user_access_test.module in Drupal 9
Same filename and directory in other branches
Dummy module implementing hook_user_access() to test if entity access is respected.
File
core/modules/user/tests/modules/user_access_test/user_access_test.moduleView source
<?php
/**
* @file
* Dummy module implementing hook_user_access() to test if entity access is respected.
*/
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Field\FieldItemListInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\user\Entity\User;
/**
* Implements hook_ENTITY_TYPE_access() for entity type "user".
*/
function user_access_test_user_access(User $entity, $operation, $account) {
if ($entity
->getAccountName() == "no_edit" && $operation == "update") {
// Deny edit access.
return AccessResult::forbidden();
}
if ($entity
->getAccountName() == "no_delete" && $operation == "delete") {
// Deny delete access.
return AccessResult::forbidden();
}
// Account with role sub-admin can manage users with no roles.
if (count($entity
->getRoles()) == 1) {
return AccessResult::allowedIfHasPermission($account, 'sub-admin');
}
return AccessResult::neutral();
}
/**
* Implements hook_entity_create_access().
*/
function user_access_test_entity_create_access(AccountInterface $account, array $context, $entity_bundle) {
if ($context['entity_type_id'] != 'user') {
return AccessResult::neutral();
}
// Account with role sub-admin can create users.
return AccessResult::allowedIfHasPermission($account, 'sub-admin');
}
/**
* Implements hook_entity_field_access().
*/
function user_access_test_entity_field_access($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
// Account with role sub-admin can view the status, init and mail fields for
// user with no roles.
if ($field_definition
->getTargetEntityTypeId() == 'user' && $operation === 'view' && in_array($field_definition
->getName(), [
'status',
'init',
'mail',
])) {
if ($items == NULL || count($items
->getEntity()
->getRoles()) == 1) {
return AccessResult::allowedIfHasPermission($account, 'sub-admin');
}
}
return AccessResult::neutral();
}
Functions
Name | Description |
---|---|
user_access_test_entity_create_access | Implements hook_entity_create_access(). |
user_access_test_entity_field_access | Implements hook_entity_field_access(). |
user_access_test_user_access | Implements hook_ENTITY_TYPE_access() for entity type "user". |