diff --git a/src/Plugin/Field/FieldType/WorkflowsFieldItem.php b/src/Plugin/Field/FieldType/WorkflowsFieldItem.php index c93d0be..b8d6c7c 100644 --- a/src/Plugin/Field/FieldType/WorkflowsFieldItem.php +++ b/src/Plugin/Field/FieldType/WorkflowsFieldItem.php @@ -120,13 +120,29 @@ class WorkflowsFieldItem extends FieldItemBase implements OptionsProviderInterfa $workflow = $this->getWorkflow(); $type = $workflow->getTypePlugin(); - $allowed_states = $type->getStates(); - if (!empty($value) && $type->hasState($value) && ($current = $type->getState($value))) { - $allowed_states = array_filter($allowed_states, function(StateInterface $state) use ($current) { - return $current->id() === $state->id() || $current->canTransitionTo($state->id()); + + /** @var \Drupal\workflows\State $current */ + if ($value && $type->hasState($value) && ($current = $type->getState($value))) { + $allowed_states = array_filter($allowed_states, function(StateInterface $state) use ($current, $workflow, $account) { + if ($current->id() === $state->id()) { + return TRUE; + } + + // If we don't have a valid transition or we don't have an account then + // all we care about is whether the transition is valid so return. + $valid_transition = $current->canTransitionTo($state->id()); + if (!$valid_transition || !$account) { + return $valid_transition; + } + + // If we have an account object then ensure the user has permission to + // this transition and that it's a valid transition. + $transition = $current->getTransitionTo($state->id()); + return $account->hasPermission(sprintf('use %s transition %s', $workflow->id(), $transition->id())); }); } + $state_labels = array_map(function ($state) { return $state->label(); }, $allowed_states); diff --git a/src/Plugin/Validation/Constraint/WorkflowsFieldContraintValidator.php b/src/Plugin/Validation/Constraint/WorkflowsFieldContraintValidator.php index 8ab1256..a7719cd 100755 --- a/src/Plugin/Validation/Constraint/WorkflowsFieldContraintValidator.php +++ b/src/Plugin/Validation/Constraint/WorkflowsFieldContraintValidator.php @@ -4,7 +4,7 @@ namespace Drupal\workflows_field\Plugin\Validation\Constraint; use Drupal\Core\DependencyInjection\ContainerInjectionInterface; use Drupal\Core\Entity\EntityTypeManagerInterface; -use Drupal\Core\Session\AccountProxy; +use Drupal\Core\Session\AccountInterface; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\Validator\Constraint; use Symfony\Component\Validator\ConstraintValidator; @@ -29,7 +29,7 @@ class WorkflowsFieldContraintValidator extends ConstraintValidator implements Co /** * Creates an instance of WorkflowsFieldContraintValidator. */ - public function __construct(EntityTypeManagerInterface $entityTypeManager, AccountProxy $currentUser) { + public function __construct(EntityTypeManagerInterface $entityTypeManager, AccountInterface $currentUser) { $this->entityTypeManager = $entityTypeManager; $this->currentUser = $currentUser; } @@ -38,7 +38,10 @@ class WorkflowsFieldContraintValidator extends ConstraintValidator implements Co * {@inheritdoc} */ public static function create(ContainerInterface $container) { - return new static($container->get('entity_type.manager'), $container->get('current_user')); + return new static( + $container->get('entity_type.manager'), + $container->get('current_user') + ); } /** @@ -71,7 +74,7 @@ class WorkflowsFieldContraintValidator extends ConstraintValidator implements Co ]); } else { - $transition = $workflow_type->getTransitionFromStateToState($previous_state, $field->state); + $transition = $workflow_type->getTransitionFromStateToState($previous_state, $field->value); if (!$this->currentUser->hasPermission('use ' . $field->getWorkflow()->id() . ' transition ' . $transition->id())) { $this->context->addViolation($constraint->insufficient_permissions_transition, [ '%transition' => $transition->label(),