Issue #27: Move controller access checks to the route definition for …

…view and edit routes.

collabora_online.routing.yml

@@ -3,6 +3,7 @@ collabora-online.view:
   defaults:
     _controller: '\Drupal\collabora_online\Controller\ViewerController::editor'
     _title: 'Collabora Online'
+    # The controller method has a boolean parameter '$edit'.
     edit: false
   options:
     parameters:
@@ -11,13 +12,15 @@ collabora-online.view:
       edit:
         type: boolean
   requirements:
-    _permission: 'access content'
+    media: \d+
+    _entity_access: 'media.preview in collabora'
 
 collabora-online.edit:
   path: '/cool/edit/{media}'
   defaults:
     _controller: '\Drupal\collabora_online\Controller\ViewerController::editor'
     _title: 'Collabora Online'
+    # The controller method has a boolean parameter '$edit'.
     edit: true
   options:
     parameters:
@@ -26,7 +29,8 @@ collabora-online.edit:
       edit:
         type: boolean
   requirements:
-    _permission: 'access content'
+    media: \d+
+    _entity_access: 'media.edit in collabora'
 
 collabora-online.settings:
   path: '/admin/config/cool/settings'

src/Controller/ViewerController.php

@@ -53,19 +53,6 @@ public function editor(Media $media, $edit = false) {
             'closebutton' => 'true',
         ];
 
-        if (!$media->access('preview in collabora')) {
-            $error_msg = 'Authentication failed.';
-            \Drupal::logger('cool')->error($error_msg);
-            return new Response(
-                $error_msg,
-                Response::HTTP_FORBIDDEN,
-                ['content-type' => 'text/plain']
-            );
-        }
-
-        /* Make sure that the user is a collaborator if edit is true */
-        $edit = $edit && $media->access('edit in collabora');
-
         $render_array = CoolUtils::getViewerRender($media, $edit, $options);
 
         if (!$render_array ||  array_key_exists('error', $render_array)) {