From ffdedab21ee8e1aaea7d0b1aae4169a429b29d9b Mon Sep 17 00:00:00 2001
From: Liam Morland <lkmorlan@uwaterloo.ca>
Date: Tue, 19 Jan 2021 15:45:03 -0500
Subject: [PATCH] ISTWCMS-4229: Prevent moderation of home page

This can only be done by users with permission 'bypass home page
protection'.
---
 src/Form/UwContentModerationForm.php | 16 ++++++++++++++++
 uw_cfg_common.routing.yml            |  1 +
 2 files changed, 17 insertions(+)

diff --git a/src/Form/UwContentModerationForm.php b/src/Form/UwContentModerationForm.php
index b6613f17..d7b8876c 100644
--- a/src/Form/UwContentModerationForm.php
+++ b/src/Form/UwContentModerationForm.php
@@ -2,10 +2,13 @@
 
 namespace Drupal\uw_cfg_common\Form;
 
+use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Entity\EntityTypeManagerInterface;
 use Drupal\Core\Form\ConfirmFormBase;
 use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\Url;
+use Drupal\uw_cfg_common\Service\UWService;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 
 /**
@@ -54,6 +57,19 @@ class UwContentModerationForm extends ConfirmFormBase {
     );
   }
 
+  /**
+   * Access callback. No access for the home page, except by admin.
+   *
+   * @return object
+   *   A AccessResult object.
+   */
+  public function access(int $nid, AccountInterface $account): AccessResult {
+    if (UWService::nodeIsHomePage($nid) && !$account->hasPermission('bypass home page protection')) {
+      return AccessResult::forbidden();
+    }
+    return AccessResult::allowed();
+  }
+
   /**
    * {@inheritdoc}
    */
diff --git a/uw_cfg_common.routing.yml b/uw_cfg_common.routing.yml
index cd86dba5..fe107ffc 100644
--- a/uw_cfg_common.routing.yml
+++ b/uw_cfg_common.routing.yml
@@ -11,4 +11,5 @@ uw_content_moderation.form:
     _title: 'Content moderation'
     _form: '\Drupal\uw_cfg_common\Form\UwContentModerationForm'
   requirements:
+    _custom_access: '\Drupal\uw_cfg_common\Form\UwContentModerationForm::access'
     _permission: 'access content'
-- 
GitLab