Skip to content
Snippets Groups Projects
Commit 93d2cf7c authored by xiaohua guan's avatar xiaohua guan Committed by Yas Naoi
Browse files

Issue #3065852 by Xiaohua Guan, yas, baldwinlouie: Fix the permissions of bulk...

Issue #3065852 by Xiaohua Guan, yas, baldwinlouie: Fix the permissions of bulk item operation EXCEPT bulk item deletion
parent a01f8af3
No related branches found
No related tags found
No related merge requests found
......@@ -223,40 +223,37 @@ entity.aws_cloud_instance.start_multiple_form:
path: '/clouds/aws_cloud/{cloud_context}/instance/start_multiple'
defaults:
entity_type_id: 'aws_cloud_instance'
operation: start
_form: 'Drupal\aws_cloud\Form\Ec2\InstanceStartMultipleForm'
_title: 'Start AWS Cloud Instances(s)'
requirements:
# Use custom access that will check for cloud_context and the desired permission.
# Desired permission is passed as an option in the "perm" variable
_custom_access: '\Drupal\cloud\Controller\CloudConfigController::access'
_entity_operate_multiple_access: aws_cloud_instance
options:
perm: 'edit any aws cloud instance+edit own aws cloud instance'
_access_checks: 'aws_cloud.access_check.entity_operate_multiple'
entity.aws_cloud_instance.stop_multiple_form:
path: '/clouds/aws_cloud/{cloud_context}/instance/stop_multiple'
defaults:
entity_type_id: 'aws_cloud_instance'
operation: stop
_form: 'Drupal\aws_cloud\Form\Ec2\InstanceStopMultipleForm'
_title: 'Stop AWS Cloud Instances(s)'
requirements:
# Use custom access that will check for cloud_context and the desired permission.
# Desired permission is passed as an option in the "perm" variable
_custom_access: '\Drupal\cloud\Controller\CloudConfigController::access'
_entity_operate_multiple_access: aws_cloud_instance
options:
perm: 'edit any aws cloud instance+edit own aws cloud instance'
_access_checks: 'aws_cloud.access_check.entity_operate_multiple'
entity.aws_cloud_instance.reboot_multiple_form:
path: '/clouds/aws_cloud/{cloud_context}/instance/reboot_multiple'
defaults:
entity_type_id: 'aws_cloud_instance'
operation: reboot
_form: 'Drupal\aws_cloud\Form\Ec2\InstanceRebootMultipleForm'
_title: 'Reboot AWS Cloud Instances(s)'
requirements:
# Use custom access that will check for cloud_context and the desired permission.
# Desired permission is passed as an option in the "perm" variable
_custom_access: '\Drupal\cloud\Controller\CloudConfigController::access'
_entity_operate_multiple_access: aws_cloud_instance
options:
perm: 'edit any aws cloud instance+edit own aws cloud instance'
_access_checks: 'aws_cloud.access_check.entity_operate_multiple'
# AWS Cloud Images Routes
......@@ -438,14 +435,13 @@ entity.aws_cloud_elastic_ip.disassociate_multiple_form:
path: '/clouds/aws_cloud/{cloud_context}/elastic_ip/disassociate_multiple'
defaults:
entity_type_id: 'aws_cloud_elastic_ip'
operation: disassociate
_form: 'Drupal\aws_cloud\Form\Ec2\ElasticIpDisassociateMultipleForm'
_title: 'Disassociate AWS Cloud Elastic IP(s)'
requirements:
# Use custom access that will check for cloud_context and the desired permission.
# Desired permission is passed as an option in the "perm" variable
_custom_access: '\Drupal\cloud\Controller\CloudConfigController::access'
_entity_operate_multiple_access: aws_cloud_elastic_ip
options:
perm: 'edit aws cloud elastic ip'
_access_checks: 'aws_cloud.access_check.entity_operate_multiple'
# AWS Cloud Security Groups Routes
......
......@@ -33,3 +33,9 @@ services:
class: Drupal\aws_cloud\Routing\AwsCloudRouteSubscriber
tags:
- { name: event_subscriber }
aws_cloud.access_check.entity_operate_multiple:
class: Drupal\aws_cloud\Entity\EntityOperateMultipleAccessCheck
arguments: ['@entity_type.manager', '@tempstore.private', '@request_stack']
tags:
- { name: access_check, applies_to: _entity_operate_multiple_access }
<?php
namespace Drupal\aws_cloud\Entity;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Routing\Access\AccessInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\TempStore\PrivateTempStoreFactory;
use Symfony\Component\HttpFoundation\RequestStack;
/**
* Checks if the current user has operate access to the items of the tempstore.
*/
class EntityOperateMultipleAccessCheck implements AccessInterface {
/**
* The entity type manager.
*
* @var \Drupal\Core\Entity\EntityTypeManagerInterface
*/
protected $entityTypeManager;
/**
* Request stack service.
*
* @var \Symfony\Component\HttpFoundation\RequestStack
*/
protected $requestStack;
/**
* Constructs a new EntityOperateMultipleAccessCheck.
*
* @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
* The entity type manager.
* @param \Drupal\Core\TempStore\PrivateTempStoreFactory $temp_store_factory
* The tempstore service.
* @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
* The request stack service.
*/
public function __construct(
EntityTypeManagerInterface $entity_type_manager,
PrivateTempStoreFactory $temp_store_factory,
RequestStack $request_stack
) {
$this->entityTypeManager = $entity_type_manager;
$this->tempStoreFactory = $temp_store_factory;
$this->requestStack = $request_stack;
}
/**
* Checks if the user has operate access for at least one item of the store.
*
* @param \Drupal\Core\Session\AccountInterface $account
* Run access checks for this account.
* @param string $entity_type_id
* Entity type ID.
* @param string $operation
* Operation.
*
* @return \Drupal\Core\Access\AccessResult
* Allowed or forbidden, neutral if tempstore is empty.
*/
public function access(AccountInterface $account, $entity_type_id, $operation) {
if (!$this->requestStack->getCurrentRequest()->hasSession()) {
return AccessResult::neutral();
}
$tempStoreKey = $account->id() . ':' . $entity_type_id;
$selection = $this->tempStoreFactory
->get($tempStoreKey)
->get($tempStoreKey);
if (empty($selection) || !is_array($selection)) {
return AccessResult::neutral();
}
$entities = $this->entityTypeManager
->getStorage($entity_type_id)
->loadMultiple(array_keys($selection));
foreach ($entities as $entity) {
// As long as the user has access to operate one entity allow
// access to the operate form.
if ($entity->access($operation, $account)) {
return AccessResult::allowed();
}
}
return AccessResult::forbidden();
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment