You are here

protected function BundleEntityAccessControlHandler::checkAccess in Entity API 8

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

src/BundleEntityAccessControlHandler.php, line 26

Class

BundleEntityAccessControlHandler
Controls access to bundle entities.

Namespace

Drupal\entity

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  if ($operation === 'view label') {
    $bundle = $entity
      ->id();
    $entity_type_id = $this->entityType
      ->getBundleOf();
    $permissions = [
      $this->entityType
        ->getAdminPermission() ?: "administer {$entity_type_id}",
      // View permissions provided by EntityPermissionProvider.
      "view {$entity_type_id}",
      "view {$bundle} {$entity_type_id}",
      // View permissions provided by UncacheableEntityPermissionProvider.
      "view own {$entity_type_id}",
      "view any {$entity_type_id}",
      "view own {$bundle} {$entity_type_id}",
      "view any {$bundle} {$entity_type_id}",
    ];
    return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
  }
  else {
    return parent::checkAccess($entity, $operation, $account);
  }
}