protected function EntityAccessControlHandler::checkEntityOwnerPermissions in Entity API 8
Checks the entity operation and bundle permissions, with owners.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update', 'duplicate' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides EntityAccessControlHandlerBase::checkEntityOwnerPermissions
File
- src/
EntityAccessControlHandler.php, line 32
Class
- EntityAccessControlHandler
- Controls access based on the generic entity permissions.
Namespace
Drupal\entityCode
protected function checkEntityOwnerPermissions(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\user\EntityOwnerInterface $entity */
if ($operation === 'view') {
if ($entity instanceof EntityPublishedInterface && !$entity
->isPublished()) {
if ($account
->id() != $entity
->getOwnerId()) {
// There's no permission for viewing other user's unpublished entity.
return AccessResult::neutral()
->cachePerUser();
}
$permissions = [
"view own unpublished {$entity->getEntityTypeId()}",
];
$result = AccessResult::allowedIfHasPermissions($account, $permissions)
->cachePerUser();
}
else {
$result = AccessResult::allowedIfHasPermissions($account, [
"view {$entity->getEntityTypeId()}",
"view {$entity->bundle()} {$entity->getEntityTypeId()}",
], 'OR');
}
}
else {
$result = parent::checkEntityOwnerPermissions($entity, $operation, $account);
}
return $result;
}