You are here

public function CommentFieldItemList::access in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/comment/src/CommentFieldItemList.php \Drupal\comment\CommentFieldItemList::access()
  2. 9 core/modules/comment/src/CommentFieldItemList.php \Drupal\comment\CommentFieldItemList::access()

Checks data value access.

Parameters

string $operation: The operation to be performed.

\Drupal\Core\Session\AccountInterface $account: (optional) The user for which to check access, or NULL to check access for the current user. Defaults to NULL.

bool $return_as_object: (optional) Defaults to FALSE.

Return value

bool|\Drupal\Core\Access\AccessResultInterface The access result. Returns a boolean if $return_as_object is FALSE (this is the default) and otherwise an AccessResultInterface object. When a boolean is returned, the result of AccessInterface::isAllowed() is returned, i.e. TRUE means access is explicitly allowed, FALSE means access is either explicitly forbidden or "no opinion".

Overrides FieldItemList::access

File

core/modules/comment/src/CommentFieldItemList.php, line 46

Class

CommentFieldItemList
Defines an item list class for comment fields.

Namespace

Drupal\comment

Code

public function access($operation = 'view', AccountInterface $account = NULL, $return_as_object = FALSE) {
  if ($operation === 'edit') {

    // Only users with administer comments permission can edit the comment
    // status field.
    $result = AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'administer comments');
    return $return_as_object ? $result : $result
      ->isAllowed();
  }
  if ($operation === 'view') {

    // Only users with "post comments" or "access comments" permission can
    // view the field value. The formatter,
    // Drupal\comment\Plugin\Field\FieldFormatter\CommentDefaultFormatter,
    // takes care of showing the thread and form based on individual
    // permissions, so if a user only has ‘post comments’ access, only the
    // form will be shown and not the comments.
    $result = AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'access comments')
      ->orIf(AccessResult::allowedIfHasPermission($account ?: \Drupal::currentUser(), 'post comments'));
    return $return_as_object ? $result : $result
      ->isAllowed();
  }
  return parent::access($operation, $account, $return_as_object);
}