You are here

Home » API reference » Entity API 8 » EntityRevisionRouteAccessChecker.php » EntityRevisionRouteAccessChecker

protected function EntityRevisionRouteAccessChecker::checkAccess in Entity API 8

Same name and namespace in other branches
  1. 8.0 src/Access/EntityRevisionRouteAccessChecker.php \Drupal\entity\Access\EntityRevisionRouteAccessChecker::checkAccess()

Performs access checks.

Parameters

\Drupal\Core\Entity\ContentEntityInterface $entity: The entity for which to check access.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

Return value

bool The access result.

File

src/Access/EntityRevisionRouteAccessChecker.php, line 86

Class

EntityRevisionRouteAccessChecker
Checks access to a entity revision.

Namespace

Drupal\entity\Access

Code

protected function checkAccess(ContentEntityInterface $entity, AccountInterface $account, $operation = 'view') {
  $entity_type = $entity
    ->getEntityType();
  $entity_type_id = $entity
    ->getEntityTypeId();
  $entity_access = $this->entityTypeManager
    ->getAccessControlHandler($entity_type_id);

  /** @var \Drupal\Core\Entity\EntityStorageInterface $entity_storage */
  $entity_storage = $this->entityTypeManager
    ->getStorage($entity_type_id);
  $map = [
    'view' => "view all {$entity_type_id} revisions",
    'list' => "view all {$entity_type_id} revisions",
    'update' => "revert all {$entity_type_id} revisions",
    'delete' => "delete all {$entity_type_id} revisions",
  ];
  $bundle = $entity
    ->bundle();
  $type_map = [
    'view' => "view {$entity_type_id} {$bundle} revisions",
    'list' => "view {$entity_type_id} {$bundle} revisions",
    'update' => "revert {$entity_type_id} {$bundle} revisions",
    'delete' => "delete {$entity_type_id} {$bundle} revisions",
  ];
  if (!$entity || !isset($map[$operation]) || !isset($type_map[$operation])) {

    // If there was no node to check against, or the $op was not one of the
    // supported ones, we return access denied.
    return FALSE;
  }

  // Statically cache access by revision ID, language code, user account ID,
  // and operation.
  $langcode = $entity
    ->language()
    ->getId();
  $cid = $entity
    ->getRevisionId() . ':' . $langcode . ':' . $account
    ->id() . ':' . $operation;
  if (!isset($this->accessCache[$cid])) {
    $admin_permission = $entity_type
      ->getAdminPermission();

    // Perform basic permission checks first.
    if (!$account
      ->hasPermission($map[$operation]) && !$account
      ->hasPermission($type_map[$operation]) && ($admin_permission && !$account
      ->hasPermission($admin_permission))) {
      $this->accessCache[$cid] = FALSE;
      return FALSE;
    }
    if (($admin_permission = $entity_type
      ->getAdminPermission()) && $account
      ->hasPermission($admin_permission)) {
      $this->accessCache[$cid] = TRUE;
    }
    else {

      // Entity access handlers are generally not aware of the "list" operation.
      $operation = $operation == 'list' ? 'view' : $operation;

      // First check the access to the default revision and finally, if the
      // node passed in is not the default revision then access to that, too.
      $this->accessCache[$cid] = $entity_access
        ->access($entity_storage
        ->load($entity
        ->id()), $operation, $account) && ($entity
        ->isDefaultRevision() || $entity_access
        ->access($entity, $operation, $account));
    }
  }
  return $this->accessCache[$cid];
}