/**
* {@inheritdoc}
*/
public function allowed(WorkflowTransition $transition, WorkflowInterface $workflow, EntityInterface $entity)
{
$to_state = $transition->getToState()->getId();
// Disable virtual state.
if ($to_state == self::NON_STATE) {
return FALSE;
}
$from_state = $this->getState($entity);
// Allowed transitions are already filtered so we only need to check
// for the transitions defined in the settings if they include a role the
// user has.
// @see: solution.settings.yml
$allowed_conditions = \Drupal::config('solution.settings')->get('transitions');
if (\Drupal::currentUser()->hasPermission('bypass node access')) {
return TRUE;
}
// Check if the user has one of the allowed system roles.
$authorized_roles = isset($allowed_conditions[$to_state][$from_state]) ? $allowed_conditions[$to_state][$from_state] : [];
$user = $this->workflowUserProvider->getUser();
if (array_intersect($authorized_roles, $user->getRoles())) {
return TRUE;
}
// Check if the user has one of the allowed group roles.
$membership = Og::getMembership($entity, $user);
return $membership && array_intersect($authorized_roles, $membership->getRolesIds());
}
/**
* {@inheritdoc}
*
* We need to override default transitions allowed because this is also
* dependant on the parent's moderation, system roles and organic groups
* user roles. In the following method, the allowed transitions per
* moderation are checked and then if the transition is allowed, the user
* roles by the system and the organic groups are checked.
*/
public function allowed(WorkflowTransition $transition, WorkflowInterface $workflow, EntityInterface $entity)
{
$to_state = $transition->getToState()->getId();
// Disable virtual state.
if ($to_state == self::NON_STATE) {
return FALSE;
}
$from_state = $this->getState($entity);
$parent = $this->getParent($entity);
$is_moderated = self::MODERATED;
if ($parent) {
$is_moderated = $parent->bundle() == 'collection' ? $parent->field_ar_moderation->first()->value : $parent->field_is_moderation->first()->value;
}
$allowed_transitions = \Drupal::config('joinup_news.settings')->get('transitions');
// Some transitions are not allowed per parent's moderation.
// Check for the transitions allowed.
// @see: joinup_news.settings.yml
if (!isset($allowed_transitions[$is_moderated][$to_state][$from_state])) {
return FALSE;
}
// This Guard class's method called whenever the transitions are checked
// even outside the entity CRUD forms. Cases like this is e.g. when trying
// to edit the settings of the field.
// In these cases, there is no parent entity so we need to check for it.
if (empty($parent)) {
return FALSE;
}
// Check if the user has one of the allowed system roles.
$authorized_roles = $allowed_transitions[$is_moderated][$to_state][$from_state];
$user = \Drupal::currentUser();
if (array_intersect($authorized_roles, $user->getRoles())) {
return TRUE;
}
// Check if the user has one of the allowed group roles.
$membership = Og::getMembership($parent, $user->getAccount());
return $membership && array_intersect($authorized_roles, $membership->getRolesIds());
}
