You are here

class EntityDeleteMultipleAccessCheck in Drupal 9

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Entity/EntityDeleteMultipleAccessCheck.php \Drupal\Core\Entity\EntityDeleteMultipleAccessCheck
  2. 10 core/lib/Drupal/Core/Entity/EntityDeleteMultipleAccessCheck.php \Drupal\Core\Entity\EntityDeleteMultipleAccessCheck

Checks if the current user has delete access to the items of the tempstore.

Hierarchy

Expanded class hierarchy of EntityDeleteMultipleAccessCheck

1 string reference to 'EntityDeleteMultipleAccessCheck'
core.services.yml in core/core.services.yml
core/core.services.yml
1 service uses EntityDeleteMultipleAccessCheck
access_check.entity_delete_multiple in core/core.services.yml
Drupal\Core\Entity\EntityDeleteMultipleAccessCheck

File

core/lib/Drupal/Core/Entity/EntityDeleteMultipleAccessCheck.php, line 14

Namespace

Drupal\Core\Entity
View source
class EntityDeleteMultipleAccessCheck implements AccessInterface {

  /**
   * The entity type manager.
   *
   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
   */
  protected $entityTypeManager;

  /**
   * The tempstore service.
   *
   * @var \Drupal\Core\TempStore\PrivateTempStoreFactory
   */
  protected $tempStore;

  /**
   * Request stack service.
   *
   * @var \Symfony\Component\HttpFoundation\RequestStack
   */
  protected $requestStack;

  /**
   * Constructs a new EntityDeleteMultipleAccessCheck.
   *
   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
   *   The entity type manager.
   * @param \Drupal\Core\TempStore\PrivateTempStoreFactory $temp_store_factory
   *   The tempstore service.
   * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
   *   The request stack service.
   */
  public function __construct(EntityTypeManagerInterface $entity_type_manager, PrivateTempStoreFactory $temp_store_factory, RequestStack $request_stack) {
    $this->entityTypeManager = $entity_type_manager;
    $this->tempStore = $temp_store_factory
      ->get('entity_delete_multiple_confirm');
    $this->requestStack = $request_stack;
  }

  /**
   * Checks if the user has delete access for at least one item of the store.
   *
   * @param \Drupal\Core\Session\AccountInterface $account
   *   Run access checks for this account.
   * @param string $entity_type_id
   *   Entity type ID.
   *
   * @return \Drupal\Core\Access\AccessResult
   *   Allowed or forbidden, neutral if tempstore is empty.
   */
  public function access(AccountInterface $account, $entity_type_id) {
    if (!$this->requestStack
      ->getCurrentRequest()
      ->hasSession()) {
      return AccessResult::neutral();
    }
    $selection = $this->tempStore
      ->get($account
      ->id() . ':' . $entity_type_id);
    if (empty($selection) || !is_array($selection)) {
      return AccessResult::neutral();
    }
    $entities = $this->entityTypeManager
      ->getStorage($entity_type_id)
      ->loadMultiple(array_keys($selection));
    foreach ($entities as $entity) {

      // As long as the user has access to delete one entity allow access to the
      // delete form. Access will be checked again in
      // Drupal\Core\Entity\Form\DeleteMultipleForm::submit() in case it has
      // changed in the meantime.
      if ($entity
        ->access('delete', $account)) {
        return AccessResult::allowed();
      }
    }
    return AccessResult::forbidden();
  }

}

Members

Namesort descending Modifiers Type Description Overrides
EntityDeleteMultipleAccessCheck::$entityTypeManager protected property The entity type manager.
EntityDeleteMultipleAccessCheck::$requestStack protected property Request stack service.
EntityDeleteMultipleAccessCheck::$tempStore protected property The tempstore service.
EntityDeleteMultipleAccessCheck::access public function Checks if the user has delete access for at least one item of the store.
EntityDeleteMultipleAccessCheck::__construct public function Constructs a new EntityDeleteMultipleAccessCheck.