Commit 396d4023 authored by catch's avatar catch

Issue #2105557 by Berdir, dawehner: Add an admin_permission to EntityType...

Issue #2105557 by Berdir, dawehner: Add an admin_permission to EntityType annotations to provide simple default access handling.
parent 43bde68d
......@@ -74,6 +74,18 @@ class EntityType extends Plugin {
'access' => 'Drupal\Core\Entity\EntityAccessController',
);
/**
* The name of the default administrative permission.
*
* The default \Drupal\Core\Entity\EntityAccessController class checks this
* permission for all operations in its checkAccess() method. Entities with
* more complex permissions can extend this class to do their own access
* checks.
*
* @var string (optional)
*/
public $admin_permission;
/**
* Boolean indicating whether fields can be attached to entities of this type.
*
......
......@@ -32,6 +32,13 @@ class EntityAccessController implements EntityAccessControllerInterface {
*/
protected $entityType;
/**
* The entity info array.
*
* @var array
*/
protected $entityInfo;
/**
* The module handler service.
*
......@@ -44,9 +51,12 @@ class EntityAccessController implements EntityAccessControllerInterface {
*
* @param string $entity_type
* The entity type of the access controller instance.
* @param array $entity_info
* An array of entity info for the entity type.
*/
public function __construct($entity_type) {
public function __construct($entity_type, array $entity_info) {
$this->entityType = $entity_type;
$this->entityInfo = $entity_info;
}
/**
......@@ -127,7 +137,12 @@ protected function processAccessHookResults(array $access) {
* could not be determined.
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
return NULL;
if (!empty($this->entityInfo['admin_permission'])) {
return $account->hasPermission($this->entityInfo['admin_permission']);
}
else {
return NULL;
}
}
/**
......@@ -243,7 +258,12 @@ public function createAccess($entity_bundle = NULL, AccountInterface $account =
* could not be determined.
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return NULL;
if (!empty($this->entityInfo['admin_permission'])) {
return $account->hasPermission($this->entityInfo['admin_permission']);
}
else {
return NULL;
}
}
/**
......
......@@ -354,7 +354,7 @@ protected function getController($entity_type, $controller_type) {
$this->controllers[$controller_type][$entity_type] = $class::createInstance($this->container, $entity_type, $this->getDefinition($entity_type));
}
else {
$this->controllers[$controller_type][$entity_type] = new $class($entity_type);
$this->controllers[$controller_type][$entity_type] = new $class($entity_type, $this->getDefinition($entity_type));
}
}
return $this->controllers[$controller_type][$entity_type];
......
<?php
/**
* @file
* Contains \Drupal\action\ActionAccessController.
*/
namespace Drupal\action;
use Drupal\Core\Entity\EntityAccessController;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Language\Language;
use Drupal\Core\Session\AccountInterface;
class ActionAccessController extends EntityAccessController {
/**
* {@inheritdoc}
*/
public function access(EntityInterface $entity, $operation, $langcode = Language::LANGCODE_DEFAULT, AccountInterface $account = NULL) {
return user_access('administer actions', $account);
}
}
......@@ -23,16 +23,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
if ($operation === 'view') {
return TRUE;
}
elseif (in_array($operation, array('update', 'delete'))) {
return user_access('administer blocks', $account);
}
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return user_access('administer blocks', $account);
return parent::checkAccess($entity, $operation, $langcode, $account);
}
}
<?php
/**
* @file
* Contains \Drupal\custom_block\CustomBlockTypeAccessController.
*/
namespace Drupal\custom_block;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityAccessController;
use Drupal\Core\Session\AccountInterface;
/**
* Defines the access controller for the custom block type entity type.
*/
class CustomBlockTypeAccessController extends EntityAccessController {
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
if ($operation === 'view') {
return TRUE;
}
elseif (in_array($operation, array('update', 'delete'))) {
return user_access('administer blocks', $account);
}
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return user_access('administer blocks', $account);
}
}
......@@ -34,6 +34,7 @@
* },
* "translation" = "Drupal\custom_block\CustomBlockTranslationController"
* },
* admin_permission = "administer blocks",
* base_table = "custom_block",
* revision_table = "custom_block_revision",
* route_base_path = "admin/structure/block/custom-blocks/manage/{bundle}",
......
......@@ -22,7 +22,6 @@
* module = "custom_block",
* controllers = {
* "storage" = "Drupal\Core\Config\Entity\ConfigStorageController",
* "access" = "Drupal\custom_block\CustomBlockTypeAccessController",
* "form" = {
* "default" = "Drupal\custom_block\CustomBlockTypeFormController",
* "add" = "Drupal\custom_block\CustomBlockTypeFormController",
......@@ -31,6 +30,7 @@
* },
* "list" = "Drupal\custom_block\CustomBlockTypeListController"
* },
* admin_permission = "administer blocks",
* config_prefix = "custom_block.type",
* bundle_of = "custom_block",
* entity_keys = {
......
......@@ -32,11 +32,13 @@ class BlockAccessController extends EntityAccessController implements EntityCont
*
* @param string $entity_type
* The entity type of the access controller instance.
* @param array $entity_info
* An array of entity info for the entity type.
* @param \Drupal\Core\Path\AliasManagerInterface $alias_manager
* The alias manager.
*/
public function __construct($entity_type, AliasManagerInterface $alias_manager) {
parent::__construct($entity_type);
public function __construct($entity_type, array $entity_info, AliasManagerInterface $alias_manager) {
parent::__construct($entity_type, $entity_info);
$this->aliasManager = $alias_manager;
}
......@@ -46,6 +48,7 @@ public function __construct($entity_type, AliasManagerInterface $alias_manager)
public static function createInstance(ContainerInterface $container, $entity_type, array $entity_info) {
return new static(
$entity_type,
$entity_info,
$container->get('path.alias_manager')
);
}
......
......@@ -20,7 +20,7 @@ class ConfigTestAccessController extends EntityAccessController {
/**
* {@inheritdoc}
*/
public function access(EntityInterface $entity, $operation, $langcode = Language::LANGCODE_DEFAULT, AccountInterface $account = NULL) {
public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
return TRUE;
}
......
......@@ -35,7 +35,6 @@
* module = "entity",
* controllers = {
* "list" = "Drupal\entity\EntityFormModeListController",
* "access" = "Drupal\entity\EntityDisplayModeAccessController",
* "form" = {
* "add" = "Drupal\entity\Form\EntityFormModeAddForm",
* "edit" = "Drupal\entity\Form\EntityDisplayModeEditForm",
......@@ -43,6 +42,7 @@
* },
* "storage" = "Drupal\entity\EntityDisplayModeStorageController"
* },
* admin_permission = "administer display modes",
* config_prefix = "entity.form_mode",
* entity_keys = {
* "id" = "id",
......
......@@ -36,7 +36,6 @@
* module = "entity",
* controllers = {
* "list" = "Drupal\entity\EntityDisplayModeListController",
* "access" = "Drupal\entity\EntityDisplayModeAccessController",
* "form" = {
* "add" = "Drupal\entity\Form\EntityDisplayModeAddForm",
* "edit" = "Drupal\entity\Form\EntityDisplayModeEditForm",
......@@ -44,6 +43,7 @@
* },
* "storage" = "Drupal\entity\EntityDisplayModeStorageController"
* },
* admin_permission = "administer display modes",
* config_prefix = "entity.view_mode",
* entity_keys = {
* "id" = "id",
......
<?php
/**
* @file
* Contains \Drupal\entity\EntityDisplayModeAccessController.
*/
namespace Drupal\entity;
use Drupal\Core\Entity\EntityAccessController;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
/**
* Provides the access controller for entity display modes.
*/
class EntityDisplayModeAccessController extends EntityAccessController {
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
if ($operation === 'view') {
return TRUE;
}
elseif (in_array($operation, array('create', 'update', 'delete'))) {
return $account->hasPermission('administer display modes');
}
}
}
......@@ -33,8 +33,8 @@
* },
* "storage" = "Drupal\Core\Config\Entity\ConfigStorageController",
* "list" = "Drupal\image\ImageStyleListController",
* "access" = "Drupal\image\ImageStyleAccessController"
* },
* admin_permission = "administer image styles",
* config_prefix = "image.style",
* entity_keys = {
* "id" = "name",
......
<?php
/**
* @file
* Contains \Drupal\image\ImageStyleAccessController.
*/
namespace Drupal\image;
use Drupal\Core\Entity\EntityAccessController;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
/**
* Defines an access controller for the image style entity.
*
* @see \Drupal\image\Entity\ImageStyle
*/
class ImageStyleAccessController extends EntityAccessController {
/**
* {@inheritdoc}
*/
public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
switch ($operation) {
case 'create':
case 'update':
case 'delete':
return $account->hasPermission('administer image styles');
break;
}
}
}
......@@ -31,6 +31,7 @@
* "delete" = "Drupal\language\Form\LanguageDeleteForm"
* }
* },
* admin_permission = "administer languages",
* config_prefix = "language.entity",
* entity_keys = {
* "id" = "id",
......
......@@ -17,21 +17,14 @@ class LanguageAccessController extends EntityAccessController {
/**
* {@inheritdoc}
*/
public function access(EntityInterface $entity, $operation, $langcode = Language::LANGCODE_DEFAULT, AccountInterface $account = NULL) {
public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
switch ($operation) {
case 'update':
case 'delete':
return !$entity->locked && user_access('administer languages');
return !$entity->locked && parent::checkAccess($entity, $operation, $langcode, $account);
break;
}
return FALSE;
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return $account->hasPermission('administer languages');
}
}
......@@ -33,6 +33,7 @@
* "default" = "Drupal\menu_link\MenuLinkFormController"
* }
* },
* admin_permission = "administer menu",
* static_cache = FALSE,
* base_table = "menu_links",
* uri_callback = "menu_link_uri",
......
......@@ -38,11 +38,4 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
return $access;
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return $account->hasPermission('administer menu');
}
}
......@@ -30,6 +30,7 @@
* },
* "list" = "Drupal\node\NodeTypeListController",
* },
* admin_permission = "administer content types",
* config_prefix = "node.type",
* bundle_of = "node",
* entity_keys = {
......
......@@ -35,11 +35,13 @@ class NodeAccessController extends EntityAccessController implements NodeAccessC
*
* @param string $entity_type
* The entity type of the access controller instance.
* @param array $entity_info
* An array of entity info for the entity type.
* @param \Drupal\node\NodeGrantDatabaseStorageInterface $grant_storage
* The node grant storage.
*/
public function __construct($entity_type, NodeGrantDatabaseStorageInterface $grant_storage) {
parent::__construct($entity_type);
public function __construct($entity_type, array $entity_info, NodeGrantDatabaseStorageInterface $grant_storage) {
parent::__construct($entity_type, $entity_info);
$this->grantStorage = $grant_storage;
}
......@@ -49,6 +51,7 @@ public function __construct($entity_type, NodeGrantDatabaseStorageInterface $gra
public static function createInstance(ContainerInterface $container, $entity_type, array $entity_info) {
return new static(
$entity_type,
$entity_info,
$container->get('node.grant_storage')
);
}
......
......@@ -25,14 +25,7 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
if ($operation == 'delete' && $entity->isLocked()) {
return FALSE;
}
return user_access('administer content types', $account);
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return user_access('administer content types', $account);
return parent::checkAccess($entity, $operation, $langcode, $account);
}
}
......@@ -21,7 +21,6 @@
* module = "picture",
* controllers = {
* "storage" = "Drupal\Core\Config\Entity\ConfigStorageController",
* "access" = "Drupal\picture\PictureMappingAccessController",
* "list" = "Drupal\picture\PictureMappingListController",
* "form" = {
* "edit" = "Drupal\picture\PictureMappingFormController",
......@@ -31,6 +30,7 @@
* }
* },
* list_path = "admin/config/media/picturemapping",
* admin_permission = "administer pictures",
* config_prefix = "picture.mappings",
* entity_keys = {
* "id" = "id",
......
<?php
/**
* @file
* Contains \Drupal\picture\PictureMappingAccessController.
*/
namespace Drupal\picture;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityAccessController;
use Drupal\Core\Session\AccountInterface;
/**
* Defines the access controller for the picture mapping entity type.
*/
class PictureMappingAccessController extends EntityAccessController {
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
if ($operation === 'view') {
return TRUE;
}
elseif (in_array($operation, array('update', 'delete'))) {
return $account->hasPermission('administer pictures');
}
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return $account->hasPermission('administer pictures');
}
}
......@@ -24,8 +24,8 @@
* module = "system",
* controllers = {
* "storage" = "Drupal\Core\Config\Entity\ConfigStorageController",
* "access" = "Drupal\action\ActionAccessController"
* },
* admin_permission = "administer actions",
* config_prefix = "system.action",
* entity_keys = {
* "id" = "id",
......
......@@ -22,7 +22,6 @@
* module = "taxonomy",
* controllers = {
* "storage" = "Drupal\taxonomy\VocabularyStorageController",
* "access" = "Drupal\taxonomy\VocabularyAccessController",
* "list" = "Drupal\taxonomy\VocabularyListController",
* "form" = {
* "default" = "Drupal\taxonomy\VocabularyFormController",
......@@ -30,6 +29,7 @@
* "delete" = "Drupal\taxonomy\Form\VocabularyDeleteForm"
* }
* },
* admin_permission = "administer taxonomy",
* config_prefix = "taxonomy.vocabulary",
* bundle_of = "taxonomy_term",
* entity_keys = {
......
<?php
/**
* @file
* Contains \Drupal\taxonomy\VocabularyAccessController.
*/
namespace Drupal\taxonomy;
use Drupal\Core\Entity\EntityAccessController;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
/**
* Defines an access controller for the vocabulary entity.
*
* @see \Drupal\taxonomy\Entity\Vocabulary.
*/
class VocabularyAccessController extends EntityAccessController {
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
return $account->hasPermission('administer taxonomy');
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return $account->hasPermission('administer taxonomy');
}
}
......@@ -27,6 +27,7 @@
* "delete" = "Drupal\user\Form\UserRoleDelete"
* }
* },
* admin_permission = "administer permissions",
* config_prefix = "user.role",
* entity_keys = {
* "id" = "id",
......
......@@ -30,6 +30,7 @@
* },
* "translation" = "Drupal\user\ProfileTranslationController"
* },
* admin_permission = "administer user",
* base_table = "users",
* uri_callback = "user_uri",
* route_base_path = "admin/config/people/accounts",
......
......@@ -27,15 +27,8 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
}
default:
return user_access('administer permissions', $account);
return parent::checkAccess($entity, $operation, $langcode, $account);
}
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return user_access('administer permissions', $account);
}
}
......@@ -40,13 +40,6 @@ protected function checkAccess(EntityInterface $entity, $operation, $langcode, A
}
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return user_access('administer users', $account);
}
/**
* Check view access.
*
......
......@@ -25,6 +25,7 @@
* "storage" = "Drupal\views\ViewStorageController",
* "access" = "Drupal\views\ViewAccessController"
* },
* admin_permission = "administer views",
* config_prefix = "views.view",
* entity_keys = {
* "id" = "id",
......
......@@ -20,15 +20,8 @@ class ViewAccessController extends EntityAccessController {
/**
* {@inheritdoc}
*/
public function access(EntityInterface $entity, $operation, $langcode = Language::LANGCODE_DEFAULT, AccountInterface $account = NULL) {
return $operation == 'view' || user_access('administer views', $account);
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return user_access('administer views', $account);
public function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
return $operation == 'view' || parent::checkAccess($entity, $operation, $langcode, $account);
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment