Contrib.social

Add ability to configure operations per policy

Open on Drupal.org β†’
Created on 3 February 2024, 10 months ago
Updated 27 February 2024, 9 months ago

Problem/Motivation

Right now access policy uses the concept of "Access policy type" (e.g Public, Private, Group etc.) to determine how operations are restricted. For example, they are used to specify whether a policy can use permissions or access rules or both. While it offers some conveniences it ultimately has caused more confusion and questions.

Proposed resolution

Remove Access Policy type completely and provide the ability to configure operations for each access policy.


API changes

Deprecating AccessPolicyType
The AccessPolicyType plugin will be deprecated when this feature lands and then removed in the following release. If you have not written any AccessPolicyType plugins then the update will be seamless.

New plugin type: AccessPolicyOperation
It will also introduce a new AccessPolicyOperation plugin which will allow developers to integrate access policy with any entity operation. See the example below of how it's integrated with the view operation.

src/Plugin/access_policy/AccessPolicyOperation/View

/**
 * The view operation integration
 *
 * @AccessPolicyOperation(
 *   id = "view",
 *   label = @Translation("View"),
 *   description = @Translation("View an entity"),
 *   operation = "view",
 *   weight = 0,
 *   permission = true,
 *   access_rules = true,
 *   show_column = true,
 * )
 */
class View extends AccessPolicyOperationBase {

  public static function isCurrent(EntityInterface $entity, $op) {
    return $op == 'view';
  }

  public function createPermission(AccessPolicyInterface $access_policy, EntityTypeInterface $entity_type) {
   $entity_type_label = $this->getEntityTypeLabel($entity_type);
    return [
      'view ' . $access_policy->id() . ' ' . $entity_type_label => [
        'title' => $this->t('@access_policy: View any @entity_type assigned this access policy', [
          '@access_policy' => $access_policy->label(),
          '@entity_type' => $entity_type_label,
        ]),
      ],
    ];
  }
}

This integrates with the _entity_access route requirement. When writing your own routes just make sure to include _entity_access and you can integrate it with Access Policy! 

entity.node.canonical
  path: '/node/{node}'
  defaults:
    _controller: '\Drupal\node\Controller\NodeViewController::view'
  requirements:
    _entity_access: 'node.view'
    node: \d+
✨ Feature request
Status

Fixed

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States partdigital

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024