diff --git a/site_users.module b/site_users.module index 58adb58..bfcce2a 100644 --- a/site_users.module +++ b/site_users.module @@ -95,24 +95,32 @@ function site_users_check_profile_field_access($operation, AccountInterface $acc } if ($operation === 'view') { - // Pode ver qualquer perfil. if ($account->hasPermission('view any user profile fields')) { return AccessResult::allowed()->cachePerPermissions(); } - // Pode ver apenas o próprio perfil. + // Sem entidade disponível, defer. + if (!$items) { + return AccessResult::neutral(); + } if ($is_own && $account->hasPermission('view own user profile fields')) { return AccessResult::allowed()->cachePerPermissions()->cachePerUser(); } - return AccessResult::forbidden()->cachePerPermissions()->cachePerUser(); + if (!$is_own) { + return AccessResult::forbidden()->cachePerPermissions()->cachePerUser(); + } + return AccessResult::neutral()->cachePerUser(); } if ($operation === 'edit') { - // Pode editar qualquer perfil. if ($account->hasPermission('edit any user profile fields')) { return AccessResult::allowed()->cachePerPermissions(); } - // Pode editar apenas o próprio perfil, se o campo estiver habilitado na config. + // Sem entidade disponível, defer. + if (!$items) { + return AccessResult::neutral(); + } if ($is_own && $account->hasPermission('edit own user profile fields')) { + // Campo habilitado na config? $config = \Drupal::config('site_users.settings'); $field_enabled = $config->get('user_editable_fields.' . $field_name) ?? TRUE; if ($field_enabled) { @@ -120,7 +128,11 @@ function site_users_check_profile_field_access($operation, AccountInterface $acc } return AccessResult::forbidden()->cachePerPermissions()->cachePerUser()->addCacheTags(['config:site_users.settings']); } - return AccessResult::forbidden()->cachePerPermissions()->cachePerUser(); + if (!$is_own) { + return AccessResult::forbidden()->cachePerPermissions()->cachePerUser(); + } + // Próprio usuário sem a permissão explícita: defer ao comportamento padrão do Drupal. + return AccessResult::neutral()->cachePerUser(); } return AccessResult::neutral(); @@ -143,22 +155,28 @@ function site_users_check_photo_field_access($operation, AccountInterface $accou } if ($operation === 'view') { - // Fotos seguem a mesma regra dos campos de perfil para visualização. if ($account->hasPermission('view any user profile fields')) { return AccessResult::allowed()->cachePerPermissions(); } + if (!$items) { + return AccessResult::neutral(); + } if ($is_own && $account->hasPermission('view own user profile fields')) { return AccessResult::allowed()->cachePerPermissions()->cachePerUser(); } - return AccessResult::forbidden()->cachePerPermissions()->cachePerUser(); + if (!$is_own) { + return AccessResult::forbidden()->cachePerPermissions()->cachePerUser(); + } + return AccessResult::neutral()->cachePerUser(); } if ($operation === 'edit') { - // Pode gerenciar fotos de qualquer usuário. if ($account->hasPermission('manage user photos')) { return AccessResult::allowed()->cachePerPermissions(); } - // Pode gerenciar apenas as próprias fotos, se o campo estiver habilitado na config. + if (!$items) { + return AccessResult::neutral(); + } if ($is_own && $account->hasPermission('manage own user photos')) { $config = \Drupal::config('site_users.settings'); $field_enabled = $config->get('user_editable_fields.' . $field_name) ?? TRUE; @@ -167,7 +185,10 @@ function site_users_check_photo_field_access($operation, AccountInterface $accou } return AccessResult::forbidden()->cachePerPermissions()->cachePerUser()->addCacheTags(['config:site_users.settings']); } - return AccessResult::forbidden()->cachePerPermissions()->cachePerUser(); + if (!$is_own) { + return AccessResult::forbidden()->cachePerPermissions()->cachePerUser(); + } + return AccessResult::neutral()->cachePerUser(); } return AccessResult::neutral();