CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
getAccessControlHandler example
protected function buildMediaTypeAddForm(MediaLibraryState $state) {
$selected_type_id = $state->getSelectedTypeId();
$access_handler = $this->entityTypeManager->getAccessControlHandler('media');
$context = [
'media_library_state' => $state,
];
if (!$access_handler->createAccess($selected_type_id, NULL, $context)) {
return [];
}
$selected_type = $this->entityTypeManager->getStorage('media_type')->load($selected_type_id);
$plugin_definition = $selected_type->getSource()->getPluginDefinition();
if (empty($plugin_definition['forms']['media_library_add'])) {
protected $accessControlHandler;
/** * {@inheritdoc} */
protected function setUp(): void {
parent::setUp();
$this->installEntitySchema('content_moderation_state');
$this->installEntitySchema('user');
$this->accessControlHandler = $this->container->get('entity_type.manager')->getAccessControlHandler('content_moderation_state');
}
/** * @covers ::checkAccess * @covers ::checkCreateAccess */
public function testHandler() {
$entity = ContentModerationState::create([]);
$this->assertFalse($this->accessControlHandler->access($entity, 'view'));
$this->assertFalse($this->accessControlHandler->access($entity, 'update'));
$this->assertFalse($this->accessControlHandler->access($entity, 'delete'));
$user = $this->createUser($permissions);
$entity_values += [
'status' => FALSE,
'uid' => $user->id(),
'bundle' => $media_type->id(),
];
$entity = Media::create($entity_values);
$entity->save();
/** @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface $access_handler */
$access_handler = $this->container->get('entity_type.manager')->getAccessControlHandler('media');
$this->assertAccess($expected_result, $expected_cache_contexts, $expected_cache_tags, $access_handler->access($entity, $operation, $user, TRUE));
}
/** * @param string[] $permissions * User permissions. * @param \Drupal\Core\Access\AccessResultInterface $expected_result * Expected result. * @param string[] $expected_cache_contexts * Expected cache contexts. * @param string[] $expected_cache_tags * Expected cache tags. * * @covers ::checkCreateAccess * @dataProvider providerCreateAccess */
$entity_values += [
'status' => FALSE,
'uid' => $user->id(),
'bundle' => $media_type->id(),
];
$entity = Media::create($entity_values);
$entity->save();
/** @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface $access_handler */
$access_handler = $this->container->get('entity_type.manager')->getAccessControlHandler('media');
$this->assertAccess($expected_result, $expected_cache_contexts, $expected_cache_tags, $access_handler->access($entity, $operation, $user, TRUE));
}
/** * @param string[] $permissions * User permissions. * @param \Drupal\Core\Access\AccessResultInterface $expected_result * Expected result. * @param string[] $expected_cache_contexts * Expected cache contexts. * @param string[] $expected_cache_tags * Expected cache tags. * * @covers ::checkCreateAccess * @dataProvider providerCreateAccess */
$this->submitForm(['settings[node][article][translatable]' => FALSE], 'Save configuration');
$this->drupalGet('node/' . $node->id());
$this->assertSession()->linkByHrefNotExists('node/' . $node->id() . '/translations');
}
/** * Tests the access to the overview page for translations. * * @see content_translation_translate_access() */
public function testContentTranslationOverviewAccess() {
$access_control_handler = \Drupal::entityTypeManager()->getAccessControlHandler('node');
$user = $this->createUser(['create content translations', 'access content']);
$this->drupalLogin($user);
$node = $this->drupalCreateNode(['status' => FALSE, 'type' => 'article']);
$this->assertFalse(content_translation_translate_access($node)->isAllowed());
$access_control_handler->resetCache();
$node->setPublished();
$node->save();
$this->assertTrue(content_translation_translate_access($node)->isAllowed());
$access_control_handler->resetCache();
$this->drupalGet('node/' . $node->id());
$this->assertSession()->linkByHrefNotExists('node/' . $node->id() . '/translations');
}
/** * Tests the access to the overview page for translations. * * @see content_translation_translate_access() */
public function testContentTranslationOverviewAccess() {
$access_control_handler = \Drupal::entityTypeManager()->getAccessControlHandler('node');
$user = $this->createUser(['create content translations', 'access content']);
$this->drupalLogin($user);
$node = $this->drupalCreateNode(['status' => FALSE, 'type' => 'article']);
$this->assertFalse(content_translation_translate_access($node)->isAllowed());
$access_control_handler->resetCache();
$node->setPublished();
$node->save();
$this->assertTrue(content_translation_translate_access($node)->isAllowed());
$access_control_handler->resetCache();
public static function create(ContainerInterface $container) {
/** @var \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager */
$entity_type_manager = $container->get('entity_type.manager');
return new static(
$container->get('forum_manager'),
$entity_type_manager->getStorage('taxonomy_vocabulary'),
$entity_type_manager->getStorage('taxonomy_term'),
$container->get('current_user'),
$entity_type_manager->getAccessControlHandler('node'),
$container->get('entity_field.manager')->getFieldMap(),
$entity_type_manager->getStorage('node_type'),
$container->get('renderer'),
$entity_type_manager->getDefinition('node'),
$entity_type_manager->getDefinition('comment')
);
}
/** * Returns forum page for a given forum. * * @param \Drupal\taxonomy\TermInterface $taxonomy_term * The forum to render the page for. * * @return array * A render array. */
'message' => ['#markup' => $help_message],
];
$operations_access = !empty($pending_term_ids) || $vocabulary_hierarchy === VocabularyInterface::HIERARCHY_MULTIPLE;
if ($operations_access) {
$form['help']['#attributes']['class'] = ['messages', 'messages--warning'];
}
$errors = $form_state->getErrors();
$row_position = 0;
// Build the actual form. $access_control_handler = $this->entityTypeManager->getAccessControlHandler('taxonomy_term');
$create_access = $access_control_handler->createAccess($taxonomy_vocabulary->id(), NULL, [], TRUE);
if ($create_access->isAllowed()) {
$empty = $this->t('No terms available. <a href=":link">Add term</a>.', [':link' => Url::fromRoute('entity.taxonomy_term.add_form', ['taxonomy_vocabulary' => $taxonomy_vocabulary->id()])->toString()]);
}
else {
$empty = $this->t('No terms available.');
}
$form['terms'] = [
'#type' => 'table',
'#empty' => $empty,
'#header' => [
];
$operations_access = !empty($pending_term_ids) || $vocabulary_hierarchy === VocabularyInterface::HIERARCHY_MULTIPLE;
if ($operations_access) {
$form['help']['#attributes']['class'] = ['messages', 'messages--warning'];
}
$errors = $form_state->getErrors();
$row_position = 0;
// Build the actual form. $access_control_handler = $this->entityTypeManager->getAccessControlHandler('taxonomy_term');
$create_access = $access_control_handler->createAccess($taxonomy_vocabulary->id(), NULL, [], TRUE);
if ($create_access->isAllowed()) {
$empty = $this->t('No terms available. <a href=":link">Add term</a>.', [':link' => Url::fromRoute('entity.taxonomy_term.add_form', ['taxonomy_vocabulary' => $taxonomy_vocabulary->id()])->toString()]);
}
else {
$empty = $this->t('No terms available.');
}
$form['terms'] = [
'#type' => 'table',
'#empty' => $empty,
'#header' => [
public static function checkFileUploadAccess(AccountInterface $account, FieldDefinitionInterface $field_definition, EntityInterface $entity = NULL) {
assert(is_null($entity) ||
$field_definition->getTargetEntityTypeId() === $entity->getEntityTypeId() &&
// Base fields do not have target bundles. (is_null($field_definition->getTargetBundle()) || $field_definition->getTargetBundle() === $entity->bundle())
);
$entity_type_manager = \Drupal::entityTypeManager();
$entity_access_control_handler = $entity_type_manager->getAccessControlHandler($field_definition->getTargetEntityTypeId());
$bundle = $entity_type_manager->getDefinition($field_definition->getTargetEntityTypeId())->hasKey('bundle') ? $field_definition->getTargetBundle() : NULL;
$entity_access_result = $entity
? $entity_access_control_handler->access($entity, 'update', $account, TRUE)
: $entity_access_control_handler->createAccess($bundle, $account, [], TRUE);
$field_access_result = $entity_access_control_handler->fieldAccess('edit', $field_definition, NULL, NULL, TRUE);
return $entity_access_result->andIf($field_access_result);
}
/** * Streams file upload data to temporary file and moves to file destination. * * @return string * The temp file path. * * @throws \Symfony\Component\HttpKernel\Exception\HttpException * Thrown when input data cannot be read, the temporary file cannot be * opened, or the temporary file cannot be written. */
// @see \Drupal\comment\CommentAccessControlHandler::checkAccess()
return parent::getExpectedUnauthorizedAccessCacheability()
->addCacheTags(['comment:1']);
}
/** * {@inheritdoc} */
protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
// Also reset the 'entity_test' entity access control handler because // comment access also depends on access to the commented entity type. \Drupal::entityTypeManager()->getAccessControlHandler('entity_test')->resetCache();
return parent::entityAccess($entity, $operation, $account);
}
/** * {@inheritdoc} */
protected static function getIncludePermissions() {
return [
'type' => ['administer comment types'],
'uid' => ['access user profiles'],
];
}
->addCacheTags(['comment:1']);
}
/** * {@inheritdoc} */
protected static function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
// Also reset the 'entity_test' entity access control handler because // comment access also depends on access to the commented entity type. \Drupal::entityTypeManager()->getAccessControlHandler('entity_test')->resetCache();
return parent::entityAccess($entity, $operation, $account);
}
/** * {@inheritdoc} */
protected static function getIncludePermissions() {
return [
'type' => ['administer comment types'],
'uid' => ['access user profiles'],
];
}
$entity_type = \Drupal::entityTypeManager()->getDefinition('workspace');
$this->assertFalse($moderation_info->canModerateEntitiesOfEntityType($entity_type));
}
/** * Tests the integration between Content Moderation and Workspaces. * * @see content_moderation_workspace_access() */
public function testContentModerationIntegrationWithWorkspaces() {
$editorial = $this->createEditorialWorkflow();
$access_handler = \Drupal::entityTypeManager()->getAccessControlHandler('workspace');
// Create another workflow which has the same states as the 'editorial' one, // but it doesn't create default revisions for the 'archived' state. This // covers the case when two bundles of the same entity type use different // workflows with same moderation state names but with different settings. $editorial_2_values = $editorial->toArray();
unset($editorial_2_values['uuid']);
$editorial_2_values['id'] = 'editorial_2';
$editorial_2_values['type_settings']['states']['archived']['default_revision'] = FALSE;
$editorial_2 = Workflow::create($editorial_2_values);
$this->assertFalse($moderation_info->canModerateEntitiesOfEntityType($entity_type));
}
/** * Tests the integration between Content Moderation and Workspaces. * * @see content_moderation_workspace_access() */
public function testContentModerationIntegrationWithWorkspaces() {
$editorial = $this->createEditorialWorkflow();
$access_handler = \Drupal::entityTypeManager()->getAccessControlHandler('workspace');
// Create another workflow which has the same states as the 'editorial' one, // but it doesn't create default revisions for the 'archived' state. This // covers the case when two bundles of the same entity type use different // workflows with same moderation state names but with different settings. $editorial_2_values = $editorial->toArray();
unset($editorial_2_values['uuid']);
$editorial_2_values['id'] = 'editorial_2';
$editorial_2_values['type_settings']['states']['archived']['default_revision'] = FALSE;
$editorial_2 = Workflow::create($editorial_2_values);
$bundle_entity_type_label = $bundle_entity_type->getSingularLabel();
$build['#cache']['tags'] = $bundle_entity_type->getListCacheTags();
// Build the message shown when there are no bundles. $link_text = $this->t('Add a new @entity_type.', ['@entity_type' => $bundle_entity_type_label]);
$link_route_name = 'entity.' . $bundle_entity_type->id() . '.add_form';
$build['#add_bundle_message'] = $this->t('There is no @entity_type yet. @add_link', [
'@entity_type' => $bundle_entity_type_label,
'@add_link' => Link::createFromRoute($link_text, $link_route_name)->toString(),
]);
// Filter out the bundles the user doesn't have access to. $access_control_handler = $this->entityTypeManager->getAccessControlHandler($entity_type_id);
foreach ($bundles as $bundle_name => $bundle_info) {
$access = $access_control_handler->createAccess($bundle_name, NULL, [], TRUE);
if (!$access->isAllowed()) {
unset($bundles[$bundle_name]);
}
$this->renderer->addCacheableDependency($build, $access);
}
// Add descriptions from the bundle entities. $bundles = $this->loadBundleDescriptions($bundles, $bundle_entity_type);
}
else {
$build['#cache']['tags'] = $bundle_entity_type->getListCacheTags();
// Build the message shown when there are no bundles. $link_text = $this->t('Add a new @entity_type.', ['@entity_type' => $bundle_entity_type_label]);
$link_route_name = 'entity.' . $bundle_entity_type->id() . '.add_form';
$build['#add_bundle_message'] = $this->t('There is no @entity_type yet. @add_link', [
'@entity_type' => $bundle_entity_type_label,
'@add_link' => Link::createFromRoute($link_text, $link_route_name)->toString(),
]);
// Filter out the bundles the user doesn't have access to. $access_control_handler = $this->entityTypeManager->getAccessControlHandler($entity_type_id);
foreach ($bundles as $bundle_name => $bundle_info) {
$access = $access_control_handler->createAccess($bundle_name, NULL, [], TRUE);
if (!$access->isAllowed()) {
unset($bundles[$bundle_name]);
}
$this->renderer->addCacheableDependency($build, $access);
}
// Add descriptions from the bundle entities. $bundles = $this->loadBundleDescriptions($bundles, $bundle_entity_type);
}
else {
protected $accessControlHandler;
/** * {@inheritdoc} */
protected function setUp(): void {
parent::setUp();
$this->installEntitySchema('user');
$this->installSchema('system', 'sequences');
$this->accessControlHandler = $this->container->get('entity_type.manager')->getAccessControlHandler('date_format');
}
/** * @covers ::checkAccess * @covers ::checkCreateAccess * @dataProvider testAccessProvider */
public function testAccess($which_user, $which_entity, $view_label_access_result, $view_access_result, $update_access_result, $delete_access_result, $create_access_result) {
// We must always create user 1, so that a "normal" user has an ID >1. $root_user = $this->drupalCreateUser();
// the value matching field cardinality.
if ((($this->options['delta_limit'] > 0) && ($this->options['delta_limit'] != $cardinality)) || intval($this->options['delta_offset'])) {
$this->limit_values = TRUE;
}
}
}
/** * {@inheritdoc} */
public function access(AccountInterface $account) {
$access_control_handler = $this->entityTypeManager->getAccessControlHandler($this->getEntityType());
return $access_control_handler->fieldAccess('view', $this->getFieldDefinition(), $account);
}
/** * Called to add the field to a query. * * By default, all needed data is taken from entities loaded by the query * plugin. Columns are added only if they are used in groupings. */
public function query($use_groupby = FALSE) {
$fields = $this->additional_fields;
$this->limit_values = TRUE;
}
}
}
/** * {@inheritdoc} */
public function access(AccountInterface $account) {
$access_control_handler = $this->entityTypeManager->getAccessControlHandler($this->getEntityType());
return $access_control_handler->fieldAccess('view', $this->getFieldDefinition(), $account);
}
/** * Called to add the field to a query. * * By default, all needed data is taken from entities loaded by the query * plugin. Columns are added only if they are used in groupings. */
public function query($use_groupby = FALSE) {
$fields = $this->additional_fields;
parent::setUp();
// Create Basic page and Article node types. if ($this->profile != 'standard') {
$this->drupalCreateContentType([
'type' => 'page',
'name' => 'Basic page',
'display_submitted' => FALSE,
]);
$this->drupalCreateContentType(['type' => 'article', 'name' => 'Article']);
}
$this->accessHandler = \Drupal::entityTypeManager()->getAccessControlHandler('node');
}
/** * Asserts that node access correctly grants or denies access. * * @param array $ops * An associative array of the expected node access grants for the node * and account, with each key as the name of an operation (e.g. 'view', * 'delete') and each value a Boolean indicating whether access to that * operation should be granted. * @param \Drupal\node\NodeInterface $node * The node object to check. * @param \Drupal\Core\Session\AccountInterface $account * The user account for which to check access. * * @internal */
// Create Basic page and Article node types. if ($this->profile != 'standard') {
$this->drupalCreateContentType([
'type' => 'page',
'name' => 'Basic page',
'display_submitted' => FALSE,
]);
$this->drupalCreateContentType(['type' => 'article', 'name' => 'Article']);
}
$this->accessHandler = \Drupal::entityTypeManager()->getAccessControlHandler('node');
}
/** * Asserts that node access correctly grants or denies access. * * @param array $ops * An associative array of the expected node access grants for the node * and account, with each key as the name of an operation (e.g. 'view', * 'delete') and each value a Boolean indicating whether access to that * operation should be granted. * @param \Drupal\node\NodeInterface $node * The node object to check. * @param \Drupal\Core\Session\AccountInterface $account * The user account for which to check access. * * @internal */
public function testWorkspaceAccess($operation, $permission) {
$user = $this->createUser();
$this->setCurrentUser($user);
$workspace = Workspace::create(['id' => 'oak']);
$workspace->save();
$this->assertFalse($workspace->access($operation, $user));
\Drupal::entityTypeManager()->getAccessControlHandler('workspace')->resetCache();
$role = $this->createRole([$permission]);
$user->addRole($role);
$this->assertTrue($workspace->access($operation, $user));
}
/** * Tests workspace publishing access. */
public function testPublishWorkspaceAccess() {
$user = $this->createUser([
'view own workspace',
return TRUE;
});
}
/** * {@inheritdoc} */
public function access($operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
if ($operation == 'create') {
return $this->entityTypeManager()
->getAccessControlHandler($this->entityTypeId)
->createAccess($this->bundle(), $account, [], $return_as_object);
}
return $this->entityTypeManager()
->getAccessControlHandler($this->entityTypeId)
->access($this, $operation, $account, $return_as_object);
}
/** * {@inheritdoc} */
public function language() {