class NodeRevisionAccessCheck in Drupal 9
Same name and namespace in other branches
- 8 core/modules/node/src/Access/NodeRevisionAccessCheck.php \Drupal\node\Access\NodeRevisionAccessCheck
Provides an access checker for node revisions.
Hierarchy
- class \Drupal\node\Access\NodeRevisionAccessCheck implements AccessInterface
Expanded class hierarchy of NodeRevisionAccessCheck
Related topics
1 file declares its use of NodeRevisionAccessCheck
- EntityAccessChecker.php in core/
modules/ jsonapi/ src/ Access/ EntityAccessChecker.php
1 string reference to 'NodeRevisionAccessCheck'
- node.services.yml in core/
modules/ node/ node.services.yml - core/modules/node/node.services.yml
1 service uses NodeRevisionAccessCheck
- access_check.node.revision in core/
modules/ node/ node.services.yml - Drupal\node\Access\NodeRevisionAccessCheck
File
- core/
modules/ node/ src/ Access/ NodeRevisionAccessCheck.php, line 17
Namespace
Drupal\node\AccessView source
class NodeRevisionAccessCheck implements AccessInterface {
/**
* The node storage.
*
* @var \Drupal\node\NodeStorageInterface
*/
protected $nodeStorage;
/**
* The node access control handler.
*
* @var \Drupal\Core\Entity\EntityAccessControlHandlerInterface
*/
protected $nodeAccess;
/**
* A static cache of access checks.
*
* @var array
*/
protected $access = [];
/**
* Constructs a new NodeRevisionAccessCheck.
*
* @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
* The entity type manager.
*/
public function __construct(EntityTypeManagerInterface $entity_type_manager) {
$this->nodeStorage = $entity_type_manager
->getStorage('node');
$this->nodeAccess = $entity_type_manager
->getAccessControlHandler('node');
}
/**
* Checks routing access for the node revision.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param int $node_revision
* (optional) The node revision ID. If not specified, but $node is, access
* is checked for that object's revision.
* @param \Drupal\node\NodeInterface $node
* (optional) A node object. Used for checking access to a node's default
* revision when $node_revision is unspecified. Ignored when $node_revision
* is specified. If neither $node_revision nor $node are specified, then
* access is denied.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL) {
if ($node_revision) {
$node = $this->nodeStorage
->loadRevision($node_revision);
}
$operation = $route
->getRequirement('_access_node_revision');
return AccessResult::allowedIf($node && $this
->checkAccess($node, $account, $operation))
->cachePerPermissions()
->addCacheableDependency($node);
}
/**
* Checks node revision access.
*
* @param \Drupal\node\NodeInterface $node
* The node to check.
* @param \Drupal\Core\Session\AccountInterface $account
* A user object representing the user for whom the operation is to be
* performed.
* @param string $op
* (optional) The specific operation being checked. Defaults to 'view.'
*
* @return bool
* TRUE if the operation may be performed, FALSE otherwise.
*/
public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view') {
$map = [
'view' => 'view all revisions',
'update' => 'revert all revisions',
'delete' => 'delete all revisions',
];
$bundle = $node
->bundle();
$type_map = [
'view' => "view {$bundle} revisions",
'update' => "revert {$bundle} revisions",
'delete' => "delete {$bundle} revisions",
];
if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// Statically cache access by revision ID, language code, user account ID,
// and operation.
$langcode = $node
->language()
->getId();
$cid = $node
->getRevisionId() . ':' . $langcode . ':' . $account
->id() . ':' . $op;
if (!isset($this->access[$cid])) {
// Perform basic permission checks first.
if (!$account
->hasPermission($map[$op]) && !$account
->hasPermission($type_map[$op]) && !$account
->hasPermission('administer nodes')) {
$this->access[$cid] = FALSE;
return FALSE;
}
// If this is the default revision, return access denied for revert or
// delete operations.
if ($node
->isDefaultRevision() && ($op === 'update' || $op === 'delete')) {
$this->access[$cid] = FALSE;
}
elseif ($account
->hasPermission('administer nodes')) {
$this->access[$cid] = TRUE;
}
else {
// First check the access to the default revision and finally, if the
// node passed in is not the default revision then check access to
// that, too.
$this->access[$cid] = $this->nodeAccess
->access($this->nodeStorage
->load($node
->id()), $op, $account) && ($node
->isDefaultRevision() || $this->nodeAccess
->access($node, $op, $account));
}
}
return $this->access[$cid];
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
NodeRevisionAccessCheck:: |
protected | property | A static cache of access checks. | |
NodeRevisionAccessCheck:: |
protected | property | The node access control handler. | |
NodeRevisionAccessCheck:: |
protected | property | The node storage. | |
NodeRevisionAccessCheck:: |
public | function | Checks routing access for the node revision. | |
NodeRevisionAccessCheck:: |
public | function | Checks node revision access. | |
NodeRevisionAccessCheck:: |
public | function | Constructs a new NodeRevisionAccessCheck. |