function WorkflowStateTransitionOperationsAccessCheck::access

Same name in other branches
  1. 9 core/modules/workflows/src/WorkflowStateTransitionOperationsAccessCheck.php \Drupal\workflows\WorkflowStateTransitionOperationsAccessCheck::access()
  2. 8.9.x core/modules/workflows/src/WorkflowStateTransitionOperationsAccessCheck.php \Drupal\workflows\WorkflowStateTransitionOperationsAccessCheck::access()
  3. 11.x core/modules/workflows/src/WorkflowStateTransitionOperationsAccessCheck.php \Drupal\workflows\WorkflowStateTransitionOperationsAccessCheck::access()

Checks access for operations of workflow states and transitions.

The value of '_workflow_access' is used to check to kind of access that should be applied to a route in the context of a workflow and a state or transition. States and transitions can individually have access control applied to them for 'add', 'update' and 'delete'. By default workflows will use the admin permission 'administer workflows' for all of these operations, except for delete-state which checks there is at least one state, a state does not have data and it's not a required state.

For the update and delete operations, a workflow and a state or transition is required in the route for the access check to be applied. For the "add" operation, only a workflow is required. The '_workflow_access' requirement translates into access checks on the workflow entity type in the formats:

"{$operation}-state:{$state_id}";
"{$operation}-transition:{$transition_id}";

For example the following route definition with the path "/test-workflow/foo-state/delete" the 'delete-state:foo-state' operation will be checked:


path: '/{workflow}/{workflow_state}/delete'
requirements:
  _workflow_access: 'delete-state'

Parameters

\Drupal\Core\Routing\RouteMatchInterface $route_match: The parametrized route

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface An access result.

Throws

\Exception Throws an exception when a route is defined with an invalid operation.

File

core/modules/workflows/src/WorkflowStateTransitionOperationsAccessCheck.php, line 53

Class

WorkflowStateTransitionOperationsAccessCheck
Provides an access check for state and transition operations.

Namespace

Drupal\workflows

Code

public function access(RouteMatchInterface $route_match, AccountInterface $account) {
    $workflow_operation = $this->getOperation($route_match);
    if (!preg_match('/^(?<operation>add|update|delete)-(?<type>state|transition)$/', $workflow_operation, $matches)) {
        throw new \Exception("Invalid _workflow_access operation '{$workflow_operation}' specified for route '{$route_match->getRouteName()}'.");
    }
    $parameters = $route_match->getParameters();
    $workflow = $parameters->get('workflow');
    if ($workflow && $matches['operation'] === 'add') {
        return $workflow->access($workflow_operation, $account, TRUE);
    }
    if ($workflow && ($type = $parameters->get(sprintf('workflow_%s', $matches['type'])))) {
        return $workflow->access(sprintf('%s:%s', $workflow_operation, $type), $account, TRUE);
    }
    return AccessResult::neutral();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.