You are here

public function EntityDeleteMultipleAccessCheck::access in Drupal 9

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Entity/EntityDeleteMultipleAccessCheck.php \Drupal\Core\Entity\EntityDeleteMultipleAccessCheck::access()

Checks if the user has delete access for at least one item of the store.

Parameters

\Drupal\Core\Session\AccountInterface $account: Run access checks for this account.

string $entity_type_id: Entity type ID.

Return value

\Drupal\Core\Access\AccessResult Allowed or forbidden, neutral if tempstore is empty.

File

core/lib/Drupal/Core/Entity/EntityDeleteMultipleAccessCheck.php, line 64

Class

EntityDeleteMultipleAccessCheck
Checks if the current user has delete access to the items of the tempstore.

Namespace

Drupal\Core\Entity

Code

public function access(AccountInterface $account, $entity_type_id) {
  if (!$this->requestStack
    ->getCurrentRequest()
    ->hasSession()) {
    return AccessResult::neutral();
  }
  $selection = $this->tempStore
    ->get($account
    ->id() . ':' . $entity_type_id);
  if (empty($selection) || !is_array($selection)) {
    return AccessResult::neutral();
  }
  $entities = $this->entityTypeManager
    ->getStorage($entity_type_id)
    ->loadMultiple(array_keys($selection));
  foreach ($entities as $entity) {

    // As long as the user has access to delete one entity allow access to the
    // delete form. Access will be checked again in
    // Drupal\Core\Entity\Form\DeleteMultipleForm::submit() in case it has
    // changed in the meantime.
    if ($entity
      ->access('delete', $account)) {
      return AccessResult::allowed();
    }
  }
  return AccessResult::forbidden();
}