function jsonapi_jsonapi_node_filter_access in Drupal 9
Same name and namespace in other branches
- 8 core/modules/jsonapi/jsonapi.module \jsonapi_jsonapi_node_filter_access()
- 10 core/modules/jsonapi/jsonapi.module \jsonapi_jsonapi_node_filter_access()
Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'node'.
File
- core/
modules/ jsonapi/ jsonapi.module, line 248 - Module implementation file.
Code
function jsonapi_jsonapi_node_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) {
// @see \Drupal\node\NodeAccessControlHandler::access()
if ($account
->hasPermission('bypass node access')) {
return [
JSONAPI_FILTER_AMONG_ALL => AccessResult::allowed()
->cachePerPermissions(),
];
}
if (!$account
->hasPermission('access content')) {
$forbidden = AccessResult::forbidden("The 'access content' permission is required.")
->cachePerPermissions();
return [
JSONAPI_FILTER_AMONG_ALL => $forbidden,
JSONAPI_FILTER_AMONG_OWN => $forbidden,
JSONAPI_FILTER_AMONG_PUBLISHED => $forbidden,
// For legacy reasons, the Node entity type has a "status" key, so forbid
// this subset as well, even though it has no semantic meaning.
JSONAPI_FILTER_AMONG_ENABLED => $forbidden,
];
}
return [
// @see \Drupal\node\NodeAccessControlHandler::checkAccess()
JSONAPI_FILTER_AMONG_OWN => AccessResult::allowedIfHasPermission($account, 'view own unpublished content'),
// @see \Drupal\node\NodeGrantDatabaseStorage::access()
// Note that:
// - This is just for the default grant. Other node access conditions are
// added via the 'node_access' query tag.
// - Permissions were checked earlier in this function, so we must vary the
// cache by them.
JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowed()
->cachePerPermissions(),
];
}