Issue CollaboraOnline#27: Let the access checker return an AccessResu…

…lt object.
donquixote · Sep 9, 2024 · c63ee3c · c63ee3c
1 parent 27e8137
commit c63ee3c
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/src/Access/CollaboraAccessCheck.php b/src/Access/CollaboraAccessCheck.php
@@ -4,6 +4,8 @@
 
 namespace Drupal\collabora_online\Access;
 
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Access\AccessResultInterface;
 use Drupal\Core\Session\AccountInterface;
 
 /**
@@ -22,21 +24,20 @@ class CollaboraAccessCheck {
      * @param \Drupal\Core\Session\AccountInterface $account
      *   User account to check access for.
      *
-     * @return bool
-     *   TRUE to grant access, FALSE to deny it.
+     * @return \Drupal\Core\Access\AccessResultInterface
+     *   Access result.
      *
      * @todo Add fine-grained permissions per media type.
-     * @todo Return an access result object.
      */
     public function mediaAccess(
         string $operation,
         AccountInterface $account,
-    ): bool {
+    ): AccessResultInterface {
         $permission = match ($operation) {
             'preview' => 'preview any media in collabora',
             'edit' => 'edit any media in collabora',
         };
-        return $account->hasPermission($permission);
+        return AccessResult::allowedIfHasPermission($account, $permission);
     }
 
 }
diff --git a/src/Controller/ViewerController.php b/src/Controller/ViewerController.php
@@ -45,7 +45,7 @@ public function editor(Media $media, $edit = false) {
 
         $user = \Drupal::currentUser();
 
-        if (!$this->accessCheck->mediaAccess('preview', $user)) {
+        if (!$this->accessCheck->mediaAccess('preview', $user)->isAllowed()) {
             $error_msg = 'Authentication failed.';
             \Drupal::logger('cool')->error($error_msg);
             return new Response(
@@ -56,7 +56,7 @@ public function editor(Media $media, $edit = false) {
         }
 
         /* Make sure that the user is a collaborator if edit is true */
-        $edit = $edit && $this->accessCheck->mediaAccess('edit', $user);
+        $edit = $edit && $this->accessCheck->mediaAccess('edit', $user)->isAllowed();
 
         $render_array = CoolUtils::getViewerRender($media, $edit, $options);
 

diff --git a/src/Controller/WopiController.php b/src/Controller/WopiController.php
@@ -57,7 +57,7 @@ function wopiCheckFileInfo(string $id, Request $request) {
         $user = User::load($jwt_payload->uid);
         $can_write = $jwt_payload->wri;
 
-        if ($can_write && !$this->accessCheck->mediaAccess('edit', $user)) {
+        if ($can_write && !$this->accessCheck->mediaAccess('edit', $user)->isAllowed()) {
             \Drupal::logger('cool')->error('Token and user permissions do not match.');
             return static::permissionDenied();
         }