public function EntityAccessControlHandler::access in Drupal 9
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php \Drupal\Core\Entity\EntityAccessControlHandler::access()
- 10 core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php \Drupal\Core\Entity\EntityAccessControlHandler::access()
Checks access to an operation on a given entity or entity translation.
Use \Drupal\Core\Entity\EntityAccessControlHandlerInterface::createAccess() to check access to create an entity.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The operation access should be checked for. Usually one of "view", "view label", "update" or "delete".
\Drupal\Core\Session\AccountInterface $account: (optional) The user session for which to check access, or NULL to check access for the current user. Defaults to NULL.
bool $return_as_object: (optional) Defaults to FALSE.
Return value
bool|\Drupal\Core\Access\AccessResultInterface The access result. Returns a boolean if $return_as_object is FALSE (this is the default) and otherwise an AccessResultInterface object. When a boolean is returned, the result of AccessInterface::isAllowed() is returned, i.e. TRUE means access is explicitly allowed, FALSE means access is either explicitly forbidden or "no opinion".
Overrides EntityAccessControlHandlerInterface::access
1 method overrides EntityAccessControlHandler::access()
- NodeAccessControlHandler::access in core/
modules/ node/ src/ NodeAccessControlHandler.php - Checks access to an operation on a given entity or entity translation.
File
- core/
lib/ Drupal/ Core/ Entity/ EntityAccessControlHandler.php, line 61
Class
- EntityAccessControlHandler
- Defines a default implementation for entity access control handler.
Namespace
Drupal\Core\EntityCode
public function access(EntityInterface $entity, $operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
$account = $this
->prepareUser($account);
$langcode = $entity
->language()
->getId();
if ($operation === 'view label' && $this->viewLabelOperation == FALSE) {
$operation = 'view';
}
// If an entity does not have a UUID, either from not being set or from not
// having them, use the 'entity type:ID' pattern as the cache $cid.
$cid = $entity
->uuid() ?: $entity
->getEntityTypeId() . ':' . $entity
->id();
// If the entity is revisionable, then append the revision ID to allow
// individual revisions to have specific access control and be cached
// separately.
if ($entity instanceof RevisionableInterface) {
/** @var \Drupal\Core\Entity\RevisionableInterface $entity */
$cid .= ':' . $entity
->getRevisionId();
}
if (($return = $this
->getCache($cid, $operation, $langcode, $account)) !== NULL) {
// Cache hit, no work necessary.
return $return_as_object ? $return : $return
->isAllowed();
}
// Invoke hook_entity_access() and hook_ENTITY_TYPE_access(). Hook results
// take precedence over overridden implementations of
// EntityAccessControlHandler::checkAccess(). Entities that have checks that
// need to be done before the hook is invoked should do so by overriding
// this method.
// We grant access to the entity if both of these conditions are met:
// - No modules say to deny access.
// - At least one module says to grant access.
$access = array_merge($this
->moduleHandler()
->invokeAll('entity_access', [
$entity,
$operation,
$account,
]), $this
->moduleHandler()
->invokeAll($entity
->getEntityTypeId() . '_access', [
$entity,
$operation,
$account,
]));
$return = $this
->processAccessHookResults($access);
// Also execute the default access check except when the access result is
// already forbidden, as in that case, it can not be anything else.
if (!$return
->isForbidden()) {
$return = $return
->orIf($this
->checkAccess($entity, $operation, $account));
}
$result = $this
->setCache($return, $cid, $operation, $langcode, $account);
return $return_as_object ? $result : $result
->isAllowed();
}