/** * Access control for the subscription settings user page. * * The user is checked for both global permissions and permissions to edit * his own subscriptions. * * @param \Drupal\Core\Entity\EntityInterface $user * The user object from the route. * * @return \Drupal\Core\Access\AccessResult * An access result object carrying the result of the check. */ public function access(EntityInterface $user) { if ($this->currentUser->hasPermission('manage all subscriptions')) { return AccessResult::allowed(); } elseif (!$this->currentUser->isAnonymous() && $this->currentUser->id() == $user->id() && $this->currentUser->hasPermission('manage own subscriptions')) { return AccessResult::allowed(); } return AccessResult::forbidden(); }