/** * Checks access to the node preview page. * * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param \Drupal\node\NodeInterface $node_preview * The node that is being previewed. * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(AccountInterface $account, NodeInterface $node_preview) { if ($node_preview->isNew()) { $access_controller = $this->entityManager->getAccessControlHandler('node'); return $access_controller->createAccess($node_preview->bundle(), $account, [], TRUE); } else { return $node_preview->access('update', $account, TRUE); } }
/** * Checks new registrations are permitted on an event. */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account, RegistrationTypeInterface $registration_type = NULL) { if ($event = $route->getDefault('event')) { $context = ['event' => $route_match->getParameter($event)]; $access_control_handler = $this->entityManager->getAccessControlHandler('registration'); return $access_control_handler->createAccess($registration_type, $account, $context, TRUE); } return AccessResult::forbidden(); }
/** * Checks access to the support_ticket preview page. * * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param \Drupal\support_ticket\SupportTicketInterface $support_ticket_preview * The support_ticket that is being previewed. * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(AccountInterface $account, SupportTicketInterface $support_ticket_preview) { if ($support_ticket_preview->isNew()) { $access_controller = $this->entityManager->getAccessControlHandler('support_ticket'); return $access_controller->createAccess($support_ticket_preview->bundle(), $account, [], TRUE); } else { return $support_ticket_preview->access('update', $account, TRUE); } }
/** * {@inheritdoc} */ public function access(AccountInterface $account) { // @todo Perhaps read config directly rather than load all feed types. $access_control_handler = $this->entityManager->getAccessControlHandler('feeds_feed'); foreach ($this->entityManager->getStorage('feeds_feed_type')->loadByProperties(['status' => TRUE]) as $feed_type) { $access = $access_control_handler->createAccess($feed_type->id(), $account, [], TRUE); if ($access->isAllowed()) { return $access; } } return AccessResult::neutral(); }
/** * Checks access to create the entity type and bundle for the given route. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parametrized route. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) { list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':'); // The bundle argument can contain request argument placeholders like // {name}, loop over the raw variables and attempt to replace them in the // bundle name. If a placeholder does not exist, it won't get replaced. if ($bundle && strpos($bundle, '{') !== FALSE) { foreach ($route_match->getRawParameters()->all() as $name => $value) { $bundle = str_replace('{' . $name . '}', $value, $bundle); } // If we were unable to replace all placeholders, deny access. if (strpos($bundle, '{') !== FALSE) { return AccessResult::neutral(); } } return $this->entityManager->getAccessControlHandler($entity_type)->createAccess($bundle, $account, [], TRUE); }
/** * {@inheritdoc} */ public function evaluate() { $entity = $this->getContextValue('entity'); $field = $this->getContextValue('field'); if (!$entity->hasField($field)) { return FALSE; } $operation = $this->getContextValue('operation'); $account = $this->getContextValue('user'); $access = $this->entityManager->getAccessControlHandler($entity->getEntityTypeId()); if (!$access->access($entity, $operation, Language::LANGCODE_DEFAULT, $account)) { return FALSE; } $definition = $entity->getFieldDefinition($field); $items = $entity->get($field); return $access->fieldAccess($operation, $definition, $account, $items); }
/** * Checks access to the eck entity add page for the entity bundle type. * * @param AccountInterface $account * The currently logged in account. * @param EckEntityTypeInterface $eck_entity_type * The entity type. * @param string $eck_entity_bundle * (optional) The entity type bundle. * * @return bool|AccessResult|\Drupal\Core\Access\AccessResultInterface * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(AccountInterface $account, EckEntityTypeInterface $eck_entity_type, $eck_entity_bundle = NULL) { $access_control_handler = $this->entityManager->getAccessControlHandler($eck_entity_type->id()); if (!empty($eck_entity_bundle)) { return $access_control_handler->createAccess($eck_entity_bundle, $account, array(), TRUE); } // Get the entity type bundles. $bundles = $this->entityManager->getStorage($eck_entity_type->id() . '_type')->loadMultiple(); // If checking whether an entity of any type may be created. foreach ($bundles as $eck_entity_bundle) { if (($access = $access_control_handler->createAccess($eck_entity_bundle->id(), $account, array(), TRUE)) && $access->isAllowed()) { return $access; } } // No opinion. return AccessResult::neutral(); }
protected function checkAccess(ContentEntityInterface $entity, AccountInterface $account, $operation = 'view') { $entity_type_id = $entity->getEntityTypeId(); $entity_access = $this->entityManager->getAccessControlHandler($entity_type_id); /** @var \Drupal\content_entity_base\Entity\Storage\RevisionableStorageInterface|\Drupal\Core\Entity\EntityStorageInterface $entity_storage */ $entity_storage = $this->entityManager->getStorage($entity_type_id); if (!$entity_storage instanceof RevisionableStorageInterface) { throw new \InvalidArgumentException('The entity storage has to implement \\Drupal\\content_entity_base\\Entity\\Storage\\RevisionableStorageInterface'); } $map = ['view' => "view all {$entity_type_id} revisions", 'update' => "revert all {$entity_type_id} revisions", 'delete' => "delete all {$entity_type_id} revisions"]; $bundle = $entity->bundle(); $type_map = ['view' => "view {$entity_type_id} {$bundle} revisions", 'update' => "revert {$entity_type_id} {$bundle} revisions", 'delete' => "delete {$entity_type_id} {$bundle} revisions"]; if (!$entity || !isset($map[$operation]) || !isset($type_map[$operation])) { // If there was no node to check against, or the $op was not one of the // supported ones, we return access denied. return FALSE; } // Statically cache access by revision ID, language code, user account ID, // and operation. $langcode = $entity->language()->getId(); $cid = $entity->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $operation; if (!isset($this->access[$cid])) { // Perform basic permission checks first. if (!$account->hasPermission($map[$operation]) && !$account->hasPermission($type_map[$operation]) && !$account->hasPermission('administer nodes')) { $this->access[$cid] = FALSE; return FALSE; } // There should be at least two revisions. If the vid of the given node // and the vid of the default revision differ, then we already have two // different revisions so there is no need for a separate database check. // Also, if you try to revert to or delete the default revision, that's // not good. if ($entity->isDefaultRevision() && ($entity_storage->countDefaultLanguageRevisions($entity) == 1 || $operation == 'update' || $operation == 'delete')) { $this->access[$cid] = FALSE; } elseif ($account->hasPermission('administer ' . $entity_type_id)) { $this->access[$cid] = TRUE; } else { // First check the access to the default revision and finally, if the // node passed in is not the default revision then access to that, too. $this->access[$cid] = $entity_access->access($entity_storage->load($entity->id()), $operation, $account) && ($entity->isDefaultRevision() || $entity_access->access($entity, $operation, $account)); } } return $this->access[$cid]; }
/** * Checks access to the node add page for the node type. * * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param \Drupal\node\NodeTypeInterface $node_type * (optional) The node type. If not specified, access is allowed if there * exists at least one node type for which the user may create a node. * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(AccountInterface $account, NodeTypeInterface $node_type = NULL) { $access_control_handler = $this->entityManager->getAccessControlHandler('node'); // If checking whether a node of a particular type may be created. if ($account->hasPermission('administer content types')) { return AccessResult::allowed()->cachePerRole(); } if ($node_type) { return $access_control_handler->createAccess($node_type->id(), $account, [], TRUE); } // If checking whether a node of any type may be created. foreach ($this->entityManager->getStorage('node_type')->loadMultiple() as $node_type) { if (($access = $access_control_handler->createAccess($node_type->id(), $account, [], TRUE)) && $access->isAllowed()) { return $access; } } // No opinion. return AccessResult::neutral(); }
/** * Checks access to the profile add page for the profile type. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param \Drupal\profile\Entity\ProfileTypeInterface $profile_type * The profile type entity. * * @return bool|\Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, AccountInterface $account, ProfileTypeInterface $profile_type = NULL) { $access_control_handler = $this->entityManager->getAccessControlHandler('profile'); if ($account->hasPermission('administer profile types')) { return AccessResult::allowed()->cachePerPermissions(); } $operation = $route->getRequirement('_profile_access_check'); if ($operation == 'add') { return $access_control_handler->access($profile_type, $operation, $account, TRUE); } if ($profile_type) { return $access_control_handler->createAccess($profile_type->id(), $account, [], TRUE); } // If checking whether a profile of any type may be created. foreach ($this->entityManager->getStorage('profile_type')->loadMultiple() as $profile_type) { if (($access = $access_control_handler->createAccess($profile_type->id(), $account, [], TRUE)) && $access->isAllowed()) { return $access; } } // No opinion. return AccessResult::neutral(); }
/** * Constructs a new SupportTicketRevisionAccessCheck. * * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager * The entity manager. * @param \Drupal\Core\Database\Connection $connection * The database connection. */ public function __construct(EntityManagerInterface $entity_manager) { $this->supportTicketStorage = $entity_manager->getStorage('support_ticket'); $this->supportTicketAccess = $entity_manager->getAccessControlHandler('support_ticket'); }
/** * Constructs a new NodeRevisionAccessCheck. * * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager * The entity manager. * @param \Drupal\Core\Database\Connection $connection * The database connection. */ public function __construct(EntityManagerInterface $entity_manager) { $this->nodeStorage = $entity_manager->getStorage('node'); $this->nodeAccess = $entity_manager->getAccessControlHandler('node'); }
/** * {@inheritdoc} */ public function access(AccountInterface $account) { $access_control_handler = $this->entityManager->getAccessControlHandler($this->getEntityType()); return $access_control_handler->fieldAccess('view', $this->getFieldDefinition(), $account); }
/** * {@inheritdoc} */ public function getAccessControlHandler($entity_type) { return $this->entityManager->getAccessControlHandler($entity_type); }
/** * {@inheritdoc} */ public function access(AccountInterface $account) { $base_table = $this->get_base_table(); $access_control_handler = $this->entityManager->getAccessControlHandler($this->definition['entity_tables'][$base_table]); return $access_control_handler->fieldAccess('view', $this->getFieldDefinition(), $account, NULL, TRUE); }
/** * Implements \Drupal\block\BlockBase::blockAccess(). */ public function blockAccess(AccountInterface $account) { $access_control_handler = $this->entityManager->getAccessControlHandler('node'); return $access_control_handler->createAccess($this->configuration['type'], $account); }