From 0fa83dad0590fc7c21cd1adf3c3746fc523fa5f0 Mon Sep 17 00:00:00 2001
From: mccrodp <info@opensourceopenmind.ninja>
Date: Tue, 31 May 2016 16:51:44 +0100
Subject: [PATCH] Replaced Access classes with hook_ENTITY_TYPE_access.

---
 message_private.module                        | 131 ++++++++++++++++--
 message_private.services.yml                  |  20 ---
 src/Access/MessagePrivateAddAccessCheck.php   |  73 ----------
 .../MessagePrivateDeleteAccessCheck.php       |  73 ----------
 src/Access/MessagePrivateEditAccessCheck.php  | 102 --------------
 src/Access/MessagePrivateViewAccessCheck.php  |  73 ----------
 src/MessagePrivateAccessControlHandler.php    | 111 ---------------
 7 files changed, 123 insertions(+), 460 deletions(-)
 delete mode 100644 src/Access/MessagePrivateAddAccessCheck.php
 delete mode 100644 src/Access/MessagePrivateDeleteAccessCheck.php
 delete mode 100644 src/Access/MessagePrivateEditAccessCheck.php
 delete mode 100644 src/Access/MessagePrivateViewAccessCheck.php
 delete mode 100644 src/MessagePrivateAccessControlHandler.php

diff --git a/message_private.module b/message_private.module
index 5f337e0..e548d7e 100755
--- a/message_private.module
+++ b/message_private.module
@@ -4,7 +4,10 @@
  * Message Private with access permissions based on message fields.
  */
 
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Routing\RouteMatchInterface;
+use Drupal\Core\Session\AccountInterface;
 use Drupal\message\Entity\Message;
 use Drupal\user\Entity\Role;
 
@@ -62,17 +65,129 @@ function message_private_help($route_name, RouteMatchInterface $arg) {
 }
 
 /**
- * Implements hook_entity_type_alter.
+ * Implements hook_ENTITY_TYPE_access().
  *
- * Extend the message entity type by providing form handlers.
- * @todo : can access handler be added to certain bundle only?
+ * Perform our access control on private messages.
  */
-function message_ui_entity_type_alter(array &$entity_types) {
-  if (isset($entity_types['message'])) {
-    /* @var $message_config \Drupal\Core\Config\Entity\ConfigEntityType */
-    $message_config = $entity_types['message'];
-    $message_config->setAccessClass('Drupal\message_private\MessagePrivateAccessControlHandler');
+function message_private_message_access(EntityInterface $message, $operation, AccountInterface $account) {
+  // Customise access check only for private messages.
+  if ($message->bundle() == 'private_message') {
+    // Perform operation specific access control.
+    switch ($operation) {
+      case 'view':
+        /*
+        $access_control_handler = $this->entityManager->getAccessControlHandler('message');
+        // If checking whether a node of a particular type may be created.
+        if ($account->hasPermission('administer message private')
+          || $account->hasPermission('bypass private message access control')) {
+          return AccessResult::allowed()->cachePerPermissions();
+        }
+        if ($message_type) {
+          return $access_control_handler->createAccess($message_type->id(), $account, [], TRUE);
+        }
+        // If checking whether a message of any type may be created.
+        foreach ($this->entityManager->getStorage('message_type')->loadMultiple() as $message_type) {
+          if (($access = $access_control_handler->createAccess($message_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
+            return $access;
+          }
+        }
+        */
+            break;
+      case 'add':
+        /*
+        if ($account->hasPermission('administer message private')
+            || $account->hasPermission('bypass private message access control')) {
+          return AccessResult::allowed()->cachePerPermissions();
+        }
+        if ($message_type) {
+          return $access_control_handler->createAccess($message_type->id(), $account, [], TRUE);
+        }
+        // If checking whether a message of any type may be created.
+        foreach ($this->entityManager->getStorage('message_type')->loadMultiple() as $message_type) {
+          if (($access = $access_control_handler->createAccess($message_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
+            return $access;
+          }
+        }
+        */
+            break;
+      case 'edit':
+        /*
+          $access_control_handler = $this->entityManager->getAccessControlHandler('message');
+          // If checking whether a node of a particular type may be created.
+          if ($account->hasPermission('administer message private')
+          || $account->hasPermission('bypass private message access control')) {
+          return AccessResult::allowed()->cachePerPermissions();
+          }
+
+          // @todo: go through the below, previously message_private_access_control().
+
+          // Get the message type from the function argument or from the message object.
+          $type = $message->bundle();
+
+          // If this is not a private message then use the message callback provided
+          // by message_ui module.
+          if ($type != 'private_message') {
+          // No opinion.
+          return AccessResult::neutral();
+          }
+          else {
+          if ($account->hasPermission('bypass private message access control')) {
+          return TRUE;
+          }
+
+          $operation = 'edit';
+
+          // Verify that the user can apply the op.
+          if ($account->hasPermission($operation . ' any message instance')
+          || $account->hasPermission($operation . ' a ' . $type . ' message instance')
+          ) {
+          if ($type == 'private_message' && $operation != 'create') {
+          // Check if the user is message author.
+          // @var $message \Drupal\message\Entity\Message
+          if ($message->getAuthorId() == $account->id()) {
+            return TRUE;
+          }
+          $users = $message->get('field_message_user_ref');
+          if ($users && is_array($users)) {
+            foreach ($users as $user_ref) {
+              if ($user_ref['target_id'] == $account->id()) {
+                return TRUE;
+              }
+            }
+          }
+        }
+          else {
+              return TRUE;
+            }
+          }
+        }
+        return FALSE;
+           */
+            break;
+      case 'delete':
+          /*
+          $access_control_handler = $this->entityManager->getAccessControlHandler('message');
+          // If checking whether a node of a particular type may be created.
+          if ($account->hasPermission('administer message private')
+              || $account->hasPermission('bypass private message access control')) {
+            return AccessResult::allowed()->cachePerPermissions();
+          }
+          if ($message_type) {
+            return $access_control_handler->createAccess($message_type->id(), $account, [], TRUE);
+          }
+          // If checking whether a message of any type may be created.
+          foreach ($this->entityManager->getStorage('message_type')->loadMultiple() as $message_type) {
+            if (($access = $access_control_handler->createAccess($message_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
+              return $access;
+            }
+          }
+          */
+            break;
+    }
   }
+
+  // No opinion.
+  return AccessResult::neutral();
 }
 
 /**
diff --git a/message_private.services.yml b/message_private.services.yml
index c1856e8..9a92801 100644
--- a/message_private.services.yml
+++ b/message_private.services.yml
@@ -1,24 +1,4 @@
 services:
-  access_check.message_private.view:
-    class: Drupal\message_private\Access\MessagePrivateViewAccessCheck
-    arguments: ['@entity.manager']
-    tags:
-      - { name: access_check, applies_to: _message_private_view_access }
-  access_check.message_private.add:
-    class: Drupal\message_private\Access\MessagePrivateAddAccessCheck
-    arguments: ['@entity.manager']
-    tags:
-      - { name: access_check, applies_to: _message_private_add_access }
-  access_check.message_private.edit:
-      class: Drupal\message_private\Access\MessagePrivateEditAccessCheck
-      arguments: ['@entity.manager']
-      tags:
-        - { name: access_check, applies_to: _message_private_edit_access }
-  access_check.message_private.delete:
-      class: Drupal\message_private\Access\MessagePrivateDeleteAccessCheck
-      arguments: ['@entity.manager']
-      tags:
-        - { name: access_check, applies_to: _message_private_delete_access }
   message_private.route_subscriber:
       class: Drupal\message_private\Routing\RouteSubscriber
       tags:
diff --git a/src/Access/MessagePrivateAddAccessCheck.php b/src/Access/MessagePrivateAddAccessCheck.php
deleted file mode 100644
index 4705ddc..0000000
--- a/src/Access/MessagePrivateAddAccessCheck.php
+++ /dev/null
@@ -1,73 +0,0 @@
-<?php
-
-/**
- * @file
- * Contains \Drupal\message_private\Access\MessagePrivateAddAccessCheck.
- */
-
-namespace Drupal\message_private\Access;
-
-use Drupal\Core\Access\AccessResult;
-use Drupal\Core\Entity\EntityManagerInterface;
-use Drupal\Core\Routing\Access\AccessInterface;
-use Drupal\Core\Session\AccountInterface;
-use Drupal\message\MessageTypeInterface;
-
-/**
- * Determines access to for message add pages for private messages.
- *
- * @ingroup message_access
- */
-class MessagePrivateAddAccessCheck implements AccessInterface {
-
-  /**
-   * The entity manager.
-   *
-   * @var \Drupal\Core\Entity\EntityManagerInterface
-   */
-  protected $entityManager;
-
-  /**
-   * Constructs a EntityCreateAccessCheck object.
-   *
-   * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager
-   *   The entity manager.
-   */
-  public function __construct(EntityManagerInterface $entity_manager) {
-    $this->entityManager = $entity_manager;
-  }
-
-  /**
-   * Checks access to the message add page for the message type.
-   *
-   * @param \Drupal\Core\Session\AccountInterface $account
-   *   The currently logged in account.
-   * @param \Drupal\message\MessageTypeInterface $message_type
-   *   (optional) The message type. If not specified, access is allowed if there
-   *   exists at least one message type for which the user may create a message.
-   *
-   * @return string
-   *   A \Drupal\Core\Access\AccessInterface constant value.
-   */
-  public function access(AccountInterface $account, MessageTypeInterface $message_type = NULL) {
-    $access_control_handler = $this->entityManager->getAccessControlHandler('message');
-    // If checking whether a node of a particular type may be created.
-    if ($account->hasPermission('administer message private')
-      || $account->hasPermission('bypass private message access control')) {
-      return AccessResult::allowed()->cachePerPermissions();
-    }
-    if ($message_type) {
-      return $access_control_handler->createAccess($message_type->id(), $account, [], TRUE);
-    }
-    // If checking whether a message of any type may be created.
-    foreach ($this->entityManager->getStorage('message_type')->loadMultiple() as $message_type) {
-      if (($access = $access_control_handler->createAccess($message_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
-        return $access;
-      }
-    }
-
-    // No opinion.
-    return AccessResult::neutral();
-  }
-
-}
diff --git a/src/Access/MessagePrivateDeleteAccessCheck.php b/src/Access/MessagePrivateDeleteAccessCheck.php
deleted file mode 100644
index 451074f..0000000
--- a/src/Access/MessagePrivateDeleteAccessCheck.php
+++ /dev/null
@@ -1,73 +0,0 @@
-<?php
-
-/**
- * @file
- * Contains \Drupal\message_private\Access\MessagePrivateDeleteAccessCheck.
- */
-
-namespace Drupal\message_private\Access;
-
-use Drupal\Core\Access\AccessResult;
-use Drupal\Core\Entity\EntityManagerInterface;
-use Drupal\Core\Routing\Access\AccessInterface;
-use Drupal\Core\Session\AccountInterface;
-use Drupal\message\MessageTypeInterface;
-
-/**
- * Determines access to for message add pages for private messages.
- *
- * @ingroup message_access
- */
-class MessagePrivateDeleteAccessCheck implements AccessInterface {
-
-  /**
-   * The entity manager.
-   *
-   * @var \Drupal\Core\Entity\EntityManagerInterface
-   */
-  protected $entityManager;
-
-  /**
-   * Constructs a EntityCreateAccessCheck object.
-   *
-   * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager
-   *   The entity manager.
-   */
-  public function __construct(EntityManagerInterface $entity_manager) {
-    $this->entityManager = $entity_manager;
-  }
-
-  /**
-   * Checks access to the message add page for the message type.
-   *
-   * @param \Drupal\Core\Session\AccountInterface $account
-   *   The currently logged in account.
-   * @param \Drupal\message\MessageTypeInterface $message_type
-   *   (optional) The message type. If not specified, access is allowed if there
-   *   exists at least one message type for which the user may create a message.
-   *
-   * @return string
-   *   A \Drupal\Core\Access\AccessInterface constant value.
-   */
-  public function access(AccountInterface $account, MessageTypeInterface $message_type = NULL) {
-    $access_control_handler = $this->entityManager->getAccessControlHandler('message');
-    // If checking whether a node of a particular type may be created.
-    if ($account->hasPermission('administer message private')
-      || $account->hasPermission('bypass private message access control')) {
-      return AccessResult::allowed()->cachePerPermissions();
-    }
-    if ($message_type) {
-      return $access_control_handler->createAccess($message_type->id(), $account, [], TRUE);
-    }
-    // If checking whether a message of any type may be created.
-    foreach ($this->entityManager->getStorage('message_type')->loadMultiple() as $message_type) {
-      if (($access = $access_control_handler->createAccess($message_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
-        return $access;
-      }
-    }
-
-    // No opinion.
-    return AccessResult::neutral();
-  }
-
-}
diff --git a/src/Access/MessagePrivateEditAccessCheck.php b/src/Access/MessagePrivateEditAccessCheck.php
deleted file mode 100644
index 5f49563..0000000
--- a/src/Access/MessagePrivateEditAccessCheck.php
+++ /dev/null
@@ -1,102 +0,0 @@
-<?php
-
-/**
- * @file
- * Contains \Drupal\message_private\Access\MessagePrivateEditAccessCheck.
- */
-
-namespace Drupal\message_private\Access;
-
-use Drupal\Core\Access\AccessResult;
-use Drupal\Core\Entity\EntityManagerInterface;
-use Drupal\Core\Routing\Access\AccessInterface;
-use Drupal\Core\Session\AccountInterface;
-use Drupal\message\MessageInterface;
-
-/**
- * Determines access to for message edit pages for private messages.
- *
- * @ingroup message_access
- */
-class MessagePrivateEditAccessCheck implements AccessInterface {
-
-  /**
-   * The entity manager.
-   *
-   * @var \Drupal\Core\Entity\EntityManagerInterface
-   */
-  protected $entityManager;
-
-  /**
-   * Constructs a EntityCreateAccessCheck object.
-   *
-   * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager
-   *   The entity manager.
-   */
-  public function __construct(EntityManagerInterface $entity_manager) {
-    $this->entityManager = $entity_manager;
-  }
-
-  /**
-   * Checks access to the message edit page for the message entity.
-   *
-   * @param \Drupal\Core\Session\AccountInterface $account
-   *   The currently logged in account.
-   * @param \Drupal\message\MessageInterface $message
-   *
-   * @return string
-   *   A \Drupal\Core\Access\AccessInterface constant value.
-   */
-  public function access(AccountInterface $account, MessageInterface $message = NULL) {
-    $access_control_handler = $this->entityManager->getAccessControlHandler('message');
-    // If checking whether a node of a particular type may be created.
-    if ($account->hasPermission('administer message private')
-      || $account->hasPermission('bypass private message access control')) {
-      return AccessResult::allowed()->cachePerPermissions();
-    }
-
-    // @todo: go through the below, previously message_private_access_control().
-
-    // Get the message type from the function argument or from the message object.
-    $type = $message->bundle();
-
-    // If this is not a private message then use the message callback provided
-    // by message_ui module.
-    if ($type != 'private_message') {
-      // No opinion.
-      return AccessResult::neutral();
-    }
-    else {
-      if ($account->hasPermission('bypass private message access control')) {
-        return TRUE;
-      }
-
-      $operation = 'edit';
-
-      // Verify that the user can apply the op.
-      if ($account->hasPermission($operation . ' any message instance')
-      || $account->hasPermission($operation . ' a ' . $type . ' message instance')
-      ) {
-        if ($type == 'private_message' && $operation != 'create') {
-          // Check if the user is message author.
-          /* @var $message \Drupal\message\Entity\Message */
-          if ($message->getAuthorId() == $account->id()) {
-            return TRUE;
-          }
-          $users = $message->get('field_message_user_ref');
-          if ($users && is_array($users)) {
-            foreach ($users as $user_ref) {
-              if ($user_ref['target_id'] == $account->id()) {
-                return TRUE;
-              }
-            }
-          }
-        }
-        else {
-          return TRUE;
-        }
-      }
-    }
-    return FALSE;
-  }
-}
diff --git a/src/Access/MessagePrivateViewAccessCheck.php b/src/Access/MessagePrivateViewAccessCheck.php
deleted file mode 100644
index 320919f..0000000
--- a/src/Access/MessagePrivateViewAccessCheck.php
+++ /dev/null
@@ -1,73 +0,0 @@
-<?php
-
-/**
- * @file
- * Contains \Drupal\message_private\Access\MessagePrivateViewAccessCheck.
- */
-
-namespace Drupal\message_private\Access;
-
-use Drupal\Core\Access\AccessResult;
-use Drupal\Core\Entity\EntityManagerInterface;
-use Drupal\Core\Routing\Access\AccessInterface;
-use Drupal\Core\Session\AccountInterface;
-use Drupal\message\MessageTypeInterface;
-
-/**
- * Determines access to for message add pages for private messages.
- *
- * @ingroup message_access
- */
-class MessagePrivateViewAccessCheck implements AccessInterface {
-
-  /**
-   * The entity manager.
-   *
-   * @var \Drupal\Core\Entity\EntityManagerInterface
-   */
-  protected $entityManager;
-
-  /**
-   * Constructs a EntityCreateAccessCheck object.
-   *
-   * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager
-   *   The entity manager.
-   */
-  public function __construct(EntityManagerInterface $entity_manager) {
-    $this->entityManager = $entity_manager;
-  }
-
-  /**
-   * Checks access to the message add page for the message type.
-   *
-   * @param \Drupal\Core\Session\AccountInterface $account
-   *   The currently logged in account.
-   * @param \Drupal\message\MessageTypeInterface $message_type
-   *   (optional) The message type. If not specified, access is allowed if there
-   *   exists at least one message type for which the user may create a message.
-   *
-   * @return string
-   *   A \Drupal\Core\Access\AccessInterface constant value.
-   */
-  public function access(AccountInterface $account, MessageTypeInterface $message_type = NULL) {
-    $access_control_handler = $this->entityManager->getAccessControlHandler('message');
-    // If checking whether a node of a particular type may be created.
-    if ($account->hasPermission('administer message private')
-      || $account->hasPermission('bypass private message access control')) {
-      return AccessResult::allowed()->cachePerPermissions();
-    }
-    if ($message_type) {
-      return $access_control_handler->createAccess($message_type->id(), $account, [], TRUE);
-    }
-    // If checking whether a message of any type may be created.
-    foreach ($this->entityManager->getStorage('message_type')->loadMultiple() as $message_type) {
-      if (($access = $access_control_handler->createAccess($message_type->id(), $account, [], TRUE)) && $access->isAllowed()) {
-        return $access;
-      }
-    }
-
-    // No opinion.
-    return AccessResult::neutral();
-  }
-
-}
diff --git a/src/MessagePrivateAccessControlHandler.php b/src/MessagePrivateAccessControlHandler.php
deleted file mode 100644
index 3511a29..0000000
--- a/src/MessagePrivateAccessControlHandler.php
+++ /dev/null
@@ -1,111 +0,0 @@
-<?php
-
-/**
- * @file
- * Contains \Drupal\message_private\MessagePrivateAccessControlHandler.
- */
-
-namespace Drupal\message_private;
-
-use Drupal\Core\Access\AccessResult;
-use Drupal\Core\Entity\EntityHandlerInterface;
-use Drupal\Core\Entity\EntityTypeInterface;
-use Drupal\Core\Field\FieldDefinitionInterface;
-use Drupal\Core\Field\FieldItemListInterface;
-use Drupal\Core\Entity\EntityAccessControlHandler;
-use Drupal\Core\Entity\EntityInterface;
-use Drupal\Core\Session\AccountInterface;
-use Symfony\Component\DependencyInjection\ContainerInterface;
-
-/**
- * Defines the access control handler for the message entity type of type
- * private_message.
- *
- * @see \Drupal\message\Message
- * @ingroup message_access
- */
-class MessagePrivateAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
-
-  /**
-   * Constructs a MessagePrivateAccessControlHandler object.
-   *
-   * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
-   *   The entity type definition.
-   */
-  public function __construct(EntityTypeInterface $entity_type) {
-    parent::__construct($entity_type);
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
-    return new static(
-      $entity_type
-    );
-  }
-
-
-  /**
-   * {@inheritdoc}
-   */
-  public function access(EntityInterface $entity, $operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
-    $account = $this->prepareUser($account);
-
-    if ($account->hasPermission('bypass node access')) {
-      $result = AccessResult::allowed()->cachePerPermissions();
-      return $return_as_object ? $result : $result->isAllowed();
-    }
-    if (!$account->hasPermission('access content')) {
-      $result = AccessResult::forbidden()->cachePerPermissions();
-      return $return_as_object ? $result : $result->isAllowed();
-    }
-    $result = parent::access($entity, $operation, $account, TRUE)->cachePerPermissions();
-    return $return_as_object ? $result : $result->isAllowed();
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = array(), $return_as_object = FALSE) {
-    $account = $this->prepareUser($account);
-
-    if ($account->hasPermission('bypass node access')) {
-      $result = AccessResult::allowed()->cachePerPermissions();
-      return $return_as_object ? $result : $result->isAllowed();
-    }
-    if (!$account->hasPermission('access content')) {
-      $result = AccessResult::forbidden()->cachePerPermissions();
-      return $return_as_object ? $result : $result->isAllowed();
-    }
-
-    $result = parent::createAccess($entity_bundle, $account, $context, TRUE)->cachePerPermissions();
-    return $return_as_object ? $result : $result->isAllowed();
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  protected function checkAccess(EntityInterface $message, $operation, AccountInterface $account) {
-    /** @var \Drupal\message\MessageInterface $message */
-
-    // Fetch information from the node object if possible.
-    $status = $message->isPublished();
-    $uid = $message->getOwnerId();
-
-    // Check if authors can view their own unpublished nodes.
-    if ($operation === 'view' && !$status && $account->hasPermission('view own unpublished content') && $account->isAuthenticated() && $account->id() == $uid) {
-      return AccessResult::allowed()->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($message);
-    }
-
-    // Evaluate node grants.
-    return $this->access($message, $operation, $account);
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
-    return AccessResult::allowedIf($account->hasPermission('create ' . $entity_bundle . ' content'))->cachePerPermissions();
-  }
-}