Restrict comment posting/editing to managed roles with "update all" access.
This commit is contained in:
parent
0156ff23bf
commit
20729c5389
|
@ -1,6 +1,3 @@
|
|||
farm_comment:
|
||||
default_permissions:
|
||||
- access comments
|
||||
- post comments
|
||||
- skip comment approval
|
||||
- edit own comments
|
||||
permission_callbacks:
|
||||
- Drupal\farm_comment\CommentPermissions::permissions
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
|
||||
namespace Drupal\farm_comment;
|
||||
|
||||
use Drupal\user\RoleInterface;
|
||||
|
||||
/**
|
||||
* Add comment permissions to managed farmOS roles.
|
||||
*/
|
||||
class CommentPermissions {
|
||||
|
||||
/**
|
||||
* Add permissions to role.
|
||||
*
|
||||
* @param \Drupal\user\RoleInterface $role
|
||||
* The role to add permissions to.
|
||||
*
|
||||
* @return array
|
||||
* An array of permission strings.
|
||||
*/
|
||||
public function permissions(RoleInterface $role) {
|
||||
$perms = [];
|
||||
|
||||
// Load farm_role access rules from third-party settings. Bail if empty.
|
||||
$access = $role->getThirdPartySetting('farm_role', 'access');
|
||||
if (empty($access)) {
|
||||
return $perms;
|
||||
}
|
||||
|
||||
// If the role has "view all" access, allow viewing comments.
|
||||
if (!empty($access['entity']['view all'])) {
|
||||
$perms[] = 'access comments';
|
||||
}
|
||||
|
||||
// If the role has "edit all" access, allow posting/editing comments.
|
||||
if (!empty($access['entity']['update all'])) {
|
||||
$perms[] = 'post comments';
|
||||
$perms[] = 'skip comment approval';
|
||||
$perms[] = 'edit own comments';
|
||||
}
|
||||
|
||||
return $perms;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue