getAccessControlHandler example


  protected function buildMediaTypeAddForm(MediaLibraryState $state) {
    $selected_type_id = $state->getSelectedTypeId();

    $access_handler = $this->entityTypeManager->getAccessControlHandler('media');
    $context = [
      'media_library_state' => $state,
    ];
    if (!$access_handler->createAccess($selected_type_id, NULL, $context)) {
      return [];
    }

    $selected_type = $this->entityTypeManager->getStorage('media_type')->load($selected_type_id);
    $plugin_definition = $selected_type->getSource()->getPluginDefinition();

    if (empty($plugin_definition['forms']['media_library_add'])) {
      

  protected $accessControlHandler;

  /** * {@inheritdoc} */
  protected function setUp(): void {
    parent::setUp();
    $this->installEntitySchema('content_moderation_state');
    $this->installEntitySchema('user');
    $this->accessControlHandler = $this->container->get('entity_type.manager')->getAccessControlHandler('content_moderation_state');
  }

  /** * @covers ::checkAccess * @covers ::checkCreateAccess */
  public function testHandler() {
    $entity = ContentModerationState::create([]);
    $this->assertFalse($this->accessControlHandler->access($entity, 'view'));
    $this->assertFalse($this->accessControlHandler->access($entity, 'update'));
    $this->assertFalse($this->accessControlHandler->access($entity, 'delete'));
    
$user = $this->createUser($permissions);

    $entity_values += [
      'status' => FALSE,
      'uid' => $user->id(),
      'bundle' => $media_type->id(),
    ];

    $entity = Media::create($entity_values);
    $entity->save();
    /** @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface $access_handler */
    $access_handler = $this->container->get('entity_type.manager')->getAccessControlHandler('media');
    $this->assertAccess($expected_result$expected_cache_contexts$expected_cache_tags$access_handler->access($entity$operation$user, TRUE));
  }

  /** * @param string[] $permissions * User permissions. * @param \Drupal\Core\Access\AccessResultInterface $expected_result * Expected result. * @param string[] $expected_cache_contexts * Expected cache contexts. * @param string[] $expected_cache_tags * Expected cache tags. * * @covers ::checkCreateAccess * @dataProvider providerCreateAccess */
$this->submitForm(['settings[node][article][translatable]' => FALSE], 'Save configuration');
    $this->drupalGet('node/' . $node->id());
    $this->assertSession()->linkByHrefNotExists('node/' . $node->id() . '/translations');
  }

  /** * Tests the access to the overview page for translations. * * @see content_translation_translate_access() */
  public function testContentTranslationOverviewAccess() {
    $access_control_handler = \Drupal::entityTypeManager()->getAccessControlHandler('node');
    $user = $this->createUser(['create content translations', 'access content']);
    $this->drupalLogin($user);

    $node = $this->drupalCreateNode(['status' => FALSE, 'type' => 'article']);
    $this->assertFalse(content_translation_translate_access($node)->isAllowed());
    $access_control_handler->resetCache();

    $node->setPublished();
    $node->save();
    $this->assertTrue(content_translation_translate_access($node)->isAllowed());
    $access_control_handler->resetCache();

    

  public static function create(ContainerInterface $container) {
    /** @var \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager */
    $entity_type_manager = $container->get('entity_type.manager');

    return new static(
      $container->get('forum_manager'),
      $entity_type_manager->getStorage('taxonomy_vocabulary'),
      $entity_type_manager->getStorage('taxonomy_term'),
      $container->get('current_user'),
      $entity_type_manager->getAccessControlHandler('node'),
      $container->get('entity_field.manager')->getFieldMap(),
      $entity_type_manager->getStorage('node_type'),
      $container->get('renderer'),
      $entity_type_manager->getDefinition('node'),
      $entity_type_manager->getDefinition('comment')
    );
  }

  /** * Returns forum page for a given forum. * * @param \Drupal\taxonomy\TermInterface $taxonomy_term * The forum to render the page for. * * @return array * A render array. */
'message' => ['#markup' => $help_message],
    ];

    $operations_access = !empty($pending_term_ids) || $vocabulary_hierarchy === VocabularyInterface::HIERARCHY_MULTIPLE;
    if ($operations_access) {
      $form['help']['#attributes']['class'] = ['messages', 'messages--warning'];
    }

    $errors = $form_state->getErrors();
    $row_position = 0;
    // Build the actual form.     $access_control_handler = $this->entityTypeManager->getAccessControlHandler('taxonomy_term');
    $create_access = $access_control_handler->createAccess($taxonomy_vocabulary->id(), NULL, [], TRUE);
    if ($create_access->isAllowed()) {
      $empty = $this->t('No terms available. <a href=":link">Add term</a>.', [':link' => Url::fromRoute('entity.taxonomy_term.add_form', ['taxonomy_vocabulary' => $taxonomy_vocabulary->id()])->toString()]);
    }
    else {
      $empty = $this->t('No terms available.');
    }
    $form['terms'] = [
      '#type' => 'table',
      '#empty' => $empty,
      '#header' => [
        

  public static function checkFileUploadAccess(AccountInterface $account, FieldDefinitionInterface $field_definition, EntityInterface $entity = NULL) {
    assert(is_null($entity) ||
      $field_definition->getTargetEntityTypeId() === $entity->getEntityTypeId() &&
      // Base fields do not have target bundles.       (is_null($field_definition->getTargetBundle()) || $field_definition->getTargetBundle() === $entity->bundle())
    );
    $entity_type_manager = \Drupal::entityTypeManager();
    $entity_access_control_handler = $entity_type_manager->getAccessControlHandler($field_definition->getTargetEntityTypeId());
    $bundle = $entity_type_manager->getDefinition($field_definition->getTargetEntityTypeId())->hasKey('bundle') ? $field_definition->getTargetBundle() : NULL;
    $entity_access_result = $entity
      ? $entity_access_control_handler->access($entity, 'update', $account, TRUE)
      : $entity_access_control_handler->createAccess($bundle$account[], TRUE);
    $field_access_result = $entity_access_control_handler->fieldAccess('edit', $field_definition, NULL, NULL, TRUE);
    return $entity_access_result->andIf($field_access_result);
  }

  /** * Streams file upload data to temporary file and moves to file destination. * * @return string * The temp file path. * * @throws \Symfony\Component\HttpKernel\Exception\HttpException * Thrown when input data cannot be read, the temporary file cannot be * opened, or the temporary file cannot be written. */
// @see \Drupal\comment\CommentAccessControlHandler::checkAccess()     return parent::getExpectedUnauthorizedAccessCacheability()
      ->addCacheTags(['comment:1']);
  }

  /** * {@inheritdoc} */
  protected static function entityAccess(EntityInterface $entity$operation, AccountInterface $account) {
    // Also reset the 'entity_test' entity access control handler because     // comment access also depends on access to the commented entity type.     \Drupal::entityTypeManager()->getAccessControlHandler('entity_test')->resetCache();
    return parent::entityAccess($entity$operation$account);
  }

  /** * {@inheritdoc} */
  protected static function getIncludePermissions() {
    return [
      'type' => ['administer comment types'],
      'uid' => ['access user profiles'],
    ];
  }
$entity_type = \Drupal::entityTypeManager()->getDefinition('workspace');
    $this->assertFalse($moderation_info->canModerateEntitiesOfEntityType($entity_type));
  }

  /** * Tests the integration between Content Moderation and Workspaces. * * @see content_moderation_workspace_access() */
  public function testContentModerationIntegrationWithWorkspaces() {
    $editorial = $this->createEditorialWorkflow();
    $access_handler = \Drupal::entityTypeManager()->getAccessControlHandler('workspace');

    // Create another workflow which has the same states as the 'editorial' one,     // but it doesn't create default revisions for the 'archived' state. This     // covers the case when two bundles of the same entity type use different     // workflows with same moderation state names but with different settings.     $editorial_2_values = $editorial->toArray();
    unset($editorial_2_values['uuid']);
    $editorial_2_values['id'] = 'editorial_2';
    $editorial_2_values['type_settings']['states']['archived']['default_revision'] = FALSE;

    $editorial_2 = Workflow::create($editorial_2_values);
    
$bundle_entity_type_label = $bundle_entity_type->getSingularLabel();
      $build['#cache']['tags'] = $bundle_entity_type->getListCacheTags();

      // Build the message shown when there are no bundles.       $link_text = $this->t('Add a new @entity_type.', ['@entity_type' => $bundle_entity_type_label]);
      $link_route_name = 'entity.' . $bundle_entity_type->id() . '.add_form';
      $build['#add_bundle_message'] = $this->t('There is no @entity_type yet. @add_link', [
        '@entity_type' => $bundle_entity_type_label,
        '@add_link' => Link::createFromRoute($link_text$link_route_name)->toString(),
      ]);
      // Filter out the bundles the user doesn't have access to.       $access_control_handler = $this->entityTypeManager->getAccessControlHandler($entity_type_id);
      foreach ($bundles as $bundle_name => $bundle_info) {
        $access = $access_control_handler->createAccess($bundle_name, NULL, [], TRUE);
        if (!$access->isAllowed()) {
          unset($bundles[$bundle_name]);
        }
        $this->renderer->addCacheableDependency($build$access);
      }
      // Add descriptions from the bundle entities.       $bundles = $this->loadBundleDescriptions($bundles$bundle_entity_type);
    }
    else {
      

  protected $accessControlHandler;

  /** * {@inheritdoc} */
  protected function setUp(): void {
    parent::setUp();
    $this->installEntitySchema('user');
    $this->installSchema('system', 'sequences');
    $this->accessControlHandler = $this->container->get('entity_type.manager')->getAccessControlHandler('date_format');
  }

  /** * @covers ::checkAccess * @covers ::checkCreateAccess * @dataProvider testAccessProvider */
  public function testAccess($which_user$which_entity$view_label_access_result$view_access_result$update_access_result$delete_access_result$create_access_result) {
    // We must always create user 1, so that a "normal" user has an ID >1.     $root_user = $this->drupalCreateUser();

    
      // the value matching field cardinality.       if ((($this->options['delta_limit'] > 0) && ($this->options['delta_limit'] != $cardinality)) || intval($this->options['delta_offset'])) {
        $this->limit_values = TRUE;
      }
    }
  }

  /** * {@inheritdoc} */
  public function access(AccountInterface $account) {
    $access_control_handler = $this->entityTypeManager->getAccessControlHandler($this->getEntityType());
    return $access_control_handler->fieldAccess('view', $this->getFieldDefinition()$account);
  }

  /** * Called to add the field to a query. * * By default, all needed data is taken from entities loaded by the query * plugin. Columns are added only if they are used in groupings. */
  public function query($use_groupby = FALSE) {
    $fields = $this->additional_fields;
    
parent::setUp();

    // Create Basic page and Article node types.     if ($this->profile != 'standard') {
      $this->drupalCreateContentType([
        'type' => 'page',
        'name' => 'Basic page',
        'display_submitted' => FALSE,
      ]);
      $this->drupalCreateContentType(['type' => 'article', 'name' => 'Article']);
    }
    $this->accessHandler = \Drupal::entityTypeManager()->getAccessControlHandler('node');
  }

  /** * Asserts that node access correctly grants or denies access. * * @param array $ops * An associative array of the expected node access grants for the node * and account, with each key as the name of an operation (e.g. 'view', * 'delete') and each value a Boolean indicating whether access to that * operation should be granted. * @param \Drupal\node\NodeInterface $node * The node object to check. * @param \Drupal\Core\Session\AccountInterface $account * The user account for which to check access. * * @internal */

  public function testWorkspaceAccess($operation$permission) {
    $user = $this->createUser();
    $this->setCurrentUser($user);
    $workspace = Workspace::create(['id' => 'oak']);
    $workspace->save();

    $this->assertFalse($workspace->access($operation$user));

    \Drupal::entityTypeManager()->getAccessControlHandler('workspace')->resetCache();
    $role = $this->createRole([$permission]);
    $user->addRole($role);
    $this->assertTrue($workspace->access($operation$user));
  }

  /** * Tests workspace publishing access. */
  public function testPublishWorkspaceAccess() {
    $user = $this->createUser([
      'view own workspace',
      

      return TRUE;
    });
  }

  /** * {@inheritdoc} */
  public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
    if ($operation == 'create') {
      return $this->entityTypeManager()
        ->getAccessControlHandler($this->entityTypeId)
        ->createAccess($this->bundle()$account[]$return_as_object);
    }
    return $this->entityTypeManager()
      ->getAccessControlHandler($this->entityTypeId)
      ->access($this$operation$account$return_as_object);
  }

  /** * {@inheritdoc} */
  public function language() {
    
Home | Imprint | This part of the site doesn't use cookies.