예제 #1
0
 /**
  * {@inheritdoc}
  */
 protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account)
 {
     /** @var \Drupal\user\UserInterface $entity*/
     // The anonymous user's profile can neither be viewed, updated nor deleted.
     if ($entity->isAnonymous()) {
         return AccessResult::forbidden();
     }
     // Administrators can view/update/delete all user profiles.
     if ($account->hasPermission('administer users')) {
         return AccessResult::allowed()->cachePerRole();
     }
     switch ($operation) {
         case 'view':
             // Only allow view access if the account is active.
             if ($account->hasPermission('access user profiles') && $entity->isActive()) {
                 return AccessResult::allowed()->cachePerRole()->cacheUntilEntityChanges($entity);
             } else {
                 if ($account->id() == $entity->id()) {
                     return AccessResult::allowed()->cachePerUser();
                 }
             }
             break;
         case 'update':
             // Users can always edit their own account.
             return AccessResult::allowedIf($account->id() == $entity->id())->cachePerUser();
         case 'delete':
             // Users with 'cancel account' permission can cancel their own account.
             return AccessResult::allowedIf($account->id() == $entity->id() && $account->hasPermission('cancel account'))->cachePerRole()->cachePerUser();
     }
     // No opinion.
     return AccessResult::neutral();
 }
예제 #2
0
 /**
  * {@inheritdoc}
  */
 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account)
 {
     /** @var \Drupal\user\UserInterface $entity*/
     // We don't treat the user label as privileged information, so this check
     // has to be the first one in order to allow labels for all users to be
     // viewed, including the special anonymous user.
     if ($operation === 'view label') {
         return AccessResult::allowed();
     }
     // The anonymous user's profile can neither be viewed, updated nor deleted.
     if ($entity->isAnonymous()) {
         return AccessResult::forbidden();
     }
     // Administrators can view/update/delete all user profiles.
     if ($account->hasPermission('administer users')) {
         return AccessResult::allowed()->cachePerPermissions();
     }
     switch ($operation) {
         case 'view':
             // Only allow view access if the account is active.
             if ($account->hasPermission('access user profiles') && $entity->isActive()) {
                 return AccessResult::allowed()->cachePerPermissions()->addCacheableDependency($entity);
             } elseif ($account->id() == $entity->id()) {
                 return AccessResult::allowed()->cachePerUser();
             }
             break;
         case 'update':
             // Users can always edit their own account.
             return AccessResult::allowedIf($account->id() == $entity->id())->cachePerUser();
         case 'delete':
             // Users with 'cancel account' permission can cancel their own account.
             return AccessResult::allowedIf($account->id() == $entity->id() && $account->hasPermission('cancel account'))->cachePerPermissions()->cachePerUser();
     }
     // No opinion.
     return AccessResult::neutral();
 }