2015-08-18 00:00:26 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Drupal\user;
|
|
|
|
|
|
|
|
|
|
use Drupal\Core\Access\AccessResult;
|
2017-04-13 14:53:35 +00:00
|
|
|
use Drupal\Core\Access\AccessResultNeutral;
|
2015-08-18 00:00:26 +00:00
|
|
|
use Drupal\Core\Entity\EntityInterface;
|
|
|
|
|
use Drupal\Core\Entity\EntityAccessControlHandler;
|
|
|
|
|
use Drupal\Core\Field\FieldDefinitionInterface;
|
|
|
|
|
use Drupal\Core\Field\FieldItemListInterface;
|
|
|
|
|
use Drupal\Core\Session\AccountInterface;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Defines the access control handler for the user entity type.
|
|
|
|
|
*
|
|
|
|
|
* @see \Drupal\user\Entity\User
|
|
|
|
|
*/
|
|
|
|
|
class UserAccessControlHandler extends EntityAccessControlHandler {
|
|
|
|
|
|
2016-04-20 16:56:34 +00:00
|
|
|
/**
|
|
|
|
|
* Allow access to user label.
|
|
|
|
|
*
|
|
|
|
|
* @var bool
|
|
|
|
|
*/
|
|
|
|
|
protected $viewLabelOperation = TRUE;
|
|
|
|
|
|
2015-08-18 00:00:26 +00:00
|
|
|
/**
|
|
|
|
|
* {@inheritdoc}
|
|
|
|
|
*/
|
2015-10-08 18:40:12 +00:00
|
|
|
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
|
2015-08-18 00:00:26 +00:00
|
|
|
/** @var \Drupal\user\UserInterface $entity*/
|
|
|
|
|
|
2016-04-20 16:56:34 +00:00
|
|
|
// We don't treat the user label as privileged information, so this check
|
|
|
|
|
// has to be the first one in order to allow labels for all users to be
|
|
|
|
|
// viewed, including the special anonymous user.
|
|
|
|
|
if ($operation === 'view label') {
|
|
|
|
|
return AccessResult::allowed();
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-18 00:00:26 +00:00
|
|
|
// The anonymous user's profile can neither be viewed, updated nor deleted.
|
|
|
|
|
if ($entity->isAnonymous()) {
|
|
|
|
|
return AccessResult::forbidden();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Administrators can view/update/delete all user profiles.
|
|
|
|
|
if ($account->hasPermission('administer users')) {
|
|
|
|
|
return AccessResult::allowed()->cachePerPermissions();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch ($operation) {
|
|
|
|
|
case 'view':
|
|
|
|
|
// Only allow view access if the account is active.
|
|
|
|
|
if ($account->hasPermission('access user profiles') && $entity->isActive()) {
|
2016-04-20 16:56:34 +00:00
|
|
|
return AccessResult::allowed()->cachePerPermissions()->addCacheableDependency($entity);
|
2015-08-18 00:00:26 +00:00
|
|
|
}
|
|
|
|
|
// Users can view own profiles at all times.
|
2015-12-02 19:38:43 +00:00
|
|
|
elseif ($account->id() == $entity->id()) {
|
2015-08-18 00:00:26 +00:00
|
|
|
return AccessResult::allowed()->cachePerUser();
|
|
|
|
|
}
|
2017-04-13 14:53:35 +00:00
|
|
|
else {
|
|
|
|
|
return AccessResultNeutral::neutral("The 'access user profiles' permission is required and the user must be active.");
|
|
|
|
|
}
|
2015-08-18 00:00:26 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'update':
|
|
|
|
|
// Users can always edit their own account.
|
|
|
|
|
return AccessResult::allowedIf($account->id() == $entity->id())->cachePerUser();
|
|
|
|
|
|
|
|
|
|
case 'delete':
|
|
|
|
|
// Users with 'cancel account' permission can cancel their own account.
|
|
|
|
|
return AccessResult::allowedIf($account->id() == $entity->id() && $account->hasPermission('cancel account'))->cachePerPermissions()->cachePerUser();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// No opinion.
|
|
|
|
|
return AccessResult::neutral();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* {@inheritdoc}
|
|
|
|
|
*/
|
|
|
|
|
protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
|
|
|
|
|
// Fields that are not implicitly allowed to administrative users.
|
2017-04-13 14:53:35 +00:00
|
|
|
$explicit_check_fields = [
|
2015-08-18 00:00:26 +00:00
|
|
|
'pass',
|
2017-04-13 14:53:35 +00:00
|
|
|
];
|
2015-08-18 00:00:26 +00:00
|
|
|
|
|
|
|
|
// Administrative users are allowed to edit and view all fields.
|
|
|
|
|
if (!in_array($field_definition->getName(), $explicit_check_fields) && $account->hasPermission('administer users')) {
|
|
|
|
|
return AccessResult::allowed()->cachePerPermissions();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Flag to indicate if this user entity is the own user account.
|
|
|
|
|
$is_own_account = $items ? $items->getEntity()->id() == $account->id() : FALSE;
|
|
|
|
|
switch ($field_definition->getName()) {
|
|
|
|
|
case 'name':
|
2015-08-27 19:03:05 +00:00
|
|
|
// Allow view access to anyone with access to the entity. Anonymous
|
|
|
|
|
// users should be able to access the username field during the
|
|
|
|
|
// registration process, otherwise the username and email constraints
|
|
|
|
|
// are not checked.
|
|
|
|
|
if ($operation == 'view' || ($items && $account->isAnonymous() && $items->getEntity()->isAnonymous())) {
|
2015-08-18 00:00:26 +00:00
|
|
|
return AccessResult::allowed()->cachePerPermissions();
|
|
|
|
|
}
|
|
|
|
|
// Allow edit access for the own user name if the permission is
|
|
|
|
|
// satisfied.
|
|
|
|
|
if ($is_own_account && $account->hasPermission('change own username')) {
|
|
|
|
|
return AccessResult::allowed()->cachePerPermissions()->cachePerUser();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return AccessResult::forbidden();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
case 'preferred_langcode':
|
|
|
|
|
case 'preferred_admin_langcode':
|
|
|
|
|
case 'timezone':
|
|
|
|
|
case 'mail':
|
|
|
|
|
// Allow view access to own mail address and other personalization
|
|
|
|
|
// settings.
|
|
|
|
|
if ($operation == 'view') {
|
|
|
|
|
return $is_own_account ? AccessResult::allowed()->cachePerUser() : AccessResult::forbidden();
|
|
|
|
|
}
|
|
|
|
|
// Anyone that can edit the user can also edit this field.
|
|
|
|
|
return AccessResult::allowed()->cachePerPermissions();
|
|
|
|
|
|
|
|
|
|
case 'pass':
|
|
|
|
|
// Allow editing the password, but not viewing it.
|
|
|
|
|
return ($operation == 'edit') ? AccessResult::allowed() : AccessResult::forbidden();
|
|
|
|
|
|
|
|
|
|
case 'created':
|
|
|
|
|
// Allow viewing the created date, but not editing it.
|
|
|
|
|
return ($operation == 'view') ? AccessResult::allowed() : AccessResult::forbidden();
|
|
|
|
|
|
|
|
|
|
case 'roles':
|
|
|
|
|
case 'status':
|
|
|
|
|
case 'access':
|
|
|
|
|
case 'login':
|
|
|
|
|
case 'init':
|
|
|
|
|
return AccessResult::forbidden();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
