/**
* Checks access to the node preview page.
*
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param \Drupal\node\NodeInterface $node_preview
* The node that is being previewed.
*
* @return string
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(AccountInterface $account, NodeInterface $node_preview)
{
if ($node_preview->isNew()) {
$access_controller = $this->entityManager->getAccessControlHandler('node');
return $access_controller->createAccess($node_preview->bundle(), $account, [], TRUE);
} else {
return $node_preview->access('update', $account, TRUE);
}
}
/**
* Checks new registrations are permitted on an event.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account, RegistrationTypeInterface $registration_type = NULL)
{
if ($event = $route->getDefault('event')) {
$context = ['event' => $route_match->getParameter($event)];
$access_control_handler = $this->entityManager->getAccessControlHandler('registration');
return $access_control_handler->createAccess($registration_type, $account, $context, TRUE);
}
return AccessResult::forbidden();
}
/**
* Checks access to the support_ticket preview page.
*
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param \Drupal\support_ticket\SupportTicketInterface $support_ticket_preview
* The support_ticket that is being previewed.
*
* @return string
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(AccountInterface $account, SupportTicketInterface $support_ticket_preview)
{
if ($support_ticket_preview->isNew()) {
$access_controller = $this->entityManager->getAccessControlHandler('support_ticket');
return $access_controller->createAccess($support_ticket_preview->bundle(), $account, [], TRUE);
} else {
return $support_ticket_preview->access('update', $account, TRUE);
}
}
/**
* {@inheritdoc}
*/
public function access(AccountInterface $account)
{
// @todo Perhaps read config directly rather than load all feed types.
$access_control_handler = $this->entityManager->getAccessControlHandler('feeds_feed');
foreach ($this->entityManager->getStorage('feeds_feed_type')->loadByProperties(['status' => TRUE]) as $feed_type) {
$access = $access_control_handler->createAccess($feed_type->id(), $account, [], TRUE);
if ($access->isAllowed()) {
return $access;
}
}
return AccessResult::neutral();
}
/**
* Checks access to create the entity type and bundle for the given route.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The parametrized route.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account)
{
list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':');
// The bundle argument can contain request argument placeholders like
// {name}, loop over the raw variables and attempt to replace them in the
// bundle name. If a placeholder does not exist, it won't get replaced.
if ($bundle && strpos($bundle, '{') !== FALSE) {
foreach ($route_match->getRawParameters()->all() as $name => $value) {
$bundle = str_replace('{' . $name . '}', $value, $bundle);
}
// If we were unable to replace all placeholders, deny access.
if (strpos($bundle, '{') !== FALSE) {
return AccessResult::neutral();
}
}
return $this->entityManager->getAccessControlHandler($entity_type)->createAccess($bundle, $account, [], TRUE);
}
/**
* {@inheritdoc}
*/
public function evaluate()
{
$entity = $this->getContextValue('entity');
$field = $this->getContextValue('field');
if (!$entity->hasField($field)) {
return FALSE;
}
$operation = $this->getContextValue('operation');
$account = $this->getContextValue('user');
$access = $this->entityManager->getAccessControlHandler($entity->getEntityTypeId());
if (!$access->access($entity, $operation, Language::LANGCODE_DEFAULT, $account)) {
return FALSE;
}
$definition = $entity->getFieldDefinition($field);
$items = $entity->get($field);
return $access->fieldAccess($operation, $definition, $account, $items);
}
/**
* Checks access to the eck entity add page for the entity bundle type.
*
* @param AccountInterface $account
* The currently logged in account.
* @param EckEntityTypeInterface $eck_entity_type
* The entity type.
* @param string $eck_entity_bundle
* (optional) The entity type bundle.
*
* @return bool|AccessResult|\Drupal\Core\Access\AccessResultInterface
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(AccountInterface $account, EckEntityTypeInterface $eck_entity_type, $eck_entity_bundle = NULL)
{
$access_control_handler = $this->entityManager->getAccessControlHandler($eck_entity_type->id());
if (!empty($eck_entity_bundle)) {
return $access_control_handler->createAccess($eck_entity_bundle, $account, array(), TRUE);
}
// Get the entity type bundles.
$bundles = $this->entityManager->getStorage($eck_entity_type->id() . '_type')->loadMultiple();
// If checking whether an entity of any type may be created.
foreach ($bundles as $eck_entity_bundle) {
if (($access = $access_control_handler->createAccess($eck_entity_bundle->id(), $account, array(), TRUE)) && $access->isAllowed()) {
return $access;
}
}
// No opinion.
return AccessResult::neutral();
}
protected function checkAccess(ContentEntityInterface $entity, AccountInterface $account, $operation = 'view')
{
$entity_type_id = $entity->getEntityTypeId();
$entity_access = $this->entityManager->getAccessControlHandler($entity_type_id);
/** @var \Drupal\content_entity_base\Entity\Storage\RevisionableStorageInterface|\Drupal\Core\Entity\EntityStorageInterface $entity_storage */
$entity_storage = $this->entityManager->getStorage($entity_type_id);
if (!$entity_storage instanceof RevisionableStorageInterface) {
throw new \InvalidArgumentException('The entity storage has to implement \\Drupal\\content_entity_base\\Entity\\Storage\\RevisionableStorageInterface');
}
$map = ['view' => "view all {$entity_type_id} revisions", 'update' => "revert all {$entity_type_id} revisions", 'delete' => "delete all {$entity_type_id} revisions"];
$bundle = $entity->bundle();
$type_map = ['view' => "view {$entity_type_id} {$bundle} revisions", 'update' => "revert {$entity_type_id} {$bundle} revisions", 'delete' => "delete {$entity_type_id} {$bundle} revisions"];
if (!$entity || !isset($map[$operation]) || !isset($type_map[$operation])) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// Statically cache access by revision ID, language code, user account ID,
// and operation.
$langcode = $entity->language()->getId();
$cid = $entity->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $operation;
if (!isset($this->access[$cid])) {
// Perform basic permission checks first.
if (!$account->hasPermission($map[$operation]) && !$account->hasPermission($type_map[$operation]) && !$account->hasPermission('administer nodes')) {
$this->access[$cid] = FALSE;
return FALSE;
}
// There should be at least two revisions. If the vid of the given node
// and the vid of the default revision differ, then we already have two
// different revisions so there is no need for a separate database check.
// Also, if you try to revert to or delete the default revision, that's
// not good.
if ($entity->isDefaultRevision() && ($entity_storage->countDefaultLanguageRevisions($entity) == 1 || $operation == 'update' || $operation == 'delete')) {
$this->access[$cid] = FALSE;
} elseif ($account->hasPermission('administer ' . $entity_type_id)) {
$this->access[$cid] = TRUE;
} else {
// First check the access to the default revision and finally, if the
// node passed in is not the default revision then access to that, too.
$this->access[$cid] = $entity_access->access($entity_storage->load($entity->id()), $operation, $account) && ($entity->isDefaultRevision() || $entity_access->access($entity, $operation, $account));
}
}
return $this->access[$cid];
}
/**
* Checks access to the node add page for the node type.
*
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param \Drupal\node\NodeTypeInterface $node_type
* (optional) The node type. If not specified, access is allowed if there
* exists at least one node type for which the user may create a node.
*
* @return string
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(AccountInterface $account, NodeTypeInterface $node_type = NULL)
{
$access_control_handler = $this->entityManager->getAccessControlHandler('node');
// If checking whether a node of a particular type may be created.
if ($account->hasPermission('administer content types')) {
return AccessResult::allowed()->cachePerRole();
}
if ($node_type) {
return $access_control_handler->createAccess($node_type->id(), $account, [], TRUE);
}
// If checking whether a node of any type may be created.
foreach ($this->entityManager->getStorage('node_type')->loadMultiple() as $node_type) {
if (($access = $access_control_handler->createAccess($node_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
return $access;
}
}
// No opinion.
return AccessResult::neutral();
}
/**
* Checks access to the profile add page for the profile type.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param \Drupal\profile\Entity\ProfileTypeInterface $profile_type
* The profile type entity.
*
* @return bool|\Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, AccountInterface $account, ProfileTypeInterface $profile_type = NULL) {
$access_control_handler = $this->entityManager->getAccessControlHandler('profile');
if ($account->hasPermission('administer profile types')) {
return AccessResult::allowed()->cachePerPermissions();
}
$operation = $route->getRequirement('_profile_access_check');
if ($operation == 'add') {
return $access_control_handler->access($profile_type, $operation, $account, TRUE);
}
if ($profile_type) {
return $access_control_handler->createAccess($profile_type->id(), $account, [], TRUE);
}
// If checking whether a profile of any type may be created.
foreach ($this->entityManager->getStorage('profile_type')->loadMultiple() as $profile_type) {
if (($access = $access_control_handler->createAccess($profile_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
return $access;
}
}
// No opinion.
return AccessResult::neutral();
}
/**
* Constructs a new SupportTicketRevisionAccessCheck.
*
* @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager
* The entity manager.
* @param \Drupal\Core\Database\Connection $connection
* The database connection.
*/
public function __construct(EntityManagerInterface $entity_manager)
{
$this->supportTicketStorage = $entity_manager->getStorage('support_ticket');
$this->supportTicketAccess = $entity_manager->getAccessControlHandler('support_ticket');
}
/**
* Constructs a new NodeRevisionAccessCheck.
*
* @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager
* The entity manager.
* @param \Drupal\Core\Database\Connection $connection
* The database connection.
*/
public function __construct(EntityManagerInterface $entity_manager)
{
$this->nodeStorage = $entity_manager->getStorage('node');
$this->nodeAccess = $entity_manager->getAccessControlHandler('node');
}
/**
* {@inheritdoc}
*/
public function access(AccountInterface $account)
{
$access_control_handler = $this->entityManager->getAccessControlHandler($this->getEntityType());
return $access_control_handler->fieldAccess('view', $this->getFieldDefinition(), $account);
}
/**
* {@inheritdoc}
*/
public function getAccessControlHandler($entity_type)
{
return $this->entityManager->getAccessControlHandler($entity_type);
}
/**
* {@inheritdoc}
*/
public function access(AccountInterface $account)
{
$base_table = $this->get_base_table();
$access_control_handler = $this->entityManager->getAccessControlHandler($this->definition['entity_tables'][$base_table]);
return $access_control_handler->fieldAccess('view', $this->getFieldDefinition(), $account, NULL, TRUE);
}
/**
* Implements \Drupal\block\BlockBase::blockAccess().
*/
public function blockAccess(AccountInterface $account)
{
$access_control_handler = $this->entityManager->getAccessControlHandler('node');
return $access_control_handler->createAccess($this->configuration['type'], $account);
}
