Fix access check for CSV upload form (#99)

* Fix access check for CSV upload form

* removed access premission check

src/Form/StanfordMigrateCsvImportForm.php

@@ -2,13 +2,11 @@
 
 namespace Drupal\stanford_migrate\Form;
 
-use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Cache\Cache;
 use Drupal\Core\Entity\EntityForm;
 use Drupal\Core\Entity\EntityTypeManagerInterface;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Link;
-use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\State\StateInterface;
 use Drupal\file\FileUsage\FileUsageInterface;
 use Drupal\migrate\MigrateMessage;
@@ -58,31 +56,11 @@ public static function create(ContainerInterface $container) {
    */
   public function __construct(protected MigrationPluginManagerInterface $migrationManager, protected StateInterface $state, protected FileUsageInterface $fileUsage, EntityTypeManagerInterface $entityTypeManager) {
     $this->entityTypeManager = $entityTypeManager;
-
     /** @var \Drupal\migrate_plus\Entity\MigrationInterface $migration */
     $migration = $this->getRequest()->attributes->get('migration');
     $this->migrationPlugin = $this->migrationManager->createInstance($migration->id());
   }
 
-  /**
-   * Check if the user should have access to the form.
-   *
-   * @param \Drupal\Core\Session\AccountInterface $account
-   *   Current user.
-   *
-   * @return \Drupal\Core\Access\AccessResult
-   *   Allowed if the migration is a csv importer.
-   */
-  public function access(AccountInterface $account): AccessResult {
-    $source_plugin = $this->migrationPlugin->getSourcePlugin();
-    // If the migration doesn't import csv, there's no reason to allow the form.
-    if ($source_plugin->getPluginId() != 'csv') {
-      return AccessResult::forbidden();
-    }
-    $migration_id = $this->migrationPlugin->id();
-    return AccessResult::allowedIfHasPermission($account, "import $migration_id migration");
-  }
-
   /**
    * {@inheritDoc}
    */

stanford_migrate.module

@@ -5,17 +5,20 @@
  * Contains stanford_migrate.module.
  */
 
+use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Cache\Cache;
 use Drupal\Core\Entity\Display\EntityFormDisplayInterface;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Entity\Entity\EntityViewDisplay;
 use Drupal\Core\Routing\RouteMatchInterface;
+use Drupal\Core\Session\AccountInterface;
 use Drupal\migrate\Plugin\MigrateSourceInterface;
 use Drupal\migrate\Plugin\MigrationInterface;
 use Drupal\migrate\Row;
 use Drupal\migrate_plus\Entity\Migration;
 use Drupal\node\NodeInterface;
 use Drupal\ultimate_cron\CronJobInterface;
+use Drupal\migrate_plus\Entity\MigrationInterface as MigrationEntityInterface;
 
 /**
  * Implements hook_help().
@@ -59,7 +62,8 @@ function stanford_migrate_migrate_prepare_row(Row $row, MigrateSourceInterface $
  * @return array|\Drupal\migrate_plus\Entity\MigrationInterface|mixed
  *   Migration entity or null/false if none found.
  *
- * @deprecated in 8.2.3 and is removed in 9.0.0. Use \Drupal::service('stanford_migrate')->getNodesMigration() instead.
+ * @deprecated in 8.2.3 and is removed in 9.0.0. Use
+ *   \Drupal::service('stanford_migrate')->getNodesMigration() instead.
  */
 function stanford_migrate_get_migration(NodeInterface $node) {
   return \Drupal::service('stanford_migrate')->getNodesMigration($node);
@@ -150,7 +154,7 @@ function stanford_migrate_entity_form_display_alter(EntityFormDisplayInterface $
  * Implements hook_preprocess_HOOK().
  */
 function stanford_migrate_preprocess_field(&$variables) {
-  if ($variables['element']['#third_party_settings']['stanford_migrate']['readonly'] ?? false) {
+  if ($variables['element']['#third_party_settings']['stanford_migrate']['readonly'] ?? FALSE) {
     // Wrap the readonly form fields with classes so that they can be identified
     // more easily to the user.
     $variables['attributes']['class'][] = 'messages';
@@ -205,6 +209,17 @@ function stanford_migrate_entity_type_alter(array &$entity_types) {
   }
 }
 
+/**
+ * Implements hook_ENTITY_TYPE_access().
+ */
+function stanford_migrate_migration_access(MigrationEntityInterface $entity, $operation, AccountInterface $account) {
+  if ($operation != 'csv') {
+    return AccessResult::neutral();
+  }
+  $migration_id = $entity->id();
+  return AccessResult::allowedIfHasPermission($account, "import $migration_id migration");
+}
+
 /**
  * Implements hook_ENTITY_TYPE_delete().
  */
@@ -297,7 +312,8 @@ function stanford_migrate_ultimate_cron_task(CronJobInterface $cron_entity) {
  * @param bool $batch
  *   Execute the migration using a batch process.
  *
- * @deprecated in 8.2.3 and is removed in 9.0.0. Use \Drupal::service('stanford_migrate')->executeMigration() instead.
+ * @deprecated in 8.2.3 and is removed in 9.0.0. Use
+ *   \Drupal::service('stanford_migrate')->executeMigration() instead.
  *
  * @see \Drupal\migrate_tools\Drush\MigrateToolsCommands::executeMigration()
  */
@@ -313,7 +329,8 @@ function stanford_migrate_execute_migration(MigrationInterface $migration, strin
  *   An array keyed by migration group, each value containing an array of
  *   migrations or an empty array if no migrations match the input criteria.
  *
- * @deprecated in 8.2.3 and is removed in 9.0.0. Use \Drupal::service('stanford_migrate')->getMigrationList() instead.
+ * @deprecated in 8.2.3 and is removed in 9.0.0. Use
+ *   \Drupal::service('stanford_migrate')->getMigrationList() instead.
  *
  * @see \Drupal\migrate_tools\Drush\MigrateToolsCommands::migrationsList()
  */

stanford_migrate.routing.yml

@@ -23,7 +23,7 @@ entity.migration.csv_upload:
     _title: 'Upload CSV'
     _migrate_group: true
   requirements:
-    _custom_access: 'Drupal\stanford_migrate\Form\StanfordMigrateCsvImportForm::access'
+    _entity_access: 'migration.csv'
     _module_dependencies: migrate_source_csv
   options:
     parameters:
@@ -38,7 +38,7 @@ entity.migration.csv_template:
     _controller: '\Drupal\stanford_migrate\Controller\MigrationCsvTemplate::getEmptyTemplate'
     _title: 'CSV Template'
   requirements:
-    _custom_access: 'Drupal\stanford_migrate\Form\StanfordMigrateCsvImportForm::access'
+    _entity_access: 'migration.csv'
     _module_dependencies: migrate_source_csv
   options:
     parameters:

tests/src/Kernel/Form/StanfordMigrateCsvImportFormTest.php

@@ -44,33 +44,6 @@ public function setup(): void {
     $this->installSchema('file', ['file_usage']);
   }
 
-  /**
-   * Migrations that aren't csv importers are denied access.
-   */
-  public function testNonCsvAccess() {
-    $this->setMigrationRequest(Migration::load('stanford_migrate'));
-
-    $form_object = \Drupal::entityTypeManager()
-      ->getFormObject('migration', 'csv-upload');
-    $account = $this->createMock(AccountInterface::class);
-    $this->assertFalse($form_object->access($account)->isAllowed());
-  }
-
-  /**
-   * CSV Importers have permission access.
-   */
-  public function testCsvPermissionAccess() {
-    $this->setCsvMigrationRequest();
-
-    $account = $this->createMock(AccountInterface::class);
-    $form_object = \Drupal::entityTypeManager()
-      ->getFormObject('migration', 'csv-upload');
-    $this->assertFalse($form_object->access($account)->isAllowed());
-
-    $account->method('hasPermission')->willReturn(TRUE);
-    $this->assertTrue($form_object->access($account)->isAllowed());
-  }
-
   /**
    * Test the functionality of the form.
    */