From ea6a2fec5b92627490d6e75ddbd096952b8bbacc Mon Sep 17 00:00:00 2001
From: Nazariy Velychenko <n.velychenko@dev-branch.com>
Date: Thu, 23 Jul 2020 19:30:59 +0300
Subject: [PATCH 1/2] OI-74: Restrict access of author to remove himself from a
 group.

---
 modules/openideal_idea/openideal_idea.module  |  9 ++++++
 ...nidealGroupContentAccessControlHandler.php | 29 +++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 modules/openideal_idea/src/Plugin/OpenidealGroupContentAccessControlHandler.php

diff --git a/modules/openideal_idea/openideal_idea.module b/modules/openideal_idea/openideal_idea.module
index 4169c3c6f..b99e89b5b 100644
--- a/modules/openideal_idea/openideal_idea.module
+++ b/modules/openideal_idea/openideal_idea.module
@@ -16,6 +16,7 @@ use Drupal\Core\Url;
 use Drupal\node\NodeInterface;
 use Drupal\openideal_idea\ComputedNumberList;
 use Drupal\openideal_idea\Form\OpenidealBaseRatingForm;
+use Drupal\openideal_idea\Plugin\OpenidealGroupContentAccessControlHandler as GroupContentAccessHandle;
 
 /**
  * Implements hook_form_alter().
@@ -267,3 +268,11 @@ function openideal_idea_entity_type_build(array &$entity_types) {
   // To add "un-like" ability to the Idea bundle.
   $entity_types['vote']->setFormClass('votingapi_openideal_useful', OpenidealBaseRatingForm::class);
 }
+
+/**
+ * Implements hook_group_content_info_alter().
+ */
+function openideal_idea_group_content_info_alter(&$info) {
+  // Alter the content enabler plugin definitions to use our class.
+  $info['group_membership']['handlers']['access'] = GroupContentAccessHandle::class;
+}
diff --git a/modules/openideal_idea/src/Plugin/OpenidealGroupContentAccessControlHandler.php b/modules/openideal_idea/src/Plugin/OpenidealGroupContentAccessControlHandler.php
new file mode 100644
index 000000000..b3b7ac4c3
--- /dev/null
+++ b/modules/openideal_idea/src/Plugin/OpenidealGroupContentAccessControlHandler.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Drupal\openideal_idea\Plugin;
+
+use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Session\AccountInterface;
+use Drupal\group\Entity\GroupContentInterface;
+use Drupal\group\Plugin\GroupContentAccessControlHandler;
+use Drupal\group\Plugin\GroupContentAccessControlHandlerInterface;
+
+/**
+ * Provides custom access control for GroupMembership entities.
+ */
+class OpenidealGroupContentAccessControlHandler extends GroupContentAccessControlHandler implements GroupContentAccessControlHandlerInterface {
+
+  /**
+   * {@inheritdoc}
+   */
+  public function relationAccess(GroupContentInterface $group_content, $operation, AccountInterface $account, $return_as_object = FALSE) {
+    // Check if the account is the owner and an restrict delete access.
+    $is_owner = $group_content->getOwnerId() === $account->id();
+    if ($is_owner && $operation == 'delete') {
+      return AccessResult::forbidden();
+    }
+
+    return parent::relationAccess($group_content, $operation, $account, $return_as_object);
+  }
+
+}

From b334ec4323b45115af6123e283284faa978b4139 Mon Sep 17 00:00:00 2001
From: Nazariy Velychenko <n.velychenko@dev-branch.com>
Date: Fri, 24 Jul 2020 10:33:41 +0300
Subject: [PATCH 2/2] OI-74: Implemented hook_entity_access instead of changing
 access handler.

---
 modules/openideal_idea/openideal_idea.module  | 12 ++++----
 ...nidealGroupContentAccessControlHandler.php | 29 -------------------
 2 files changed, 7 insertions(+), 34 deletions(-)
 delete mode 100644 modules/openideal_idea/src/Plugin/OpenidealGroupContentAccessControlHandler.php

diff --git a/modules/openideal_idea/openideal_idea.module b/modules/openideal_idea/openideal_idea.module
index 1c1fd0c52..11187da1e 100644
--- a/modules/openideal_idea/openideal_idea.module
+++ b/modules/openideal_idea/openideal_idea.module
@@ -16,7 +16,6 @@ use Drupal\Core\Url;
 use Drupal\node\NodeInterface;
 use Drupal\openideal_idea\ComputedNumberList;
 use Drupal\openideal_idea\Form\OpenidealBaseRatingForm;
-use Drupal\openideal_idea\Plugin\OpenidealGroupContentAccessControlHandler as GroupContentAccessHandle;
 
 /**
  * Implements hook_theme().
@@ -287,9 +286,12 @@ function openideal_idea_entity_type_build(array &$entity_types) {
 }
 
 /**
- * Implements hook_group_content_info_alter().
+ * Implements hook_ENTITY_TYPE_access().
  */
-function openideal_idea_group_content_info_alter(&$info) {
-  // Alter the content enabler plugin definitions to use our class.
-  $info['group_membership']['handlers']['access'] = GroupContentAccessHandle::class;
+function openideal_idea_group_content_access(EntityInterface $entity, $operation, AccountInterface $account) {
+  if ($entity->getOwnerId() === $account->id()
+    && $operation == 'delete'
+    && $entity->getContentPlugin()->getPluginId() == 'group_membership') {
+    return AccessResult::forbidden();
+  }
 }
diff --git a/modules/openideal_idea/src/Plugin/OpenidealGroupContentAccessControlHandler.php b/modules/openideal_idea/src/Plugin/OpenidealGroupContentAccessControlHandler.php
deleted file mode 100644
index b3b7ac4c3..000000000
--- a/modules/openideal_idea/src/Plugin/OpenidealGroupContentAccessControlHandler.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-namespace Drupal\openideal_idea\Plugin;
-
-use Drupal\Core\Access\AccessResult;
-use Drupal\Core\Session\AccountInterface;
-use Drupal\group\Entity\GroupContentInterface;
-use Drupal\group\Plugin\GroupContentAccessControlHandler;
-use Drupal\group\Plugin\GroupContentAccessControlHandlerInterface;
-
-/**
- * Provides custom access control for GroupMembership entities.
- */
-class OpenidealGroupContentAccessControlHandler extends GroupContentAccessControlHandler implements GroupContentAccessControlHandlerInterface {
-
-  /**
-   * {@inheritdoc}
-   */
-  public function relationAccess(GroupContentInterface $group_content, $operation, AccountInterface $account, $return_as_object = FALSE) {
-    // Check if the account is the owner and an restrict delete access.
-    $is_owner = $group_content->getOwnerId() === $account->id();
-    if ($is_owner && $operation == 'delete') {
-      return AccessResult::forbidden();
-    }
-
-    return parent::relationAccess($group_content, $operation, $account, $return_as_object);
-  }
-
-}