function ConfigurationAccessControlTrait::checkConfigurationAccess

Checks configuration permission.

Parameters

\Drupal\Core\Session\AccountInterface $account: (optional) The user for which to check access, or NULL to check access for the current user. Defaults to NULL.

bool $return_as_object: (optional) Defaults to FALSE.

Return value

bool|\Drupal\Core\Access\AccessResultInterface The access result. Returns a boolean if $return_as_object is FALSE (this is the default) and otherwise an AccessResultInterface object. When a boolean is returned, the result of AccessInterface::isAllowed() is returned, i.e. TRUE means access is explicitly allowed, FALSE means access is either explicitly forbidden or "no opinion".

File

src/Core/ConfigurationAccessControlTrait.php, line 29

Class

ConfigurationAccessControlTrait
Implements access related functions for plugins.

Namespace

Drupal\rules\Core

Code

public function checkConfigurationAccess(AccountInterface $account = NULL, $return_as_object = FALSE) {
    if (!$account) {
        $account = \Drupal::currentUser();
    }
    // We treat these as our "super-user" accesses. We let the reaction
    // rule and component permissions control the main admin UI.
    $admin_perms = [
        'administer rules',
        'bypass rules access',
    ];
    $access = FALSE;
    foreach ($admin_perms as $perm) {
        if ($account->hasPermission($perm)) {
            $access = TRUE;
            break;
        }
    }
    if (!$access) {
        // See if the plugin has a configuration_access annotation.
        $definition = $this->getPluginDefinition();
        if (!empty($definition['configure_permissions']) && is_array($definition['configure_permissions'])) {
            foreach ($definition['configure_permissions'] as $perm) {
                if ($account->hasPermission($perm)) {
                    $access = TRUE;
                    break;
                }
            }
        }
    }
    if ($return_as_object) {
        return $access ? AccessResult::allowed() : AccessResult::neutral();
    }
    return $access;
}