Replaced Access classes with hook_ENTITY_TYPE_access.

philltran · May 31, 2016 · 0fa83da · 0fa83da
1 parent 2f066f9
commit 0fa83da
Show file tree

Hide file tree

Showing 7 changed files with 123 additions and 460 deletions.
diff --git a/message_private.module b/message_private.module
@@ -4,7 +4,10 @@
  * Message Private with access permissions based on message fields.
  */
 
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Routing\RouteMatchInterface;
+use Drupal\Core\Session\AccountInterface;
 use Drupal\message\Entity\Message;
 use Drupal\user\Entity\Role;
 
@@ -62,17 +65,129 @@ function message_private_help($route_name, RouteMatchInterface $arg) {
 }
 
 /**
- * Implements hook_entity_type_alter.
+ * Implements hook_ENTITY_TYPE_access().
  *
- * Extend the message entity type by providing form handlers.
- * @todo : can access handler be added to certain bundle only?
+ * Perform our access control on private messages.
  */
-function message_ui_entity_type_alter(array &$entity_types) {
-  if (isset($entity_types['message'])) {
-    /* @var $message_config \Drupal\Core\Config\Entity\ConfigEntityType */
-    $message_config = $entity_types['message'];
-    $message_config->setAccessClass('Drupal\message_private\MessagePrivateAccessControlHandler');
+function message_private_message_access(EntityInterface $message, $operation, AccountInterface $account) {
+  // Customise access check only for private messages.
+  if ($message->bundle() == 'private_message') {
+    // Perform operation specific access control.
+    switch ($operation) {
+      case 'view':
+        /*
+        $access_control_handler = $this->entityManager->getAccessControlHandler('message');
+        // If checking whether a node of a particular type may be created.
+        if ($account->hasPermission('administer message private')
+          || $account->hasPermission('bypass private message access control')) {
+          return AccessResult::allowed()->cachePerPermissions();
+        }
+        if ($message_type) {
+          return $access_control_handler->createAccess($message_type->id(), $account, [], TRUE);
+        }
+        // If checking whether a message of any type may be created.
+        foreach ($this->entityManager->getStorage('message_type')->loadMultiple() as $message_type) {
+          if (($access = $access_control_handler->createAccess($message_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
+            return $access;
+          }
+        }
+        */
+            break;
+      case 'add':
+        /*
+        if ($account->hasPermission('administer message private')
+            || $account->hasPermission('bypass private message access control')) {
+          return AccessResult::allowed()->cachePerPermissions();
+        }
+        if ($message_type) {
+          return $access_control_handler->createAccess($message_type->id(), $account, [], TRUE);
+        }
+        // If checking whether a message of any type may be created.
+        foreach ($this->entityManager->getStorage('message_type')->loadMultiple() as $message_type) {
+          if (($access = $access_control_handler->createAccess($message_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
+            return $access;
+          }
+        }
+        */
+            break;
+      case 'edit':
+        /*
+          $access_control_handler = $this->entityManager->getAccessControlHandler('message');
+          // If checking whether a node of a particular type may be created.
+          if ($account->hasPermission('administer message private')
+          || $account->hasPermission('bypass private message access control')) {
+          return AccessResult::allowed()->cachePerPermissions();
+          }
+
+          // @todo: go through the below, previously message_private_access_control().
+
+          // Get the message type from the function argument or from the message object.
+          $type = $message->bundle();
+
+          // If this is not a private message then use the message callback provided
+          // by message_ui module.
+          if ($type != 'private_message') {
+          // No opinion.
+          return AccessResult::neutral();
+          }
+          else {
+          if ($account->hasPermission('bypass private message access control')) {
+          return TRUE;
+          }
+
+          $operation = 'edit';
+
+          // Verify that the user can apply the op.
+          if ($account->hasPermission($operation . ' any message instance')
+          || $account->hasPermission($operation . ' a ' . $type . ' message instance')
+          ) {
+          if ($type == 'private_message' && $operation != 'create') {
+          // Check if the user is message author.
+          // @var $message \Drupal\message\Entity\Message
+          if ($message->getAuthorId() == $account->id()) {
+            return TRUE;
+          }
+          $users = $message->get('field_message_user_ref');
+          if ($users && is_array($users)) {
+            foreach ($users as $user_ref) {
+              if ($user_ref['target_id'] == $account->id()) {
+                return TRUE;
+              }
+            }
+          }
+        }
+          else {
+              return TRUE;
+            }
+          }
+        }
+        return FALSE;
+           */
+            break;
+      case 'delete':
+          /*
+          $access_control_handler = $this->entityManager->getAccessControlHandler('message');
+          // If checking whether a node of a particular type may be created.
+          if ($account->hasPermission('administer message private')
+              || $account->hasPermission('bypass private message access control')) {
+            return AccessResult::allowed()->cachePerPermissions();
+          }
+          if ($message_type) {
+            return $access_control_handler->createAccess($message_type->id(), $account, [], TRUE);
+          }
+          // If checking whether a message of any type may be created.
+          foreach ($this->entityManager->getStorage('message_type')->loadMultiple() as $message_type) {
+            if (($access = $access_control_handler->createAccess($message_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
+              return $access;
+            }
+          }
+          */
+            break;
+    }
   }
+
+  // No opinion.
+  return AccessResult::neutral();
 }
 
 /**

diff --git a/message_private.services.yml b/message_private.services.yml
@@ -1,24 +1,4 @@
 services:
-  access_check.message_private.view:
-    class: Drupal\message_private\Access\MessagePrivateViewAccessCheck
-    arguments: ['@entity.manager']
-    tags:
-      - { name: access_check, applies_to: _message_private_view_access }
-  access_check.message_private.add:
-    class: Drupal\message_private\Access\MessagePrivateAddAccessCheck
-    arguments: ['@entity.manager']
-    tags:
-      - { name: access_check, applies_to: _message_private_add_access }
-  access_check.message_private.edit:
-      class: Drupal\message_private\Access\MessagePrivateEditAccessCheck
-      arguments: ['@entity.manager']
-      tags:
-        - { name: access_check, applies_to: _message_private_edit_access }
-  access_check.message_private.delete:
-      class: Drupal\message_private\Access\MessagePrivateDeleteAccessCheck
-      arguments: ['@entity.manager']
-      tags:
-        - { name: access_check, applies_to: _message_private_delete_access }
   message_private.route_subscriber:
       class: Drupal\message_private\Routing\RouteSubscriber
       tags:

diff --git a/src/Access/MessagePrivateAddAccessCheck.php b/src/Access/MessagePrivateAddAccessCheck.php
diff --git a/src/Access/MessagePrivateDeleteAccessCheck.php b/src/Access/MessagePrivateDeleteAccessCheck.php