You are here

Home » API reference » Drupal 10 » EntityResourceAccessTrait.php » EntityResourceAccessTrait

protected function EntityResourceAccessTrait::checkEditFieldAccess in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php \Drupal\rest\Plugin\rest\resource\EntityResourceAccessTrait::checkEditFieldAccess()
  2. 9 core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php \Drupal\rest\Plugin\rest\resource\EntityResourceAccessTrait::checkEditFieldAccess()

Performs edit access checks for fields.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity whose fields edit access should be checked for.

Throws

\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException Throws access denied when the user does not have permissions to edit a field.

1 call to EntityResourceAccessTrait::checkEditFieldAccess()
EntityResource::post in core/modules/rest/src/Plugin/rest/resource/EntityResource.php
Responds to entity POST requests and saves the new entity.

File

core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php, line 24

Class

EntityResourceAccessTrait
@internal @todo Consider making public in https://www.drupal.org/node/2300677

Namespace

Drupal\rest\Plugin\rest\resource

Code

protected function checkEditFieldAccess(EntityInterface $entity) {

  // Only check 'edit' permissions for fields that were actually submitted by
  // the user. Field access makes no difference between 'create' and 'update',
  // so the 'edit' operation is used here.
  foreach ($entity->_restSubmittedFields as $field_name) {
    if (!$entity
      ->get($field_name)
      ->access('edit')) {
      throw new AccessDeniedHttpException("Access denied on creating field '{$field_name}'.");
    }
  }
}