Issue #3351599 by baldwinlouie, yas: Add an option to restrict the number of...

Issue #3351599 by baldwinlouie, yas: Add an option to restrict the number of tenants a user can create

Issue #3351599 by baldwinlouie, yas: Add an option to restrict the number of...
a8c4725a · baldwinlouie · Yas Naoi · 3a443395 · a8c4725a · a8c4725a
Commit a8c4725a authored Apr 1, 2023 by baldwinlouie Committed by Yas Naoi Apr 1, 2023
--- a/modules/tenants/openstack_provider/openstack_provider.module
+++ b/modules/tenants/openstack_provider/openstack_provider.module
@@ -5,10 +5,13 @@
 * Contains openstack_provider.module.
 */

+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Access\AccessResultInterface;
 use Drupal\Core\Database\Query\AlterableInterface;
 use Drupal\Core\Entity\Display\EntityViewDisplayInterface;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\Url;
 use Drupal\Core\Link;

@@ -150,6 +153,31 @@ function openstack_provider_entity_operation(EntityInterface $entity): array {
  return $operations;
 }

+/**
+ * Implements hook_entity_create_access().
+ */
+function openstack_provider_entity_create_access(AccountInterface $account, array $context, $entity_bundle): AccessResultInterface {
+  // Check the permission `add multiple openstack tenants`.  Normal tenant
+  // users can only have one tenant.  This check restricts access to the
+  // Add new tenant page if they already have a tenant.  To bypass,
+  // users must have the `add multiple openstack tenants` permission.
+  if (!empty($context['entity_type_id'])
+    && $context['entity_type_id'] === 'tenant'
+    && !empty($entity_bundle)
+    && $entity_bundle === 'openstack') {
+
+    // Check if the user can add multiple tenants.
+    if ($account->hasPermission('add multiple openstack tenants')) {
+      return AccessResult::allowed();
+    }
+    // Check if use has a tenant. Don't let them add additional tenants.
+    $tenants = openstack_provider_get_user_tenants($account->id());
+    if ($tenants === NULL || count($tenants) > 0) {
+      return AccessResult::forbidden();
+    }
+  }
+}
+
 /**
 * Get all the openstack_region entities for selectbox.
 *
@@ -175,3 +203,29 @@ function openstack_provider_get_regions_dropdown(): array {
  return $dropdown;

 }
+
+/**
+ * Get a user's tenants.
+ *
+ * @param string $uid
+ *   The uid to retrieve.
+ *
+ * @return array|null
+ *   Array of tenants or null if there is an exception.
+ */
+function openstack_provider_get_user_tenants(string $uid): ?array {
+  $tenants = [];
+  try {
+    $tenants = \Drupal::entityTypeManager()
+      ->getStorage('tenant')
+      ->loadByProperties([
+        'type' => 'openstack',
+        'uid' => $uid,
+      ]);
+  }
+  catch (Exception $e) {
+    \Drupal::service('cloud')->handleException($e);
+    return NULL;
+  }
+  return $tenants;
+}
--- a/modules/tenants/openstack_provider/openstack_provider.permissions.yml
+++ b/modules/tenants/openstack_provider/openstack_provider.permissions.yml
@@ -29,3 +29,7 @@ delete any openstack tenant project:

 share openstack tenant project:
  title: 'Share OpenStack tenant project'
+
+add multiple openstack tenants:
+  title: 'Add multiple OpenStack tenants'
+  description: 'Allow users to add more than one OpenStack tenant.'