'delete'.
* @param \Drupal\Core\Session\AccountInterface $account
* The user for which to check access.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
$result = parent::checkAccess($entity, $operation, $account);
if ($result->isForbidden()) {
return $result;
}
/** @var \Drupal\Core\Entity\ContentEntityInterface $host */
if ($host = $entity->getHost()) {
return $host->access($operation, $account, TRUE);
} else {
// @todo Log error when no host found.
return AccessResult::forbidden();
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account)
{
/** @var $entity \Drupal\block\BlockInterface */
if ($operation != 'view') {
return parent::checkAccess($entity, $operation, $langcode, $account);
}
// Don't grant access to disabled blocks.
if (!$entity->status()) {
return AccessResult::forbidden()->cacheUntilEntityChanges($entity);
} else {
// Delegate to the plugin.
return $entity->getPlugin()->access($account)->cacheUntilEntityChanges($entity);
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
switch ($operation) {
case 'update':
/* @var \Drupal\Core\Language\LanguageInterface $entity */
return AccessResult::allowedIf(!$entity->isLocked())->addCacheableDependency($entity)->andIf(parent::checkAccess($entity, $operation, $account));
case 'delete':
/* @var \Drupal\Core\Language\LanguageInterface $entity */
return AccessResult::allowedIf(!$entity->isLocked())->addCacheableDependency($entity)->andIf(AccessResult::allowedIf(!$entity->isDefault())->addCacheableDependency($entity))->andIf(parent::checkAccess($entity, $operation, $account));
default:
// No opinion.
return AccessResult::neutral();
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
// There are no restrictions on viewing a date format.
if ($operation == 'view') {
return AccessResult::allowed();
} elseif (in_array($operation, array('update', 'delete'))) {
if ($entity->isLocked()) {
return AccessResult::forbidden()->addCacheableDependency($entity);
} else {
return parent::checkAccess($entity, $operation, $account)->addCacheableDependency($entity);
}
}
return parent::checkAccess($entity, $operation, $account);
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
switch ($operation) {
case 'view':
return AccessResult::allowedIfHasPermission($account, 'view scheduled update entities');
break;
case 'delete':
return parent::checkAccess($entity, $operation, $account)->cacheUntilEntityChanges($entity);
break;
default:
return parent::checkAccess($entity, $operation, $account);
break;
}
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
{
switch ($operation) {
case 'create':
case 'update':
return AccessResult::allowedIfHasPermission($account, 'administer site configuration');
case 'delete':
if ($entity->isLocked()) {
return AccessResult::forbidden();
}
return AccessResult::allowedIfHasPermission($account, 'administer site configuration');
}
return parent::checkAccess($entity, $operation, $account);
}
/**
* {@inheritdoc}
*/
public function access(EntityInterface $entity, $operation, $langcode = LanguageInterface::LANGCODE_DEFAULT, AccountInterface $account = NULL, $return_as_object = FALSE) {
/* @var $entity \Drupal\mailchimp_campaign\Entity\MailchimpCampaign */
$status = $entity->mc_data['status'];
switch ($operation) {
case 'send':
case 'edit':
case 'delete':
return ($status == MAILCHIMP_STATUS_SENT) ? AccessResult::forbidden() : AccessResult::allowed();
break;
case 'stats':
return ($status == MAILCHIMP_STATUS_SENT) ? AccessResult::allowed() : AccessResult::forbidden();
default:
return parent::access($entity, $operation, $langcode, $account, $return_as_object);
}
}
