Commit 730e702a authored by danmer's avatar danmer Committed by jsacksick
Browse files

Issue #3222547 by danmer, jsacksick: Add separate permissions to allow...

Issue #3222547 by danmer, jsacksick: Add separate permissions to allow viewing, updating, or deleting any payment method
parent a65d7323
......@@ -5,10 +5,3 @@ administer commerce_payment_gateway:
administer commerce_payment:
title: 'Administer payments'
restrict access: true
administer commerce_payment_method:
title: 'Administer payment methods'
restrict access: true
manage own commerce_payment_method:
title: 'Manage own payment methods'
......@@ -28,6 +28,7 @@ use Drupal\profile\Entity\ProfileInterface;
* bundle_plugin_type = "commerce_payment_method_type",
* handlers = {
* "access" = "Drupal\commerce_payment\PaymentMethodAccessControlHandler",
* "permission_provider" = "Drupal\commerce_payment\PaymentMethodPermissionProvider",
* "list_builder" = "Drupal\commerce_payment\PaymentMethodListBuilder",
* "storage" = "Drupal\commerce_payment\PaymentMethodStorage",
* "views_data" = "Drupal\commerce\CommerceEntityViewsData",
......
......@@ -29,16 +29,24 @@ class PaymentMethodAccessControlHandler extends EntityAccessControlHandler {
}
}
if ($account->hasPermission($this->entityType->getAdminPermission())) {
return AccessResult::allowed()->cachePerPermissions();
$any_result = AccessResult::allowedIfHasPermissions($account, [
"$operation any commerce_payment_method",
$this->entityType->getAdminPermission(),
], 'OR');
if ($any_result->isAllowed()) {
return $any_result;
}
$result = AccessResult::allowedIf($account->id() == $entity->getOwnerId())
->andIf(AccessResult::allowedIfHasPermission($account, 'manage own commerce_payment_method'))
->addCacheableDependency($entity)
->cachePerUser();
if ($account->id() == $entity->getOwnerId()) {
$own_result = AccessResult::allowedIfHasPermission($account, 'manage own commerce_payment_method')
->addCacheableDependency($entity);
}
else {
$own_result = AccessResult::neutral()->cachePerPermissions();
}
return $result;
return $own_result->cachePerUser();
}
/**
......
<?php
namespace Drupal\commerce_payment;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\entity\EntityPermissionProviderBase;
/**
* Provides permissions for payment methods.
*/
class PaymentMethodPermissionProvider extends EntityPermissionProviderBase {
use StringTranslationTrait;
/**
* {@inheritdoc}
*/
public function buildPermissions(EntityTypeInterface $entity_type) {
$entity_type_id = $entity_type->id();
$plural_label = $entity_type->getPluralLabel();
$admin_permission = $entity_type->getAdminPermission() ?: "administer {$entity_type_id}";
$permissions[$admin_permission] = [
'title' => $this->t('Administer @type', ['@type' => $plural_label]),
'restrict access' => TRUE,
];
$permissions["view any {$entity_type_id}"] = [
'title' => $this->t('View any payment method'),
'restrict access' => TRUE,
];
$permissions["update any {$entity_type_id}"] = [
'title' => $this->t('Update any payment method'),
'restrict access' => TRUE,
];
$permissions["delete any {$entity_type_id}"] = [
'title' => $this->t('Delete any payment method'),
'restrict access' => TRUE,
];
$permissions["manage own {$entity_type_id}"] = [
'title' => $this->t('Manage own @type', [
'@type' => $plural_label,
]),
];
return $this->processPermissions($permissions, $entity_type);
}
}
......@@ -75,6 +75,21 @@ class PaymentMethodAccessTest extends OrderKernelTestBase {
$this->assertTrue($payment_method->access('update', $account));
$this->assertTrue($payment_method->access('delete', $account));
$account = $this->createUser([], ['view any commerce_payment_method']);
$this->assertTrue($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertFalse($payment_method->access('delete', $account));
$account = $this->createUser([], ['update any commerce_payment_method']);
$this->assertFalse($payment_method->access('view', $account));
$this->assertTrue($payment_method->access('update', $account));
$this->assertFalse($payment_method->access('delete', $account));
$account = $this->createUser([], ['delete any commerce_payment_method']);
$this->assertFalse($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertTrue($payment_method->access('delete', $account));
$first_account = $this->createUser([], ['manage own commerce_payment_method']);
$second_account = $this->createUser([], ['manage own commerce_payment_method']);
$payment_method->setOwner($first_account);
......@@ -115,6 +130,22 @@ class PaymentMethodAccessTest extends OrderKernelTestBase {
$this->assertTrue($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertTrue($payment_method->access('delete', $account));
$account = $this->createUser([], ['view any commerce_payment_method']);
$this->assertTrue($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertFalse($payment_method->access('delete', $account));
$account = $this->createUser([], ['update any commerce_payment_method']);
$this->assertFalse($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertFalse($payment_method->access('delete', $account));
$account = $this->createUser([], ['delete any commerce_payment_method']);
$this->assertFalse($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertTrue($payment_method->access('delete', $account));
}
/**
......@@ -143,6 +174,21 @@ class PaymentMethodAccessTest extends OrderKernelTestBase {
$this->assertTrue($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertTrue($payment_method->access('delete', $account));
$account = $this->createUser([], ['view any commerce_payment_method']);
$this->assertTrue($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertFalse($payment_method->access('delete', $account));
$account = $this->createUser([], ['update any commerce_payment_method']);
$this->assertFalse($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertFalse($payment_method->access('delete', $account));
$account = $this->createUser([], ['delete any commerce_payment_method']);
$this->assertFalse($payment_method->access('view', $account));
$this->assertFalse($payment_method->access('update', $account));
$this->assertTrue($payment_method->access('delete', $account));
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment