WorkspaceAccessControlHandler.php

Same filename in other branches
  1. 9 core/modules/workspaces/src/WorkspaceAccessControlHandler.php
  2. 10 core/modules/workspaces/src/WorkspaceAccessControlHandler.php
  3. 11.x core/modules/workspaces/src/WorkspaceAccessControlHandler.php

Namespace

Drupal\workspaces

File

core/modules/workspaces/src/WorkspaceAccessControlHandler.php

View source
<?php

namespace Drupal\workspaces;

use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;

/**
 * Defines the access control handler for the workspace entity type.
 *
 * @see \Drupal\workspaces\Entity\Workspace
 */
class WorkspaceAccessControlHandler extends EntityAccessControlHandler {
    
    /**
     * {@inheritdoc}
     */
    protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
        
        /** @var \Drupal\workspaces\WorkspaceInterface $entity */
        if ($operation === 'publish' && $entity->hasParent()) {
            $message = $this->t('Only top-level workspaces can be published.');
            return AccessResult::forbidden((string) $message)->addCacheableDependency($entity);
        }
        if ($account->hasPermission('administer workspaces')) {
            return AccessResult::allowed()->cachePerPermissions();
        }
        // @todo Consider adding explicit "publish any|own workspace" permissions in
        //   https://www.drupal.org/project/drupal/issues/3084260.
        $permission_operation = $operation === 'update' || $operation === 'publish' ? 'edit' : $operation;
        // Check if the user has permission to access all workspaces.
        $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');
        // Check if it's their own workspace, and they have permission to access
        // their own workspace.
        if ($access_result->isNeutral() && $account->isAuthenticated() && $account->id() === $entity->getOwnerId()) {
            $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' own workspace')->cachePerUser()
                ->addCacheableDependency($entity);
        }
        return $access_result;
    }
    
    /**
     * {@inheritdoc}
     */
    protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
        return AccessResult::allowedIfHasPermission($account, 'create workspace');
    }

}

Classes

Title Deprecated Summary
WorkspaceAccessControlHandler Defines the access control handler for the workspace entity type.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.