mutual_credit-5.0.x-dev/src/Entity/Access/WalletAccessControlHandler.php

<?php

namespace Drupal\mcapi\Entity\Access;

use Drupal\mcapi\Entity\WalletInterface;
use Drupal\mcapi\Mcapi;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Routing\RouteMatchInterface;

/**
 * Defines an access controller option for the mcapi_wallet entity.
 *
 */
class WalletAccessControlHandler extends EntityAccessControlHandler {

  private $done = FALSE;

  /**
   * @var RouteMatchInterface
   */
  private $routeMatch = FALSE;

  protected $viewLabelOperation = TRUE;

  /**
   * @todo inject $routematch
   */
  public function __construct(EntityTypeInterface $entity_type) {
    parent::__construct($entity_type);
    $this->routeMatch = \Drupal::routeMatch();

  }

  /**
   * {@inheritdoc}
   */
  public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = [], $return_as_object = FALSE) {
    // In the unlikely event that a page might try to display two create wallet buttons, this might reduce confusion.
    if($this->done == TRUE) {
      return AccessResult::forbidden('Only one wallet create button per page');
    }
    $this->done = TRUE;
    if ($account->hasPermission('create wallets')) {
      $params = $this->routeMatch->getParameters()->all();
      $holder = reset($params);
      if (Mcapi::holderIsWalletable($holder)) {
        $result = AccessResult::Allowed();
      }
      else {
        $result = AccessResult::forbidden("The entity cannot hold a wallet");
      }
      $result->addCacheableDependency($holder);
    }
    else {
      $result = AccessResult::forbidden("This user cannot create wallets")->addCacheableDependency($account);
    }
    return $result;
  }

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $op, AccountInterface $account) {
    $this->prepareUser($account);
    if ($account->hasPermission('manage mcapi')) {
      if ($op == 'delete') {
        // Don't cache
        return AccessResult::allowedIf($entity->isEmpty());
      }
      // Includes user 1.
      return AccessResult::allowed()->cachePerPermissions();
    }
    elseif ($op == 'view label') {
      return AccessResult::allowedIf($account->isAuthenticated())->cachePerUser();
    }
    elseif ($op == 'view') {
      if ($entity->getOwnerId() == $account->id()) {
        return AccessResult::allowed()->cachePerUser();
      }
      return AccessResult::allowedIfhasPermission($account, 'view all wallets')
        ->cachePerPermissions();
    }
    elseif ($this->controlsWallet($entity, $account)) {
      if ($op == 'delete') {
        // Don't cache
        return AccessResult::allowedIf($entity->isEmpty());
      }
      // update
      return AccessResult::allowed()->cachePerUser();
    }
    elseif ($op == 'update') {
      return AccessResult::forbidden()->cachePerUser();
    }
  }

  /**
   * Check if the given entity holds the given wallet.
   *
   * @param WalletInterface $wallet
   * @param AccountInterface $account
   *
   * @return boolean
   *   TRUE if the $account controls the $entity
   */
  private function controlsWallet(WalletInterface $wallet, AccountInterface $account) : bool {
    return $wallet->getOwnerId() == $account->id();
  }

}