| Current Path : /var/www/html/12park/web/modules/contrib/webform/src/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : /var/www/html/12park/web/modules/contrib/webform/src/WebformSubmissionAccessControlHandler.php |
<?php
namespace Drupal\webform;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityHandlerInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\webform\Access\WebformAccessResult;
use Symfony\Component\DependencyInjection\ContainerInterface;
/**
* Defines the access control handler for the webform submission entity type.
*
* @see \Drupal\webform\Entity\WebformSubmission.
*/
class WebformSubmissionAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
/**
* Webform access rules manager service.
*
* @var \Drupal\webform\WebformAccessRulesManagerInterface
*/
protected $accessRulesManager;
/**
* The current request.
*
* @var \Symfony\Component\HttpFoundation\Request
*/
protected $request;
/**
* {@inheritdoc}
*/
public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
$instance = new static($entity_type);
$instance->accessRulesManager = $container->get('webform.access_rules_manager');
$instance->request = $container->get('request_stack')->getCurrentRequest();
return $instance;
}
/**
* {@inheritdoc}
*/
public function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\webform\WebformSubmissionInterface $entity */
// Check 'administer webform' permission.
if ($account->hasPermission('administer webform')) {
return WebformAccessResult::allowed();
}
// Check 'administer webform submission' permission.
if ($account->hasPermission('administer webform submission')) {
return WebformAccessResult::allowed();
}
// Check webform 'update' permission.
if ($entity->getWebform()->access('update', $account)) {
return WebformAccessResult::allowed($entity, TRUE);
}
// Check view and delete operations token access.
if (($operation === 'view' || $operation === 'delete')
&& $entity->getWebform()->getSetting('token_' . $operation)) {
$token = $this->request->query->get('token');
if ($token === $entity->getToken()) {
return WebformAccessResult::allowed($entity)
->addCacheContexts(['url.query_args:token']);
}
}
// Check 'any' or 'own' webform submission permissions.
$operations = [
'view' => 'view',
'update' => 'edit',
'delete' => 'delete',
];
if (isset($operations[$operation])) {
$action = $operations[$operation];
// Check operation any.
if ($account->hasPermission("$action any webform submission")) {
return WebformAccessResult::allowed();
}
// Check operation own.
if ($account->hasPermission("$action own webform submission") && $entity->isOwner($account)) {
return WebformAccessResult::allowed($entity, TRUE);
}
}
// Check other operations.
switch ($operation) {
case 'duplicate':
// Check for 'create' or 'update' access.
return WebformAccessResult::allowedIf($entity->access('create', $account) || $entity->access('update', $account));
case 'resend':
// Check for 'update any submission' access.
return WebformAccessResult::allowedIf($entity->getWebform()->access('submission_update_any', $account));
}
// Check webform access rules.
$webform_access = $this->accessRulesManager->checkWebformSubmissionAccess($operation, $account, $entity);
if ($webform_access->isAllowed()) {
return $webform_access;
}
return parent::checkAccess($entity, $operation, $account);
}
}