3 namespace Drupal\workspaces;
5 use Drupal\Core\Access\AccessResult;
6 use Drupal\Core\Entity\EntityAccessControlHandler;
7 use Drupal\Core\Entity\EntityInterface;
8 use Drupal\Core\Session\AccountInterface;
11 * Defines the access control handler for the workspace entity type.
13 * @see \Drupal\workspaces\Entity\Workspace
15 class WorkspaceAccessControlHandler extends EntityAccessControlHandler {
20 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
21 /** @var \Drupal\workspaces\WorkspaceInterface $entity */
22 if ($operation === 'delete' && $entity->isDefaultWorkspace()) {
23 return AccessResult::forbidden()->addCacheableDependency($entity);
26 if ($account->hasPermission('administer workspaces')) {
27 return AccessResult::allowed()->cachePerPermissions();
30 // The default workspace is always viewable, no matter what.
31 if ($operation == 'view' && $entity->isDefaultWorkspace()) {
32 return AccessResult::allowed()->addCacheableDependency($entity);
35 $permission_operation = $operation === 'update' ? 'edit' : $operation;
37 // Check if the user has permission to access all workspaces.
38 $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' any workspace');
40 // Check if it's their own workspace, and they have permission to access
41 // their own workspace.
42 if ($access_result->isNeutral() && $account->isAuthenticated() && $account->id() === $entity->getOwnerId()) {
43 $access_result = AccessResult::allowedIfHasPermission($account, $permission_operation . ' own workspace')
45 ->addCacheableDependency($entity);
48 return $access_result;
54 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
55 return AccessResult::allowedIfHasPermission($account, 'create workspace');