Skip to content

Commit 64a99ff

Browse files
arnoldbirdpaul-m
authored andcommitted
Issue #2940193 by arnoldbird, Mile23: Clarify purpose of admin_permission with getAdminPermission() in checkCreateAccess()
1 parent 38acaec commit 64a99ff

File tree

3 files changed

+77
-7
lines changed

3 files changed

+77
-7
lines changed

content_entity_example/src/ContactAccessControlHandler.php

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,19 +8,23 @@
88
use Drupal\Core\Session\AccountInterface;
99

1010
/**
11-
* Access controller for the comment entity.
12-
*
13-
* @see \Drupal\comment\Entity\Comment.
11+
* Access controller for the contact entity.
1412
*/
1513
class ContactAccessControlHandler extends EntityAccessControlHandler {
1614

1715
/**
1816
* {@inheritdoc}
1917
*
20-
* Link the activities to the permissions. checkAccess is called with the
18+
* Link the activities to the permissions. checkAccess() is called with the
2119
* $operation as defined in the routing.yml file.
2220
*/
2321
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
22+
// Check the admin_permission as defined in your @ContentEntityType
23+
// annotation.
24+
$admin_permission = $this->entityType->getAdminPermission();
25+
if (\Drupal::currentUser()->hasPermission($admin_permission)) {
26+
return AccessResult::allowed();
27+
}
2428
switch ($operation) {
2529
case 'view':
2630
return AccessResult::allowedIfHasPermission($account, 'view contact entity');
@@ -31,16 +35,22 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
3135
case 'delete':
3236
return AccessResult::allowedIfHasPermission($account, 'delete contact entity');
3337
}
34-
return AccessResult::allowed();
38+
return AccessResult::neutral();
3539
}
3640

3741
/**
3842
* {@inheritdoc}
3943
*
40-
* Separate from the checkAccess because the entity does not yet exist, it
44+
* Separate from the checkAccess because the entity does not yet exist. It
4145
* will be created during the 'add' process.
4246
*/
4347
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
48+
// Check the admin_permission as defined in your @ContentEntityType
49+
// annotation.
50+
$admin_permission = $this->entityType->getAdminPermission();
51+
if (\Drupal::currentUser()->hasPermission($admin_permission)) {
52+
return AccessResult::allowed();
53+
}
4454
return AccessResult::allowedIfHasPermission($account, 'add contact entity');
4555
}
4656

content_entity_example/src/Entity/Contact.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,7 @@
8989
* },
9090
* list_cache_contexts = { "user" },
9191
* base_table = "contact",
92-
* admin_permission = "administer content_entity_example entity",
92+
* admin_permission = "administer contact entity",
9393
* entity_keys = {
9494
* "id" = "id",
9595
* "label" = "name",

content_entity_example/tests/src/Functional/ContentEntityExampleTest.php

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
use Drupal\content_entity_example\Entity\Contact;
66
use Drupal\Tests\examples\Functional\ExamplesBrowserTestBase;
7+
use Drupal\Core\Url;
78

89
/**
910
* Tests the basic functions of the Content Entity Example module.
@@ -244,4 +245,63 @@ public function testAddFields() {
244245
$this->assertEquals($expected_path, $current_path);
245246
}
246247

248+
/**
249+
* Ensure admin and permissioned users can create contacts.
250+
*/
251+
public function testCreateAdminPermission() {
252+
$assert = $this->assertSession();
253+
$add_url = Url::fromRoute('content_entity_example.contact_add');
254+
255+
// Create a Contact entity object so that we can query it for it's annotated
256+
// properties. We don't need to save it.
257+
/* @var $contact \Drupal\content_entity_example\Entity\Contact */
258+
$contact = Contact::create();
259+
260+
// Create an admin user and log them in. We use the entity annotation for
261+
// admin_permission in order to validate it. We also have to add the view
262+
// list permission because the add form redirects to the list on success.
263+
$this->drupalLogin($this->drupalCreateUser([
264+
$contact->getEntityType()->getAdminPermission(),
265+
'view contact entity',
266+
]));
267+
268+
// Post a contact.
269+
$edit = [
270+
'name[0][value]' => 'Test Admin Name',
271+
'first_name[0][value]' => 'Admin First Name',
272+
'gender' => 'female',
273+
'role' => 'administrator',
274+
];
275+
$this->drupalPostForm($add_url, $edit, 'Save');
276+
$assert->statusCodeEquals(200);
277+
$assert->pageTextContains('Test Admin Name');
278+
279+
// Create a user with 'add contact entity' permission. We also have to add
280+
// the view list permission because the add form redirects to the list on
281+
// success.
282+
$this->drupalLogin($this->drupalCreateUser([
283+
'add contact entity',
284+
'view contact entity',
285+
]));
286+
287+
// Post a contact.
288+
$edit = [
289+
'name[0][value]' => 'Mere Mortal Name',
290+
'first_name[0][value]' => 'Mortal First Name',
291+
'gender' => 'male',
292+
'role' => 'user',
293+
];
294+
$this->drupalPostForm($add_url, $edit, 'Save');
295+
$assert->statusCodeEquals(200);
296+
$assert->pageTextContains('Mere Mortal Name');
297+
298+
// Finally, a user who can only view should not be able to get to the add
299+
// form.
300+
$this->drupalLogin($this->drupalCreateUser([
301+
'view contact entity',
302+
]));
303+
$this->drupalGet($add_url);
304+
$assert->statusCodeEquals(403);
305+
}
306+
247307
}

0 commit comments

Comments
 (0)