From e8c4110ee5ea796df1259503ef05808c9427a2e8 Mon Sep 17 00:00:00 2001
From: Benjamin Rasmussen <rasben@users.noreply.github.com>
Date: Mon, 13 Jan 2025 10:33:57 +0100
Subject: [PATCH] Update BNF server content view permissions.

This view should only be available if the `bnf_server`
module is enabled.
---
 config/sync/user.role.anonymous.yml           |  1 +
 config/sync/user.role.authenticated.yml       |  1 +
 config/sync/views.view.importable_content.yml |  9 +--
 .../custom/dpl_admin/dpl_admin.services.yml   |  8 ++
 .../views/access/BnfServerEnabledAccess.php   | 73 +++++++++++++++++++
 5 files changed, 86 insertions(+), 6 deletions(-)
 create mode 100644 web/modules/custom/dpl_admin/src/Plugin/views/access/BnfServerEnabledAccess.php

diff --git a/config/sync/user.role.anonymous.yml b/config/sync/user.role.anonymous.yml
index c7a60e3bb..e16cf1190 100644
--- a/config/sync/user.role.anonymous.yml
+++ b/config/sync/user.role.anonymous.yml
@@ -31,3 +31,4 @@ permissions:
   - 'view eventinstance entity'
   - 'view eventseries entity'
   - 'view media'
+  - 'view the administration theme'
diff --git a/config/sync/user.role.authenticated.yml b/config/sync/user.role.authenticated.yml
index b3a2e581c..f430209fa 100644
--- a/config/sync/user.role.authenticated.yml
+++ b/config/sync/user.role.authenticated.yml
@@ -30,3 +30,4 @@ permissions:
   - 'view eventinstance entity'
   - 'view eventseries entity'
   - 'view media'
+  - 'view the administration theme'
diff --git a/config/sync/views.view.importable_content.yml b/config/sync/views.view.importable_content.yml
index fd1fad1fa..ff2c87a1c 100644
--- a/config/sync/views.view.importable_content.yml
+++ b/config/sync/views.view.importable_content.yml
@@ -10,11 +10,11 @@ dependencies:
     - taxonomy.vocabulary.categories
     - taxonomy.vocabulary.tags
   module:
+    - dpl_admin
     - link
     - media
     - node
     - taxonomy
-    - user
 id: importable_content
 label: 'Importable content'
 module: views
@@ -657,9 +657,8 @@ display:
           sort_asc_label: Asc
           sort_desc_label: Desc
       access:
-        type: perm
-        options:
-          perm: 'access content overview'
+        type: bnf_server_access
+        options: {  }
       cache:
         type: tag
         options: {  }
@@ -1044,7 +1043,6 @@ display:
         - url
         - url.query_args
         - 'user.node_grants:view'
-        - user.permissions
       tags:
         - 'config:field.storage.node.field_canonical_url'
         - 'config:field.storage.node.field_subtitle'
@@ -1066,7 +1064,6 @@ display:
         - url
         - url.query_args
         - 'user.node_grants:view'
-        - user.permissions
       tags:
         - 'config:field.storage.node.field_canonical_url'
         - 'config:field.storage.node.field_subtitle'
diff --git a/web/modules/custom/dpl_admin/dpl_admin.services.yml b/web/modules/custom/dpl_admin/dpl_admin.services.yml
index 622190030..88d966056 100644
--- a/web/modules/custom/dpl_admin/dpl_admin.services.yml
+++ b/web/modules/custom/dpl_admin/dpl_admin.services.yml
@@ -1,3 +1,11 @@
+---
 services:
   dpl_admin.version_helper:
     class: Drupal\dpl_admin\Services\VersionHelper
+  dpl_admin.bnf_server_access:
+    class: Drupal\dpl_admin\Plugin\views\access\BnfServerEnabledAccess
+    arguments:
+      $configuration: []
+      $plugin_id: 'dpl_admin.bnf_server_access'
+      $plugin_definition: []
+      $module_handler: '@module_handler'
diff --git a/web/modules/custom/dpl_admin/src/Plugin/views/access/BnfServerEnabledAccess.php b/web/modules/custom/dpl_admin/src/Plugin/views/access/BnfServerEnabledAccess.php
new file mode 100644
index 000000000..d2c1f0eeb
--- /dev/null
+++ b/web/modules/custom/dpl_admin/src/Plugin/views/access/BnfServerEnabledAccess.php
@@ -0,0 +1,73 @@
+<?php
+
+namespace Drupal\dpl_admin\Plugin\views\access;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Extension\ModuleHandlerInterface;
+use Drupal\Core\Session\AccountInterface;
+use Drupal\views\Plugin\views\access\AccessPluginBase;
+use Psr\Container\ContainerInterface;
+use Symfony\Component\Routing\Route;
+
+/**
+ * A custom access handler, that returns Allowed if bnf_server is enabled.
+ *
+ * This is necessary as we have views and content that should only be available
+ * on the BNF server.
+ *
+ * @ingroup views_access_plugins
+ *
+ * @ViewsAccess(
+ *   id = "bnf_server_access",
+ *   title = @Translation("Allowed if bnf_server is enabled.")
+ * )
+ */
+class BnfServerEnabledAccess extends AccessPluginBase {
+
+  /**
+   * The module handler.
+   */
+  protected ModuleHandlerInterface $moduleHandler;
+
+  /**
+   * {@inheritDoc}
+   */
+  public function __construct(array $configuration, $plugin_id, $plugin_definition, ModuleHandlerInterface $module_handler) {
+    parent::__construct($configuration, $plugin_id, $plugin_definition);
+    $this->moduleHandler = $module_handler;
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition): static {
+    return new static(
+      $configuration,
+      $plugin_id,
+      $plugin_definition,
+      $container->get('module_handler'),
+    );
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  public function access(AccountInterface $account): bool {
+    return $this->moduleHandler->moduleExists('bnf_server');
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  public function accessRoute(AccountInterface $account): AccessResult {
+    return AccessResult::allowedIf($this->access($account));
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  public function alterRouteDefinition(Route $route): void {
+    $route->setRequirement('_custom_access', 'dpl_admin.bnf_server_access:accessRoute');
+  }
+
+}