/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation === 'view') { return AccessResult::allowedIfHasPermission($account, 'access content'); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) { if ($operation == 'edit') { return AccessResult::allowedIfHasPermissions($account, ['administer tmgmt', 'administer translation tasks']); } return parent::checkFieldAccess($operation, $field_definition, $account, $items); }
public function __construct(EntityTypeInterface $entity_type, FillPdfAccessHelperInterface $access_helper, FillPdfLinkManipulatorInterface $link_manipulator, FillPdfContextManagerInterface $context_manager) { parent::__construct($entity_type); $this->accessHelper = $access_helper; $this->linkManipulator = $link_manipulator; $this->contextManager = $context_manager; }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var \Drupal\crm_core_contact\Entity\ContactType $entity */ // First check permission. if (parent::checkAccess($entity, $operation, $account)->isForbidden()) { return AccessResult::forbidden(); } switch ($operation) { case 'enable': // Only disabled contact type can be enabled. return AccessResult::allowedIf(!$entity->status()); case 'disable': return AccessResult::allowedIf($entity->status()); case 'delete': // If contact instance of this contact type exist, you can't delete it. $results = \Drupal::entityQuery('crm_core_contact')->condition('type', $entity->id())->execute(); return AccessResult::allowedIf(empty($results)); // @todo Which is it? // @todo Which is it? case 'edit': case 'update': // If the contact type is locked, you can't edit it. return AccessResult::allowed(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $filter_format, $operation, $langcode, AccountInterface $account) { /** @var \Drupal\filter\FilterFormatInterface $filter_format */ // All users are allowed to use the fallback filter. if ($operation == 'use') { if ($filter_format->isFallbackFormat()) { return AccessResult::allowed(); } else { return AccessResult::allowedIfHasPermission($account, $filter_format->getPermissionName()); } } // The fallback format may not be disabled. if ($operation == 'disable' && $filter_format->isFallbackFormat()) { return AccessResult::forbidden(); } // We do not allow filter formats to be deleted through the UI, because that // would render any content that uses them unusable. if ($operation == 'delete') { return AccessResult::forbidden(); } if (in_array($operation, array('disable', 'update'))) { return parent::checkAccess($filter_format, $operation, $langcode, $account); } // No opinion. return AccessResult::neutral(); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation === 'view') { return AccessResult::allowed(); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var \Drupal\crm_core_match\Matcher\MatcherConfigInterface $entity */ return parent::checkAccess($entity, $operation, $account); // Deny delete access. // ->andIf(AccessResult::allowedIf($operation != 'delete')); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $access = parent::checkAccess($entity, $operation, $account); if ($operation === 'view') { $access = $access->orIf(AccessResult::allowedIfHasPermission($account, 'access ' . $entity->getEntityTypeId())); } return $access; }
/** * Performs access checks. * * Uses permissions from host entity. * * @param \Drupal\Core\Entity\EntityInterface $entity * The entity for which to check 'create' access. * @param string $operation * The entity operation. Usually one of 'view', 'update', 'create' or * 'delete'. * @param \Drupal\Core\Session\AccountInterface $account * The user for which to check access. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $result = parent::checkAccess($entity, $operation, $account); if ($result->isForbidden()) { return $result; } return $entity->getHost()->access($operation, $account, TRUE); }
/** * {@inheritdoc} */ public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { if ($operation == 'view') { return AccessResult::allowed(); } else { return parent::checkAccess($entity, $operation, $langcode, $account); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var \Drupal\block\BlockInterface $entity */ if ($operation != 'view') { return parent::checkAccess($entity, $operation, $account); } // Don't grant access to disabled blocks. if (!$entity->status()) { return AccessResult::forbidden()->addCacheableDependency($entity); } else { $conditions = []; $missing_context = FALSE; foreach ($entity->getVisibilityConditions() as $condition_id => $condition) { if ($condition instanceof ContextAwarePluginInterface) { try { $contexts = $this->contextRepository->getRuntimeContexts(array_values($condition->getContextMapping())); $this->contextHandler->applyContextMapping($condition, $contexts); } catch (ContextException $e) { $missing_context = TRUE; } } $conditions[$condition_id] = $condition; } if ($missing_context) { // If any context is missing then we might be missing cacheable // metadata, and don't know based on what conditions the block is // accessible or not. For example, blocks that have a node type // condition will have a missing context on any non-node route like the // frontpage. // @todo Avoid setting max-age 0 for some or all cases, for example by // treating available contexts without value differently in // https://www.drupal.org/node/2521956. $access = AccessResult::forbidden()->setCacheMaxAge(0); } elseif ($this->resolveConditions($conditions, 'and') !== FALSE) { // Delegate to the plugin. $block_plugin = $entity->getPlugin(); try { if ($block_plugin instanceof ContextAwarePluginInterface) { $contexts = $this->contextRepository->getRuntimeContexts(array_values($block_plugin->getContextMapping())); $this->contextHandler->applyContextMapping($block_plugin, $contexts); } $access = $block_plugin->access($account, TRUE); } catch (ContextException $e) { // Setting access to forbidden if any context is missing for the same // reasons as with conditions (described in the comment above). // @todo Avoid setting max-age 0 for some or all cases, for example by // treating available contexts without value differently in // https://www.drupal.org/node/2521956. $access = AccessResult::forbidden()->setCacheMaxAge(0); } } else { $access = AccessResult::forbidden(); } $this->mergeCacheabilityFromConditions($access, $conditions); // Ensure that access is evaluated again when the block changes. return $access->addCacheableDependency($entity); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $admin_access = parent::checkAccess($entity, $operation, $account); // Allow view with other permission. if ($operation === 'view') { return AccessResult::allowedIfHasPermission($account, 'view moderation states')->orIf($admin_access); } return $admin_access; }
/** * {@inheritdoc} */ protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) { // No user can edit the status of a file. Prevents saving a new file as // persistent before even validating it. if ($field_definition->getName() === 'status' && $operation === 'edit') { return AccessResult::forbidden(); } return parent::checkFieldAccess($operation, $field_definition, $account, $items); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { // ZZ is the fallback address format and it must always be present. if ($operation == 'delete' && $entity->id() == 'ZZ') { return AccessResult::forbidden(); } else { return parent::checkAccess($entity, $operation, $account); } }
/** * {@inheritdoc} */ public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = [], $return_as_object = FALSE) { $account = $this->prepareUser($account); if ($account->hasPermission('bypass profile access')) { $result = AccessResult::allowed()->cachePerPermissions(); return $return_as_object ? $result : $result->isAllowed(); } $result = parent::createAccess($entity_bundle, $account, $context, TRUE)->cachePerPermissions(); return $return_as_object ? $result : $result->isAllowed(); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'view': return AccessResult::allowedIfHasPermission($account, 'access content'); break; default: return parent::checkAccess($entity, $operation, $account); break; } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'delete': if ($entity->id() == RoleInterface::ANONYMOUS_ID || $entity->id() == RoleInterface::AUTHENTICATED_ID) { return AccessResult::forbidden(); } default: return parent::checkAccess($entity, $operation, $account); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { if ($operation == 'delete') { if ($entity->isLocked()) { return AccessResult::forbidden()->cacheUntilEntityChanges($entity); } else { return parent::checkAccess($entity, $operation, $langcode, $account)->cacheUntilEntityChanges($entity); } } return parent::checkAccess($entity, $operation, $langcode, $account); }
/** * {@inheritdoc} */ public function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation == 'view') { // Allow viewing the configuration entity. return AccessResult::allowed(); } if ($entity->isLocked()) { return AccessResult::forbidden(); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { // The $opereration parameter tells you what sort of operation access is // being checked for. if ($operation == 'view') { return TRUE; } // Other than the view operation, we're going to be insanely lax about // access. Don't try this at home! return parent::checkAccess($entity, $operation, $langcode, $account); }
/** * {@inheritdoc} */ public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { switch ($operation) { case 'update': case 'delete': /* @var \Drupal\Core\Language\LanguageInterface $entity */ return AccessResult::allowedIf(!$entity->isLocked())->cacheUntilEntityChanges($entity)->andIf(parent::checkAccess($entity, $operation, $langcode, $account)); default: // No opinion. return AccessResult::neutral(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation == 'view') { // Do not allow access personal form via site-wide route. return AccessResult::allowedIf($account->hasPermission('access site-wide contact form') && $entity->id() !== 'personal')->cachePerPermissions(); } elseif ($operation == 'delete' || $operation == 'update') { // Do not allow the 'personal' form to be deleted, as it's used for // the personal contact form. return AccessResult::allowedIf($account->hasPermission('administer contact forms') && $entity->id() !== 'personal')->cachePerPermissions(); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { if ($operation === 'view') { return AccessResult::allowed(); } elseif ($operation == 'delete') { if ($entity->isLocked()) { return AccessResult::forbidden()->addCacheableDependency($entity); } else { return parent::checkAccess($entity, $operation, $account)->addCacheableDependency($entity); } } return parent::checkAccess($entity, $operation, $account); }
/** * Performs access checks. * * Uses permissions from host entity. * * @param \Drupal\Core\Entity\EntityInterface $entity * The entity for which to check 'create' access. * @param string $operation * The entity operation. Usually one of 'view', 'update', 'create' or * 'delete'. * @param \Drupal\Core\Session\AccountInterface $account * The user for which to check access. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { $result = parent::checkAccess($entity, $operation, $account); if ($result->isForbidden()) { return $result; } /** @var \Drupal\Core\Entity\ContentEntityInterface $host */ if ($host = $entity->getHost()) { return $host->access($operation, $account, TRUE); } else { // @todo Log error when no host found. return AccessResult::forbidden(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) { /** @var $entity \Drupal\block\BlockInterface */ if ($operation != 'view') { return parent::checkAccess($entity, $operation, $langcode, $account); } // Don't grant access to disabled blocks. if (!$entity->status()) { return AccessResult::forbidden()->cacheUntilEntityChanges($entity); } else { // Delegate to the plugin. return $entity->getPlugin()->access($account)->cacheUntilEntityChanges($entity); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'update': /* @var \Drupal\Core\Language\LanguageInterface $entity */ return AccessResult::allowedIf(!$entity->isLocked())->addCacheableDependency($entity)->andIf(parent::checkAccess($entity, $operation, $account)); case 'delete': /* @var \Drupal\Core\Language\LanguageInterface $entity */ return AccessResult::allowedIf(!$entity->isLocked())->addCacheableDependency($entity)->andIf(AccessResult::allowedIf(!$entity->isDefault())->addCacheableDependency($entity))->andIf(parent::checkAccess($entity, $operation, $account)); default: // No opinion. return AccessResult::neutral(); } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { // There are no restrictions on viewing a date format. if ($operation == 'view') { return AccessResult::allowed(); } elseif (in_array($operation, array('update', 'delete'))) { if ($entity->isLocked()) { return AccessResult::forbidden()->addCacheableDependency($entity); } else { return parent::checkAccess($entity, $operation, $account)->addCacheableDependency($entity); } } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'view': return AccessResult::allowedIfHasPermission($account, 'view scheduled update entities'); break; case 'delete': return parent::checkAccess($entity, $operation, $account)->cacheUntilEntityChanges($entity); break; default: return parent::checkAccess($entity, $operation, $account); break; } }
/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { switch ($operation) { case 'create': case 'update': return AccessResult::allowedIfHasPermission($account, 'administer site configuration'); case 'delete': if ($entity->isLocked()) { return AccessResult::forbidden(); } return AccessResult::allowedIfHasPermission($account, 'administer site configuration'); } return parent::checkAccess($entity, $operation, $account); }
/** * {@inheritdoc} */ public function access(EntityInterface $entity, $operation, $langcode = LanguageInterface::LANGCODE_DEFAULT, AccountInterface $account = NULL, $return_as_object = FALSE) { /* @var $entity \Drupal\mailchimp_campaign\Entity\MailchimpCampaign */ $status = $entity->mc_data['status']; switch ($operation) { case 'send': case 'edit': case 'delete': return ($status == MAILCHIMP_STATUS_SENT) ? AccessResult::forbidden() : AccessResult::allowed(); break; case 'stats': return ($status == MAILCHIMP_STATUS_SENT) ? AccessResult::allowed() : AccessResult::forbidden(); default: return parent::access($entity, $operation, $langcode, $account, $return_as_object); } }