MenuLinkContentAccessControlHandler.php 3.04 KB
Newer Older
1 2 3 4
<?php

namespace Drupal\menu_link_content;

5
use Drupal\Core\Access\AccessResult;
6
use Drupal\Core\Access\AccessManagerInterface;
7
use Drupal\Core\Entity\EntityAccessControlHandler;
8
use Drupal\Core\Entity\EntityHandlerInterface;
9 10 11 12 13 14
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Session\AccountInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;

/**
15
 * Defines the access control handler for the user entity type.
16
 */
17
class MenuLinkContentAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
18 19 20 21

  /**
   * The access manager to check routes by name.
   *
22
   * @var \Drupal\Core\Access\AccessManagerInterface
23 24 25 26
   */
  protected $accessManager;

  /**
27
   * Creates a new MenuLinkContentAccessControlHandler.
28 29 30
   *
   * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
   *   The entity type definition.
31
   * @param \Drupal\Core\Access\AccessManagerInterface $access_manager
32 33
   *   The access manager to check routes by name.
   */
34
  public function __construct(EntityTypeInterface $entity_type, AccessManagerInterface $access_manager) {
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
    parent::__construct($entity_type);

    $this->accessManager = $access_manager;
  }

  /**
   * {@inheritdoc}
   */
  public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
    return new static($entity_type, $container->get('access_manager'));
  }

  /**
   * {@inheritdoc}
   */
50
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
51 52
    switch ($operation) {
      case 'view':
53 54 55
        // There is no direct viewing of a menu link, but still for purposes of
        // content_translation we need a generic way to check access.
        return AccessResult::allowedIfHasPermission($account, 'administer menu');
56 57

      case 'update':
58
        if (!$account->hasPermission('administer menu')) {
59
          return AccessResult::neutral("The 'administer menu' permission is required.")->cachePerPermissions();
60 61
        }
        else {
62
          // Assume that access is allowed.
63
          $access = AccessResult::allowed()->cachePerPermissions()->addCacheableDependency($entity);
64
          /** @var \Drupal\menu_link_content\MenuLinkContentInterface $entity */
65 66 67
          // If the link is routed determine whether the user has access unless
          // they have the 'link to any page' permission.
          if (!$account->hasPermission('link to any page') && ($url_object = $entity->getUrlObject()) && $url_object->isRouted()) {
68 69
            $link_access = $this->accessManager->checkNamedRoute($url_object->getRouteName(), $url_object->getRouteParameters(), $account, TRUE);
            $access = $access->andIf($link_access);
70
          }
71
          return $access;
72
        }
73 74

      case 'delete':
75 76
        return AccessResult::allowedIfHasPermission($account, 'administer menu')
          ->andIf(AccessResult::allowedIf(!$entity->isNew())->addCacheableDependency($entity));
77 78 79

      default:
        return parent::checkAccess($entity, $operation, $account);
80 81 82 83
    }
  }

}