From bb7677c1e8e8d5c09b52b87bed95aaa9caf3c519 Mon Sep 17 00:00:00 2001
From: Eric Bremner <ebremner@uwaterloo.ca>
Date: Thu, 25 Apr 2024 05:51:56 -0400
Subject: [PATCH] ISTWCMS-5412: fixing permissions for pub ref keywords block

---
 src/Plugin/Block/PublicationAuthorsBlock.php | 33 ++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/src/Plugin/Block/PublicationAuthorsBlock.php b/src/Plugin/Block/PublicationAuthorsBlock.php
index 0db5ca7..ad9f2c9 100644
--- a/src/Plugin/Block/PublicationAuthorsBlock.php
+++ b/src/Plugin/Block/PublicationAuthorsBlock.php
@@ -2,10 +2,13 @@
 
 namespace Drupal\uw_dashboard\Plugin\Block;
 
+use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Block\BlockBase;
 use Drupal\Core\Entity\EntityTypeManagerInterface;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
+use Drupal\Core\Session\AccountInterface;
+use Drupal\node\Plugin\views\filter\Access;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 
 /**
@@ -25,6 +28,13 @@ class PublicationAuthorsBlock extends BlockBase implements ContainerFactoryPlugi
    */
   protected $entityTypeManager;
 
+  /**
+   * The current user.
+   *
+   * @var \Drupal\Core\Session\AccountProxyInterface
+   */
+  protected $currentUser;
+
   /**
    * {@inheritdoc}
    */
@@ -38,7 +48,8 @@ class PublicationAuthorsBlock extends BlockBase implements ContainerFactoryPlugi
       $configuration,
       $plugin_id,
       $plugin_definition,
-      $container->get('entity_type.manager')
+      $container->get('entity_type.manager'),
+      $container->get('current_user')
     );
   }
 
@@ -53,15 +64,19 @@ class PublicationAuthorsBlock extends BlockBase implements ContainerFactoryPlugi
    *   The plugin implementation definition.
    * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entityTypeManager
    *   Entity type manager.
+   * @param \Drupal\Core\Session\AccountProxyInterface $currentUser
+   *   The current user.
    */
   public function __construct(
     array $configuration,
     $plugin_id,
     $plugin_definition,
-    EntityTypeManagerInterface $entityTypeManager
+    EntityTypeManagerInterface $entityTypeManager,
+    AccountInterface $currentUser
   ) {
     parent::__construct($configuration, $plugin_id, $plugin_definition);
     $this->entityTypeManager = $entityTypeManager;
+    $this->currentUser = $currentUser;
   }
 
   /**
@@ -69,6 +84,13 @@ class PublicationAuthorsBlock extends BlockBase implements ContainerFactoryPlugi
    */
   public function build() {
 
+    // Add a message if the user does not have access to the block.
+    if (!$this->currentUser->hasPermission('edit bibcite_keyword')) {
+      return [
+        '#markup' => 'You do not have permission to view this block.',
+      ];
+    }
+
     // Load the view.
     /** @var \Drupal\views\ViewExecutable $view */
     $view = $this->entityTypeManager
@@ -120,4 +142,11 @@ class PublicationAuthorsBlock extends BlockBase implements ContainerFactoryPlugi
 
   }
 
+  /**
+   * {@inheritdoc}
+   */
+  protected function blockAccess(AccountInterface $account) {
+    return AccessResult::allowedIfHasPermission($account, 'edit bibcite_keyword');
+  }
+
 }
-- 
GitLab