DAMO-359 | Access check fixed for media collections.

brainsum · Jul 5, 2024 · 4726733 · 4726733
1 parent 15b2e4c
commit 4726733
Show file tree

Hide file tree

Showing 6 changed files with 88 additions and 3 deletions.
diff --git a/modules/damopen_common/src/Plugin/Block/HeaderMenuBlock.php b/modules/damopen_common/src/Plugin/Block/HeaderMenuBlock.php
@@ -71,7 +71,7 @@ public function build() {
         ->accessCheck(TRUE);
       $count = $query->count()->execute();
       $menu['manage_assets'] = [
-        'title' => new TranslatableMarkup('Assets waiting for approval'),
+        'title' => new TranslatableMarkup('My Assets waiting for approval'),
         'url' => Url::fromRoute('view.unpublished_assets.user_unpublished_assets')->toString(),
         'class' => '',
         'count' => $count,

diff --git a/modules/media_collection/media_collection.services.yml b/modules/media_collection/media_collection.services.yml
@@ -62,3 +62,14 @@ services:
     class: Drupal\media_collection\Service\FileSizeCalculator
     arguments:
       - '@cache.default'
+
+  media_collection.view_route_subscriber:
+    class: Drupal\media_collection\Routing\MediaCollectionRouteSubscriber
+    tags:
+      - { name: event_subscriber }
+
+  media_collection.view_access_check:
+    class: Drupal\media_collection\Access\MediaCollectionViewAccess
+    arguments: ['@entity_type.manager']
+    tags:
+      - { name: access_check }
diff --git a/modules/media_collection/src/Access/MediaCollectionViewAccess.php b/modules/media_collection/src/Access/MediaCollectionViewAccess.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace Drupal\media_collection\Access;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Entity\EntityTypeManagerInterface;
+use Drupal\Core\Routing\Access\AccessInterface;
+use Drupal\Core\Session\AccountInterface;
+use Symfony\Component\Routing\Route;
+
+/**
+ * Provides an access checker for media collections.
+ */
+class MediaCollectionViewAccess implements AccessInterface {
+
+  /**
+   * The entity type manager.
+   *
+   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
+   */
+  protected $entityTypeManager;
+
+  /**
+   * Constructor.
+   *
+   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
+   *   The entity type manager.
+   */
+  public function __construct(EntityTypeManagerInterface $entity_type_manager) {
+    $this->entityTypeManager = $entity_type_manager;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function access(AccountInterface $account, Route $route) {
+    $parts = explode('/', \Drupal::request()->getRequestUri());
+    $media_collection = $parts[2];
+    $collection = $this->entityTypeManager->getStorage('media_collection')->load($media_collection);
+
+    if ($collection) {
+      if ($collection->getOwnerId() === $account->id()) {
+        return AccessResult::allowed();
+      }
+      $shared_with = $collection->get('shared_with')->getValue();
+      return AccessResult::allowedIf(in_array(['target_id' => $account->id()], $shared_with));
+    }
+    return AccessResult::forbidden();
+  }
+}
diff --git a/modules/media_collection/src/Routing/MediaCollectionRouteSubscriber.php b/modules/media_collection/src/Routing/MediaCollectionRouteSubscriber.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Drupal\media_collection\Routing;
+
+use Drupal\Core\Routing\RouteSubscriberBase;
+use Symfony\Component\Routing\RouteCollection;
+
+/**
+ * Subscribe to media bulk upload paths.
+ *
+ * @package Drupal\damopen_assets\Routing
+ */
+class MediaCollectionRouteSubscriber extends RouteSubscriberBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function alterRoutes(RouteCollection $collection) {
+    if ($route = $collection->get('view.collection_view_page.collection_view')) {
+      $route->setRequirement('_custom_access', 'media_collection.view_access_check::access');
+    }
+  }
+
+}
diff --git a/modules/media_collection_share/media_collection_share.services.yml b/modules/media_collection_share/media_collection_share.services.yml
@@ -23,7 +23,7 @@ services:
       - '@datetime.time'
 
   media_collection_share.access_check:
-    class: Drupal\media_collection_share\Access\MediaCollectionAccessCheck
+    class: Drupal\media_collection_share\Access\MediaCollectionShareAccessCheck
     arguments: ['@entity_type.manager']
     tags:
       - { name: access_check, applies_to: _media_collection_owner_access }

diff --git a/...src/Access/MediaCollectionAccessCheck.php → ...ccess/MediaCollectionShareAccessCheck.php b/...src/Access/MediaCollectionAccessCheck.php → ...ccess/MediaCollectionShareAccessCheck.php
@@ -11,7 +11,7 @@
 /**
  * Provides an access checker for media collections.
  */
-class MediaCollectionAccessCheck implements AccessInterface {
+class MediaCollectionShareAccessCheck implements AccessInterface {
 
   /**
    * The entity type manager.