public function EntityDeleteMultipleAccessCheck::access in Drupal 9
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Entity/EntityDeleteMultipleAccessCheck.php \Drupal\Core\Entity\EntityDeleteMultipleAccessCheck::access()
Checks if the user has delete access for at least one item of the store.
Parameters
\Drupal\Core\Session\AccountInterface $account: Run access checks for this account.
string $entity_type_id: Entity type ID.
Return value
\Drupal\Core\Access\AccessResult Allowed or forbidden, neutral if tempstore is empty.
File
- core/
lib/ Drupal/ Core/ Entity/ EntityDeleteMultipleAccessCheck.php, line 64
Class
- EntityDeleteMultipleAccessCheck
- Checks if the current user has delete access to the items of the tempstore.
Namespace
Drupal\Core\EntityCode
public function access(AccountInterface $account, $entity_type_id) {
if (!$this->requestStack
->getCurrentRequest()
->hasSession()) {
return AccessResult::neutral();
}
$selection = $this->tempStore
->get($account
->id() . ':' . $entity_type_id);
if (empty($selection) || !is_array($selection)) {
return AccessResult::neutral();
}
$entities = $this->entityTypeManager
->getStorage($entity_type_id)
->loadMultiple(array_keys($selection));
foreach ($entities as $entity) {
// As long as the user has access to delete one entity allow access to the
// delete form. Access will be checked again in
// Drupal\Core\Entity\Form\DeleteMultipleForm::submit() in case it has
// changed in the meantime.
if ($entity
->access('delete', $account)) {
return AccessResult::allowed();
}
}
return AccessResult::forbidden();
}