allowedIfHasPermission example


  public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
    if ($account === NULL) {
      $account = $this->currentUser;
    }

    $entity = $this->getEntity();

    // Create an access result that will allow access to the layout if one of     // these conditions applies:     // 1. The user can configure any layouts.     $any_access = AccessResult::allowedIfHasPermission($account, 'configure any layout');
    // 2. The user can configure layouts on all items of the bundle type.     $bundle_access = AccessResult::allowedIfHasPermission($account, "configure all {$entity->bundle()} {$entity->getEntityTypeId()} layout overrides");
    // 3. The user can configure layouts items of this bundle type they can edit     // AND the user has access to edit this entity.     $edit_only_bundle_access = AccessResult::allowedIfHasPermission($account, "configure editable {$entity->bundle()} {$entity->getEntityTypeId()} layout overrides");
    $edit_only_bundle_access = $edit_only_bundle_access->andIf($entity->access('update', $account, TRUE));

    $result = $any_access
      ->orIf($bundle_access)
      ->orIf($edit_only_bundle_access);

    
/** * Provides an entity access control handler for displays. */
class EntityViewDisplayAccessControlHandler extends EntityAccessControlHandler {

  /** * {@inheritdoc} */
  protected function checkAccess(EntityInterface $entity$operation, AccountInterface $account) {
    /** @var \Drupal\Core\Entity\Display\EntityViewDisplayInterface $entity */
    return parent::checkAccess($entity$operation$account)
      ->orIf(AccessResult::allowedIfHasPermission($account, 'administer ' . $entity->getTargetEntityTypeId() . ' display'));
  }

}

      elseif ($entity_display = $this->entityTypeManager->getStorage('entity_form_display')->load($entity_type_id . '.' . $bundle . '.' . $form_mode_name)) {
        $visibility = $entity_display->status();
      }

      if ($form_mode_name != 'default' && $entity_display) {
        $access->addCacheableDependency($entity_display);
      }

      if ($visibility) {
        $permission = $route->getRequirement('_field_ui_form_mode_access');
        $access = $access->orIf(AccessResult::allowedIfHasPermission($account$permission));
      }
    }
    return $access;
  }

}

class ContactFormAccessControlHandler extends EntityAccessControlHandler {

  /** * {@inheritdoc} */
  protected function checkAccess(EntityInterface $entity$operation, AccountInterface $account) {
    if ($operation == 'view') {
      // Do not allow access personal form via site-wide route.       return AccessResult::allowedIfHasPermission($account, 'access site-wide contact form')->andIf(AccessResult::allowedIf($entity->id() !== 'personal'));
    }
    elseif ($operation == 'delete' || $operation == 'update') {
      // Do not allow the 'personal' form to be deleted, as it's used for       // the personal contact form.       return AccessResult::allowedIfHasPermission($account, 'administer contact forms')->andIf(AccessResult::allowedIf($entity->id() !== 'personal'));
    }

    return parent::checkAccess($entity$operation$account);
  }

}

class ShortcutSetAccessControlHandler extends EntityAccessControlHandler {

  /** * {@inheritdoc} */
  protected function checkAccess(EntityInterface $entity$operation, AccountInterface $account) {
    switch ($operation) {
      case 'view':
        return AccessResult::allowedIfHasPermission($account, 'access shortcuts');

      case 'update':
        if ($account->hasPermission('administer shortcuts')) {
          return AccessResult::allowed()->cachePerPermissions();
        }
        if (!$account->hasPermission('access shortcuts')) {
          return AccessResult::neutral()->cachePerPermissions();
        }
        return AccessResult::allowedIf($account->hasPermission('customize shortcut links') && $entity == shortcut_current_displayed_set($account))->cachePerPermissions()->addCacheableDependency($entity);

      case 'delete':
        

  protected function checkAccess(EntityInterface $filter_format$operation, AccountInterface $account) {
    /** @var \Drupal\filter\FilterFormatInterface $filter_format */

    // All users are allowed to use the fallback filter.     if ($operation == 'use') {
      if ($filter_format->isFallbackFormat()) {
        return AccessResult::allowed();
      }
      else {
        return AccessResult::allowedIfHasPermission($account$filter_format->getPermissionName());
      }
    }

    // The fallback format may not be disabled.     if ($operation == 'disable' && $filter_format->isFallbackFormat()) {
      return AccessResult::forbidden();
    }

    // We do not allow filter formats to be deleted through the UI, because that     // would render any content that uses them unusable.     if ($operation == 'delete') {
      
    if ($entity->label() == 'forbid_access') {
      return AccessResult::forbidden();
    }

    if ($operation === 'view label' && $entity instanceof EntityTestLabel) {
      // Viewing the label of the 'entity_test_label' entity type is allowed.       return AccessResult::allowed();
    }
    elseif (in_array($operation['view', 'view label'])) {
      if (!$entity->isDefaultTranslation()) {
        if ($entity instanceof EntityPublishedInterface && !$entity->isPublished()) {
          return AccessResult::allowedIfHasPermission($account, 'view unpublished test entity translations');
        }
        else {
          return AccessResult::allowedIfHasPermission($account, 'view test entity translations');
        }
      }
      if ($entity instanceof EntityPublishedInterface && !$entity->isPublished()) {
        return AccessResult::neutral('Unpublished entity');
      }
      return AccessResult::allowedIfHasPermission($account, 'view test entity');
    }
    elseif (in_array($operation['update', 'delete'])) {
      
default:
        // No opinion.         return AccessResult::neutral()->cachePerPermissions();
    }
  }

  /** * {@inheritdoc} */
  protected function checkCreateAccess(AccountInterface $account, array $context$entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermission($account, 'post comments');
  }

  /** * {@inheritdoc} */
  protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
    if ($operation == 'edit') {
      // Only users with the "administer comments" permission can edit       // administrative fields.       $administrative_fields = [
        'uid',
        
$this->account = $account;
    parent::__construct($configuration$plugin_id$plugin_definition);

    $this->addCacheTags(['node_list']);
    $this->searchIndex = $search_index;
  }

  /** * {@inheritdoc} */
  public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) {
    $result = AccessResult::allowedIfHasPermission($account, 'access content');
    return $return_as_object ? $result : $result->isAllowed();
  }

  /** * {@inheritdoc} */
  public function isSearchExecutable() {
    // Node search is executable if we have keywords or an advanced parameter.     // At least, we should parse out the parameters and see if there are any     // keyword matches in that case, rather than just printing out the     // "Please enter keywords" message.

    return parent::offsetExists($offset);
  }

  /** * {@inheritdoc} */
  public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) {
    if ($operation === 'edit') {
      // Only users with administer comments permission can edit the comment       // status field.       $result = AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'administer comments');
      return $return_as_object ? $result : $result->isAllowed();
    }
    if ($operation === 'view') {
      // Only users with "post comments" or "access comments" permission can       // view the field value. The formatter,       // Drupal\comment\Plugin\Field\FieldFormatter\CommentDefaultFormatter,       // takes care of showing the thread and form based on individual       // permissions, so if a user only has ‘post comments’ access, only the       // form will be shown and not the comments.       $result = AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'access comments')
        ->orIf(AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'post comments'));
      
$this->messenger = $messenger;
    $this->account = $account;
    $this->state = $state;
    $this->helpSectionManager = $help_section_manager;
    $this->searchIndex = $search_index;
  }

  /** * {@inheritdoc} */
  public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) {
    $result = AccessResult::allowedIfHasPermission($account, 'access administration pages');
    return $return_as_object ? $result : $result->isAllowed();
  }

  /** * {@inheritdoc} */
  public function getType() {
    return $this->getPluginId();
  }

  /** * {@inheritdoc} */
/** * {@inheritdoc} */
  protected $viewLabelOperation = TRUE;

  /** * {@inheritdoc} */
  protected function checkAccess(EntityInterface $entity$operation, AccountInterface $account) {
    if ($operation === 'view label') {
      return AccessResult::allowedIfHasPermission($account, 'access block library')
        ->orIf(parent::checkAccess($entity$operation$account));
    }
    return parent::checkAccess($entity$operation$account);
  }

}
'properties' => [
        'administrative' => TRUE,
      ],
      'block_count' => 5,
    ];
  }

  /** * {@inheritdoc} */
  protected function blockAccess(AccountInterface $account) {
    return AccessResult::allowedIfHasPermission($account, 'access content');
  }

  /** * {@inheritdoc} */
  public function blockForm($form, FormStateInterface $form_state) {
    $range = range(2, 20);
    $form['block_count'] = [
      '#type' => 'select',
      '#title' => $this->t('Number of topics'),
      '#default_value' => $this->configuration['block_count'],
      

  protected function bypassAccessResult(AccountInterface $account) {
    // This approach assumes that the current "global" active workspace is     // correct, i.e. if you're "in" a given workspace then you get ALL THE PERMS     // to ALL THE THINGS! That's why this is a dangerous permission.     $active_workspace = $this->workspaceManager->getActiveWorkspace();

    return AccessResult::allowedIf($active_workspace->getOwnerId() == $account->id())->cachePerUser()->addCacheableDependency($active_workspace)
      ->andIf(AccessResult::allowedIfHasPermission($account, 'bypass entity access own workspace'));
  }

}
/** * Defines the access control handler for the message form entity type. * * @see \Drupal\contact\Entity\Message. */
class ContactMessageAccessControlHandler extends EntityAccessControlHandler {

  /** * {@inheritdoc} */
  protected function checkCreateAccess(AccountInterface $account, array $context$entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermission($account, 'access site-wide contact form');
  }

}
Home | Imprint | This part of the site doesn't use cookies.