public function FieldAccess::handle in Commerce Cart API 8
Handle field access.
Parameters
string $operation: The operation to be performed. See \Drupal\Core\Entity\EntityAccessControlHandlerInterface::fieldAccess() for possible values.
\Drupal\Core\Field\FieldDefinitionInterface $field_definition: The field definition.
\Drupal\Core\Session\AccountInterface $account: The user account to check.
\Drupal\Core\Field\FieldItemListInterface $items: (optional) The entity field object for which to check access, or NULL if access is checked for the field definition, without any specific value available. Defaults to NULL.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides FieldAccessInterface::handle
File
- src/
FieldAccess.php, line 34
Class
Namespace
Drupal\commerce_cart_apiCode
public function handle($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
$route = $this->routeMatch
->getRouteObject();
// Only check access if this is running on our API routes.
if (!$route || !$route
->hasRequirement('_cart_api')) {
return AccessResult::neutral();
}
$entity_type_id = $field_definition
->getTargetEntityTypeId();
$method = 'allowed' . Container::camelize("{$entity_type_id}_fields");
if (method_exists($this, $method)) {
$allowed_fields = $this
->{$method}($operation, $field_definition, $account, $items) ?: [];
return AccessResult::forbiddenIf(!in_array($field_definition
->getName(), $allowed_fields, TRUE));
}
if ($operation === 'view') {
// Disallow access to generic entity fields for any other entity which
// has been normalized and being returns (like purchasable entities.)
$disallowed_fields = [
'created',
'changed',
'default_langcode',
'langcode',
'status',
'uid',
];
return AccessResult::forbiddenIf(in_array($field_definition
->getName(), $disallowed_fields, TRUE));
}
return AccessResult::neutral();
}