protected function NodeAccessControlHandler::checkAccess in Drupal 10
Same name and namespace in other branches
- 8 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()
- 9 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides EntityAccessControlHandler::checkAccess
File
- core/
modules/ node/ src/ NodeAccessControlHandler.php, line 128
Class
- NodeAccessControlHandler
- Defines the access control handler for the node entity type.
Namespace
Drupal\nodeCode
protected function checkAccess(EntityInterface $node, $operation, AccountInterface $account) {
/** @var \Drupal\node\NodeInterface $node */
// Fetch information from the node object if possible.
$status = $node
->isPublished();
$uid = $node
->getOwnerId();
// Check if authors can view their own unpublished nodes.
if ($operation === 'view' && !$status && $account
->hasPermission('view own unpublished content') && $account
->isAuthenticated() && $account
->id() == $uid) {
return AccessResult::allowed()
->cachePerPermissions()
->cachePerUser()
->addCacheableDependency($node);
}
[
$revision_permission_operation,
$entity_operation,
] = static::REVISION_OPERATION_MAP[$operation] ?? [
NULL,
NULL,
];
// Revision operations.
if ($revision_permission_operation) {
$bundle = $node
->bundle();
// If user doesn't have any of these then quit.
if (!$account
->hasPermission("{$revision_permission_operation} all revisions") && !$account
->hasPermission("{$revision_permission_operation} {$bundle} revisions") && !$account
->hasPermission('administer nodes')) {
return AccessResult::neutral()
->cachePerPermissions();
}
// If the user has the view all revisions permission and this is the view
// all revisions operation then we can allow access.
if ($operation === 'view all revisions') {
return AccessResult::allowed()
->cachePerPermissions();
}
// If this is the default revision, return access denied for revert or
// delete operations.
if ($node
->isDefaultRevision() && ($operation === 'revert revision' || $operation === 'delete revision')) {
return AccessResult::forbidden()
->addCacheableDependency($node);
}
elseif ($account
->hasPermission('administer nodes')) {
return AccessResult::allowed()
->cachePerPermissions();
}
// First check the access to the default revision and finally, if the
// node passed in is not the default revision then check access to
// that, too.
$node_storage = $this->entityTypeManager
->getStorage($node
->getEntityTypeId());
$access = $this
->access($node_storage
->load($node
->id()), $entity_operation, $account, TRUE);
if (!$node
->isDefaultRevision()) {
$access = $access
->andIf($this
->access($node, $entity_operation, $account, TRUE));
}
return $access
->cachePerPermissions()
->addCacheableDependency($node);
}
// Evaluate node grants.
$access_result = $this->grantStorage
->access($node, $operation, $account);
if ($operation === 'view' && $access_result instanceof RefinableCacheableDependencyInterface) {
// Node variations can affect the access to the node. For instance, the
// access result cache varies on the node's published status. Only the
// 'view' node grant can currently be cached. The 'update' and 'delete'
// grants are already marked as uncacheable in the node grant storage.
// @see \Drupal\node\NodeGrantDatabaseStorage::access()
$access_result
->addCacheableDependency($node);
}
return $access_result;
}