Update to dynamically create permissions

Author: occupant

ubc_media_entities/src/MediaAccessControlHandler.php

@@ -20,26 +20,16 @@ protected function checkAccess(EntityInterface $entity, $operation, AccountInter
     {
         // Check if the operation is 'view'.
         if ($operation === 'view') {
-            // Example: Restrict 'view' based on media type and a custom permission.
+            // Dynamically check permission based on media type.
             $media_type = $entity->bundle();
-            if ($account->hasPermission("view $media_type media")) {
-                return AccessResult::allowed();
-            }
-            else {
-                return AccessResult::forbidden();
-            }
+            $permission = "view $media_type media";
+
+            // Grant access if the user has the permission.
+            return AccessResult::allowedIfHasPermission($account, $permission);
         }
 
-        // For other operations, fall back to the parent handler.
+        // Fallback to parent handler for other operations.
         return parent::checkAccess($entity, $operation, $account);
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = null)
-    {
-        // Allow creation of media if the user has a specific permission.
-        return AccessResult::allowedIfHasPermission($account, "create $entity_bundle media");
-    }
 }

ubc_media_entities/src/PermissionProvider.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace Drupal\ubc_media_entities;
+
+use Drupal\Core\StringTranslation\StringTranslationTrait;
+use Drupal\media\Entity\MediaType;
+
+/**
+ * Provides dynamic permissions for media types.
+ */
+class PermissionProvider
+{
+    use StringTranslationTrait;
+
+    /**
+     * Generates dynamic permissions for all media types.
+     *
+     * @return array
+     *   An array of permissions.
+     */
+    public static function generateMediaPermissions()
+    {
+        $permissions = [];
+        $media_types = MediaType::loadMultiple();
+
+        foreach ($media_types as $media_type) {
+            $type_id = $media_type->id();
+            $type_label = $media_type->label();
+
+            // Add 'view' permission for the media type.
+            $permissions["view $type_id media"] = [
+            'title' => t('View @type media', ['@type' => $type_label]),
+            'description' => t('Allows users to view media of type @type.', ['@type' => $type_label]),
+            'restrict access' => true,
+            ];
+
+        }
+
+        return $permissions;
+    }
+}

ubc_media_entities/ubc_media_entities.module

@@ -25,6 +25,29 @@ function ubc_media_entities_file_download($uri) {
   return NULL;
 }
 
+/**
+ * Implements hook_permission().
+ */
+function ubc_media_entities_permission() {
+  $permissions = [];
+  $media_types = \Drupal::entityTypeManager()->getStorage('media_type')->loadMultiple();
+
+  foreach ($media_types as $media_type) {
+    $type_id = $media_type->id();
+    $type_label = $media_type->label();
+
+    // Create 'view' permission for the media type.
+    $permissions["view $type_id media"] = [
+      'title' => t('View @type media', ['@type' => $type_label]),
+      'description' => t('Allows users to view media of type @type.', ['@type' => $type_label]),
+      'restrict access' => TRUE,
+    ];
+
+  }
+
+  return $permissions;
+}
+
 /**
  * Implements hook_entity_type_alter().
  */
@@ -44,13 +67,37 @@ function ubc_media_entities_post_update_grant_private_file_permission() {
   $role_object->save();
 }
 
+/**
+ * Implements hook_post_update_()
+ * Add anonymous permissions to media
+ */
+/* function ubc_media_entities_post_update_grant_anonymous_permissions() {
+  $role_object = Role::load('authenticated');
+  $role_object->grantPermission('view audio media');
+  $role_object->grantPermission('view document media');
+  $role_object->grantPermission('view file media');
+  //$role_object->grantPermission('view ics_file media');
+  $role_object->grantPermission('view image media');
+  $role_object->grantPermission('view remote_video media');
+  $role_object->grantPermission('view svg_icon media');
+  $role_object->grantPermission('view video media');
+  $role_object->save();
+} */
 
 /**
  * Implements hook_post_update_()
- * Add permission to view private_file media
+ * Add authenticated permissions to media
  */
-function ubc_media_entities_post_update_grant_private_media_permission() {
+/* function ubc_media_entities_post_update_grant_authenticated_permissions() {
   $role_object = Role::load('authenticated');
+  $role_object->grantPermission('view audio media');
+  $role_object->grantPermission('view document media');
+  $role_object->grantPermission('view file media');
+  //$role_object->grantPermission('view ics_file media');
+  $role_object->grantPermission('view image media');
   $role_object->grantPermission('view private_file media');
+  $role_object->grantPermission('view remote_video media');
+  $role_object->grantPermission('view svg_icon media');
+  $role_object->grantPermission('view video media');
   $role_object->save();
-}
+} */

ubc_media_entities/ubc_media_entities.permissions.yml

@@ -3,7 +3,6 @@ access private files:
   description: 'View privately stored files from their direct URL path'
   restrict access: TRUE
 
-view private_file media:
-  title: 'View private file media'
-  description: 'View private file media items'
-  restrict access: TRUE
+
+permission_callbacks:
+  - Drupal\ubc_media_entities\PermissionProvider::generateMediaPermissions