/** * {@inheritdoc} * * When the $operation is 'add' then the $entity is of type 'profile_type', * otherwise $entity is of type 'profile'. */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $account = $this->prepareUser($account); $user_page = \Drupal::request()->attributes->get('user'); // Some times, operation edit is called update. // Use edit in any case. if ($operation == 'update') { $operation = 'edit'; } // Check that if profile type has require roles, the user the profile is // being added to has any of the required roles. if ($entity->getEntityTypeId() == 'profile') { $profile_roles = ProfileType::load($entity->bundle())->getRoles(); $user_roles = $entity->getOwner()->getRoles(TRUE); if (!empty(array_filter($profile_roles)) && !array_intersect($user_roles, $profile_roles)) { return AccessResult::forbidden(); } } elseif ($entity->getEntityTypeId() == 'profile_type') { $profile_roles = $entity->getRoles(); $user_roles = User::load($user_page->id())->getRoles(TRUE); if (!empty(array_filter($profile_roles)) && !array_intersect($user_roles, $profile_roles)) { return AccessResult::forbidden(); } } if ($account->hasPermission('bypass profile access')) { return AccessResult::allowed()->cachePerPermissions(); } elseif ($operation == 'add' && ($user_page->id() == $account->id() && $account->hasPermission($operation . ' own ' . $entity->id() . ' profile') || $account->hasPermission($operation . ' any ' . $entity->id() . ' profile')) || $operation != 'add' && ($entity->getOwnerId() == $account->id() && $account->hasPermission($operation . ' own ' . $entity->getType() . ' profile') || $account->hasPermission($operation . ' any ' . $entity->getType() . ' profile'))) { return AccessResult::allowed()->cachePerPermissions(); } else { return AccessResult::forbidden()->cachePerPermissions(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($entity->getOwnerId() == $account->id()) { return AccessResult::allowedIfHasPermission($account, $operation . ' own ' . $entity->bundle() . ' entity'); } return AccessResult::allowedIfHasPermission($account, $operation . ' any ' . $entity->bundle() . ' entity'); }
/** * Prepares the link to the profile. * * @param \Drupal\Core\Entity\EntityInterface $profile * The profile entity this field belongs to. * @param ResultRow $values * The values retrieved from the view's result set. * * @return string * Returns a string for the link text. */ protected function renderLink($profile, ResultRow $values) { // Ensure user has access to edit this profile. if (!$profile->access('update')) { return; } $this->options['alter']['make_link'] = TRUE; $this->options['alter']['path'] = "user/" . $profile->getOwnerId() . "/profile/" . $profile->bundle() . "/" . $profile->id(); $this->options['alter']['query'] = \Drupal::destination()->getAsArray(); $text = !empty($this->options['text']) ? $this->options['text'] : t('Edit'); return $text; }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var ScheduledUpdate $entity */ if ($operation == 'view') { return AccessResult::allowedIfHasPermission($account, 'view scheduled update entities'); } $type_id = $entity->bundle(); if ($entity->getOwnerId() == $account->id()) { // If owner that needs either own or any permission, not both. return AccessResult::allowedIfHasPermissions($account, ["{$operation} any {$type_id} scheduled updates", "{$operation} own {$type_id} scheduled updates"], 'OR'); } else { return AccessResult::allowedIfHasPermission($account, "{$operation} any {$type_id} scheduled updates"); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $support_ticket, $operation, AccountInterface $account) { /** @var \Drupal\support_ticket\SupportTicketInterface $support_ticket */ // Fetch information from the support_ticket object if possible. $status = $support_ticket->isPublished(); $uid = $support_ticket->getOwnerId(); // Check if authors can view their own unpublished support tickets. if ($operation === 'view' && !$status && $account->hasPermission('view own unpublished support tickets') && $account->isAuthenticated() && $account->id() == $uid) { return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($support_ticket); } if ($operation === 'view') { return AccessResult::allowedIf($status)->cacheUntilEntityChanges($support_ticket); } // No opinion. return AccessResult::neutral(); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $account = $this->prepareUser($account); $user_page = \Drupal::request()->attributes->get('user'); // Some times, operation edit is called update. // Use edit in any case. if ($operation == 'update') { $operation = 'edit'; } if ($account->hasPermission('bypass profile access')) { return AccessResult::allowed()->cachePerPermissions(); } elseif ($operation == 'add' && ($user_page->id() == $account->id() && $account->hasPermission($operation . ' own ' . $entity->id() . ' profile') || $account->hasPermission($operation . ' any ' . $entity->id() . ' profile')) || $operation != 'add' && ($entity->getOwnerId() == $account->id() && $account->hasPermission($operation . ' own ' . $entity->getType() . ' profile') || $account->hasPermission($operation . ' any ' . $entity->getType() . ' profile'))) { return AccessResult::allowed()->cachePerPermissions(); } else { return AccessResult::forbidden()->cachePerPermissions(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { /** @var \Drupal\Core\Entity\EntityInterface|\Drupal\user\EntityOwnerInterface $entity */ switch ($operation) { case 'view': return $account->hasPermission('access comments'); break; case 'update': return $account->id() && $account->id() == $entity->getOwnerId() && $entity->status->value == CommentInterface::PUBLISHED && $account->hasPermission('edit own comments') || $account->hasPermission('administer comments'); break; case 'delete': return $account->hasPermission('administer comments'); break; case 'approve': return $account->hasPermission('administer comments'); break; } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $order, $operation, AccountInterface $account) { /** @var \Drupal\uc_order\OrderInterface $order */ switch ($operation) { case 'view': case 'invoice': // Admins can view all orders. if ($account->hasPermission('view all orders')) { return AccessResult::allowed()->cachePerPermissions(); } // Non-anonymous users can view their own orders and invoices with permission. $permission = $operation == 'view' ? 'view own orders' : 'view own invoices'; if ($account->id() && $account->id() == $order->getOwnerId() && $account->hasPermission($permission)) { return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($order); } return AccessResult::forbidden()->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($order); case 'update': return AccessResult::allowedIfHasPermission($account, 'edit orders')->cachePerPermissions()->cachePerUser(); case 'delete': if ($account->hasPermission('unconditionally delete orders')) { // Unconditional deletion perms are always TRUE. return AccessResult::allowed()->cachePerPermissions()->cachePerUser(); } if ($account->hasPermission('delete orders')) { // Only users with unconditional deletion perms can delete completed orders. if ($order->getStateId() == 'completed') { return AccessResult::forbidden()->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($order); } else { // See if any modules have a say in this order's eligibility for deletion. $module_handler = \Drupal::moduleHandler(); foreach ($module_handler->getImplementations('uc_order_can_delete') as $module) { $function = $module . '_uc_order_can_delete'; if ($function($order) === FALSE) { return AccessResult::forbidden()->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($order); } } return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($order); } } return AccessResult::forbidden()->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($order); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { /** @var \Drupal\Core\Entity\EntityInterface|\Drupal\user\EntityOwnerInterface $entity */ switch ($operation) { case 'view': if ($account->hasPermission('access comments') && $entity->isPublished() || $account->hasPermission('administer comments')) { return $entity->getCommentedEntity()->access($operation, $account); } break; case 'update': return $account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments') || $account->hasPermission('administer comments'); break; case 'delete': return $account->hasPermission('administer comments'); break; case 'approve': return $account->hasPermission('administer comments'); break; } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'view': if ($account->hasPermission('access grade items') && $account->isAuthenticated() && $account->id() == $entity->getOwnerId()) { return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($entity); } case 'update': if ($account->hasPermission('administer grade items')) { return AccessResult::allowed()->cachePerPermissions(); } if (!$account->hasPermission('access grade items')) { return AccessResult::neutral()->cachePerPermissions(); } return AccessResult::allowedIf($account->hasPermission('customize grade items') && $entity == grade_scale_current_displayed_set($account))->cachePerPermissions()->cacheUntilEntityChanges($entity); case 'delete': return AccessResult::allowedIf($account->hasPermission('administer grade items') && $entity->id() != 'default')->cachePerPermissions(); default: // No opinion. return AccessResult::neutral(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $node, $operation, AccountInterface $account) { /** @var \Drupal\node\NodeInterface $node */ // Fetch information from the node object if possible. $status = $node->isPublished(); $uid = $node->getOwnerId(); // Check if authors can view their own unpublished nodes. if ($operation === 'view' && !$status && $account->hasPermission('view own unpublished content') && $account->isAuthenticated() && $account->id() == $uid) { return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->addCacheableDependency($node); } // Evaluate node grants. return $this->grantStorage->access($node, $operation, $account); }
/** * {@inheritdoc} * * Each comment must have a comment body, which always has a text format. */ protected function getAdditionalCacheTagsForEntity(EntityInterface $entity) { /** @var \Drupal\comment\CommentInterface $entity */ return array('filter_format:plain_text', 'user:'******'user_view'); }
/** * {@inheritdoc} * * Each node must have an author. */ protected function getAdditionalCacheTagsForEntity(EntityInterface $node) { return array('user:'******'user_view'); }
/** * {@inheritdoc} */ public function buildRow(EntityInterface $entity) { /** @var \Drupal\profile\ProfileInterface $entity */ $mark = [ '#theme' => 'mark', '#mark_type' => node_mark($entity->id(), $entity->getChangedTime()), ]; $langcode = $entity->language()->id; $uri = $entity->urlInfo(); $options = $uri->getOptions(); $options += ($langcode != LanguageInterface::LANGCODE_NOT_SPECIFIED && isset($languages[$langcode]) ? ['language' => $languages[$langcode]] : []); $uri->setOptions($options); $row['label']['data'] = [ '#type' => 'link', '#title' => $entity->label(), '#suffix' => ' ' . drupal_render($mark), ] + $uri->toRenderArray(); $row['type'] = $entity->getType()->id(); $row['owner']['data'] = [ '#theme' => 'username', '#account' => $entity->getOwner(), ]; $row['status'] = $entity->isActive() ? $this->t('active') : $this->t('not active'); $row['changed'] = $this->dateFormatter->format($entity->getChangedTime(), 'short'); $language_manager = \Drupal::languageManager(); if ($language_manager->isMultilingual()) { $row['language_name'] = $language_manager->getLanguageName($langcode); } $route_params = ['user' => $entity->getOwnerId(), 'type' => $entity->bundle(), 'profile' => $entity->id()]; $links['edit'] = [ 'title' => t('Edit'), 'route_name' => 'entity.profile.edit_form', 'route_parameters' => $route_params, ]; $links['delete'] = [ 'title' => t('Delete'), 'route_name' => 'entity.profile.delete_form', 'route_parameters' => $route_params, ]; $row[] = [ 'data' => [ '#type' => 'operations', '#links' => $links, ], ]; return $row + parent::buildRow($entity); }
/** * Assign a player to a team. * * Incoming entity will be a registration node with a reference * to a team. When that's updated, load the team node and make * sure the player is assigned/removed from the team node. * * TODO: This does not update the previous revision, so manual * clean up is needed if the player is switched to a different * team. * * @param \Drupal\Core\Entity\EntityInterface $entity */ public function assignPlayerToTeam(\Drupal\Core\Entity\EntityInterface $entity) { $team_nid = $entity->get('field_registration_teams')->getValue(); if (isset($team_nid[0]['target_id'])) { $team_node = \Drupal\node\Entity\Node::load($team_nid[0]['target_id']); $player_nids = array_merge($team_node->get('field_players')->getValue(), array(array('target_id' => $entity->getOwnerId()))); $player_nids = array_map("unserialize", array_unique(array_map("serialize", $player_nids))); $team_node->get('field_players')->setValue($player_nids); $team_node->save(); } }