You are here

trait EntityResourceAccessTrait in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php \Drupal\rest\Plugin\rest\resource\EntityResourceAccessTrait
  2. 10 core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php \Drupal\rest\Plugin\rest\resource\EntityResourceAccessTrait

@internal @todo Consider making public in https://www.drupal.org/node/2300677

Hierarchy

1 file declares its use of EntityResourceAccessTrait
UserRegistrationResource.php in core/modules/user/src/Plugin/rest/resource/UserRegistrationResource.php

File

core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php, line 12

Namespace

Drupal\rest\Plugin\rest\resource
View source
trait EntityResourceAccessTrait {

  /**
   * Performs edit access checks for fields.
   *
   * @param \Drupal\Core\Entity\EntityInterface $entity
   *   The entity whose fields edit access should be checked for.
   *
   * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
   *   Throws access denied when the user does not have permissions to edit a
   *   field.
   */
  protected function checkEditFieldAccess(EntityInterface $entity) {

    // Only check 'edit' permissions for fields that were actually submitted by
    // the user. Field access makes no difference between 'create' and 'update',
    // so the 'edit' operation is used here.
    foreach ($entity->_restSubmittedFields as $key => $field_name) {
      if (!$entity
        ->get($field_name)
        ->access('edit')) {
        throw new AccessDeniedHttpException("Access denied on creating field '{$field_name}'.");
      }
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
EntityResourceAccessTrait::checkEditFieldAccess protected function Performs edit access checks for fields.