/** * {@inheritdoc} */ public function allowed(WorkflowTransition $transition, WorkflowInterface $workflow, EntityInterface $entity) { $to_state = $transition->getToState()->getId(); // Disable virtual state. if ($to_state == self::NON_STATE) { return FALSE; } $from_state = $this->getState($entity); // Allowed transitions are already filtered so we only need to check // for the transitions defined in the settings if they include a role the // user has. // @see: solution.settings.yml $allowed_conditions = \Drupal::config('solution.settings')->get('transitions'); if (\Drupal::currentUser()->hasPermission('bypass node access')) { return TRUE; } // Check if the user has one of the allowed system roles. $authorized_roles = isset($allowed_conditions[$to_state][$from_state]) ? $allowed_conditions[$to_state][$from_state] : []; $user = $this->workflowUserProvider->getUser(); if (array_intersect($authorized_roles, $user->getRoles())) { return TRUE; } // Check if the user has one of the allowed group roles. $membership = Og::getMembership($entity, $user); return $membership && array_intersect($authorized_roles, $membership->getRolesIds()); }
/** * {@inheritdoc} * * We need to override default transitions allowed because this is also * dependant on the parent's moderation, system roles and organic groups * user roles. In the following method, the allowed transitions per * moderation are checked and then if the transition is allowed, the user * roles by the system and the organic groups are checked. */ public function allowed(WorkflowTransition $transition, WorkflowInterface $workflow, EntityInterface $entity) { $to_state = $transition->getToState()->getId(); // Disable virtual state. if ($to_state == self::NON_STATE) { return FALSE; } $from_state = $this->getState($entity); $parent = $this->getParent($entity); $is_moderated = self::MODERATED; if ($parent) { $is_moderated = $parent->bundle() == 'collection' ? $parent->field_ar_moderation->first()->value : $parent->field_is_moderation->first()->value; } $allowed_transitions = \Drupal::config('joinup_news.settings')->get('transitions'); // Some transitions are not allowed per parent's moderation. // Check for the transitions allowed. // @see: joinup_news.settings.yml if (!isset($allowed_transitions[$is_moderated][$to_state][$from_state])) { return FALSE; } // This Guard class's method called whenever the transitions are checked // even outside the entity CRUD forms. Cases like this is e.g. when trying // to edit the settings of the field. // In these cases, there is no parent entity so we need to check for it. if (empty($parent)) { return FALSE; } // Check if the user has one of the allowed system roles. $authorized_roles = $allowed_transitions[$is_moderated][$to_state][$from_state]; $user = \Drupal::currentUser(); if (array_intersect($authorized_roles, $user->getRoles())) { return TRUE; } // Check if the user has one of the allowed group roles. $membership = Og::getMembership($parent, $user->getAccount()); return $membership && array_intersect($authorized_roles, $membership->getRolesIds()); }