/**
* Checks access to the given user's contact page.
*
* @param \Drupal\user\UserInterface $user
* The user being contacted.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(UserInterface $user, AccountInterface $account)
{
$contact_account = $user;
// Anonymous users cannot have contact forms.
if ($contact_account->isAnonymous()) {
return AccessResult::forbidden();
}
// Users may not contact themselves.
if ($account->id() == $contact_account->id()) {
return AccessResult::forbidden()->cachePerUser();
}
// User administrators should always have access to personal contact forms.
$access = AccessResult::neutral()->cachePerRole();
$permission_access = AccessResult::allowedIfHasPermission($account, 'administer users');
if ($permission_access->isAllowed()) {
return $access->orIf($permission_access);
}
// If requested user has been blocked, do not allow users to contact them.
$access->cacheUntilEntityChanges($contact_account);
if ($contact_account->isBlocked()) {
return $access;
}
// If the requested user has disabled their contact form, do not allow users
// to contact them.
$account_data = $this->userData->get('contact', $contact_account->id(), 'enabled');
if (isset($account_data) && empty($account_data)) {
return $access;
} else {
if (!$this->configFactory->get('contact.settings')->get('user_default_enabled')) {
return $access;
}
}
return $access->orIf(AccessResult::allowedIfHasPermission($account, 'access user contact forms'));
}
/**
* Checks access to the given user's contact page.
*
* @param \Drupal\user\UserInterface $user
* The user being contacted.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return string
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(UserInterface $user, AccountInterface $account)
{
$contact_account = $user;
// Anonymous users cannot have contact forms.
if ($contact_account->isAnonymous()) {
return static::DENY;
}
// Users may not contact themselves.
if ($account->id() == $contact_account->id()) {
return static::DENY;
}
// User administrators should always have access to personal contact forms.
if ($account->hasPermission('administer users')) {
return static::ALLOW;
}
// If requested user has been blocked, do not allow users to contact them.
if ($contact_account->isBlocked()) {
return static::DENY;
}
// If the requested user has disabled their contact form, do not allow users
// to contact them.
$account_data = $this->userData->get('contact', $contact_account->id(), 'enabled');
if (isset($account_data) && empty($account_data)) {
return static::DENY;
} else {
if (!$this->configFactory->get('contact.settings')->get('user_default_enabled')) {
return static::DENY;
}
}
return $account->hasPermission('access user contact forms') ? static::ALLOW : static::DENY;
}
/**
* Checks access to the given user's contact page.
*
* @param \Drupal\user\UserInterface $user
* The user being contacted.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(UserInterface $user, AccountInterface $account)
{
$contact_account = $user;
// Anonymous users cannot have contact forms.
if ($contact_account->isAnonymous()) {
return AccessResult::forbidden();
}
// Users may not contact themselves by default, hence this requires user
// granularity for caching.
$access = AccessResult::neutral()->cachePerUser();
if ($account->id() == $contact_account->id()) {
return $access;
}
// User administrators should always have access to personal contact forms.
$permission_access = AccessResult::allowedIfHasPermission($account, 'administer users');
if ($permission_access->isAllowed()) {
return $access->orIf($permission_access);
}
// If requested user has been blocked, do not allow users to contact them.
$access->addCacheableDependency($contact_account);
if ($contact_account->isBlocked()) {
return $access;
}
// Forbid access if the requested user has disabled their contact form.
$account_data = $this->userData->get('contact', $contact_account->id(), 'enabled');
if (isset($account_data) && !$account_data) {
return $access;
}
// If the requested user did not save a preference yet, deny access if the
// configured default is disabled.
$contact_settings = $this->configFactory->get('contact.settings');
$access->cacheUntilConfigurationChanges($contact_settings);
if (!isset($account_data) && !$contact_settings->get('user_default_enabled')) {
return $access;
}
return $access->orIf(AccessResult::allowedIfHasPermission($account, 'access user contact forms'));
}
