protected function EntityAccessControlHandler::checkEntityOwnerPermissions in Entity API 8

Checks the entity operation and bundle permissions, with owners.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update', 'duplicate' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandlerBase::checkEntityOwnerPermissions

File

src/EntityAccessControlHandler.php, line 32

Class

EntityAccessControlHandler: Controls access based on the generic entity permissions.

Namespace

Drupal\entity

Code

protected function checkEntityOwnerPermissions(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\user\EntityOwnerInterface $entity */
  if ($operation === 'view') {
    if ($entity instanceof EntityPublishedInterface && !$entity
      ->isPublished()) {
      if ($account
        ->id() != $entity
        ->getOwnerId()) {

        // There's no permission for viewing other user's unpublished entity.
        return AccessResult::neutral()
          ->cachePerUser();
      }
      $permissions = [
        "view own unpublished {$entity->getEntityTypeId()}",
      ];
      $result = AccessResult::allowedIfHasPermissions($account, $permissions)
        ->cachePerUser();
    }
    else {
      $result = AccessResult::allowedIfHasPermissions($account, [
        "view {$entity->getEntityTypeId()}",
        "view {$entity->bundle()} {$entity->getEntityTypeId()}",
      ], 'OR');
    }
  }
  else {
    $result = parent::checkEntityOwnerPermissions($entity, $operation, $account);
  }
  return $result;
}

You are here