3 namespace Drupal\contact;
5 use Drupal\Core\Access\AccessResult;
6 use Drupal\Core\Entity\EntityAccessControlHandler;
7 use Drupal\Core\Entity\EntityInterface;
8 use Drupal\Core\Session\AccountInterface;
11 * Defines the access control handler for the contact form entity type.
13 * @see \Drupal\contact\Entity\ContactForm.
15 class ContactFormAccessControlHandler extends EntityAccessControlHandler {
20 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
21 if ($operation == 'view') {
22 // Do not allow access personal form via site-wide route.
23 return AccessResult::allowedIf($account->hasPermission('access site-wide contact form') && $entity->id() !== 'personal')->cachePerPermissions();
25 elseif ($operation == 'delete' || $operation == 'update') {
26 // Do not allow the 'personal' form to be deleted, as it's used for
27 // the personal contact form.
28 return AccessResult::allowedIf($account->hasPermission('administer contact forms') && $entity->id() !== 'personal')->cachePerPermissions();
31 return parent::checkAccess($entity, $operation, $account);