Commit 07c10807 authored by catch's avatar catch

Issue #2117251 by tim.plunkett, markdorison, dawehner: Convert...

Issue #2117251 by tim.plunkett, markdorison, dawehner: Convert _access_tracker_own_information to a one-off access checker
parent f90c2462
<?php
namespace Drupal\tracker\Access;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Routing\Access\AccessInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\user\UserInterface;
/**
* Access check for user tracker routes.
*/
class ViewOwnTrackerAccessCheck implements AccessInterface {
/**
* Checks access.
*
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param \Drupal\user\UserInterface $user
* The user whose tracker page is being accessed.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(AccountInterface $account, UserInterface $user) {
return AccessResult::allowedIf($user && $account->isAuthenticated() && ($user->id() == $account->id()))->cachePerUser();
}
}
......@@ -2,7 +2,9 @@
namespace Drupal\tracker\Controller;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Session\AccountInterface;
use Drupal\user\UserInterface;
/**
......@@ -18,4 +20,20 @@ public function getContent(UserInterface $user) {
return tracker_page($user);
}
/**
* Checks access for the users recent content tracker page.
*
* @param \Drupal\user\UserInterface $user
* The user being viewed.
* @param \Drupal\Core\Session\AccountInterface $account
* The account viewing the page.
*
* @return \Drupal\Core\Access\AccessResult
* The access result.
*/
public function checkAccess(UserInterface $user, AccountInterface $account) {
return AccessResult::allowedIf($account->isAuthenticated() && $user->id() == $account->id())
->cachePerUser();
}
}
......@@ -13,7 +13,7 @@ tracker.users_recent_content:
_title: 'My recent content'
requirements:
_permission: 'access content'
_access_tracker_own_information: 'TRUE'
_custom_access: '\Drupal\tracker\Controller\TrackerUserRecent::checkAccess'
user: \d+
tracker.user_tab:
......
services:
access_check.tracker.view_own:
class: Drupal\tracker\Access\ViewOwnTrackerAccessCheck
tags:
- { name: access_check, applies_to: _access_tracker_own_information }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment