You are here

Home » API reference » Entity API 8 » EntityAccessControlHandlerBase.php

class EntityAccessControlHandlerBase in Entity API 8

@internal

Hierarchy

Expanded class hierarchy of EntityAccessControlHandlerBase

File

src/EntityAccessControlHandlerBase.php, line 14

Namespace

Drupal\entity
View source 
class EntityAccessControlHandlerBase extends CoreEntityAccessControlHandler {

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    $account = $this
      ->prepareUser($account);

    /** @var \Drupal\Core\Access\AccessResult $result */
    $result = parent::checkAccess($entity, $operation, $account);
    if ($result
      ->isNeutral()) {
      if ($entity instanceof EntityOwnerInterface) {
        $result = $this
          ->checkEntityOwnerPermissions($entity, $operation, $account);
      }
      else {
        $result = $this
          ->checkEntityPermissions($entity, $operation, $account);
      }
    }

    // Ensure that access is evaluated again when the entity changes.
    return $result
      ->addCacheableDependency($entity);
  }

  /**
   * Checks the entity operation and bundle permissions.
   *
   * @param \Drupal\Core\Entity\EntityInterface $entity
   *   The entity for which to check access.
   * @param string $operation
   *   The entity operation. Usually one of 'view', 'view label', 'update',
   *   'duplicate' or 'delete'.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user for which to check access.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The access result.
   */
  protected function checkEntityPermissions(EntityInterface $entity, $operation, AccountInterface $account) {
    $permissions = [
      "{$operation} {$entity->getEntityTypeId()}",
      "{$operation} {$entity->bundle()} {$entity->getEntityTypeId()}",
    ];
    return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
  }

  /**
   * Checks the entity operation and bundle permissions, with owners.
   *
   * @param \Drupal\Core\Entity\EntityInterface $entity
   *   The entity for which to check access.
   * @param string $operation
   *   The entity operation. Usually one of 'view', 'view label', 'update',
   *   'duplicate' or 'delete'.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user for which to check access.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The access result.
   */
  protected function checkEntityOwnerPermissions(EntityInterface $entity, $operation, AccountInterface $account) {

    /** @var \Drupal\user\EntityOwnerInterface $entity */

    // The "any" permission grants access regardless of the entity owner.
    $any_result = AccessResult::allowedIfHasPermissions($account, [
      "{$operation} any {$entity->getEntityTypeId()}",
      "{$operation} any {$entity->bundle()} {$entity->getEntityTypeId()}",
    ], 'OR');
    if ($any_result
      ->isAllowed()) {
      return $any_result;
    }
    if ($account
      ->id() == $entity
      ->getOwnerId()) {
      $own_result = AccessResult::allowedIfHasPermissions($account, [
        "{$operation} own {$entity->getEntityTypeId()}",
        "{$operation} own {$entity->bundle()} {$entity->getEntityTypeId()}",
      ], 'OR');
    }
    else {
      $own_result = AccessResult::neutral()
        ->cachePerPermissions();
    }

    // The "own" permission is based on the current user's ID, so the result
    // must be cached per user.
    return $own_result
      ->cachePerUser();
  }

  /**
   * {@inheritdoc}
   */
  protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
    $result = parent::checkCreateAccess($account, $context, $entity_bundle);
    if ($result
      ->isNeutral()) {
      $permissions = [
        $this->entityType
          ->getAdminPermission() ?: 'administer ' . $this->entityTypeId,
        'create ' . $this->entityTypeId,
      ];
      if ($entity_bundle) {
        $permissions[] = 'create ' . $entity_bundle . ' ' . $this->entityTypeId;
      }
      $result = AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
    }
    return $result;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
EntityAccessControlHandler::$accessCache protected property Stores calculated access check results.
EntityAccessControlHandler::$entityType protected property Information about the entity type.
EntityAccessControlHandler::$entityTypeId protected property The entity type ID of the access control handler instance.
EntityAccessControlHandler::$viewLabelOperation protected property Allows to grant access to just the labels. 5
EntityAccessControlHandler::access public function Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandlerInterface::access 1
EntityAccessControlHandler::checkFieldAccess protected function Default field access as determined by this access control handler. 4
EntityAccessControlHandler::createAccess public function Checks access to create an entity. Overrides EntityAccessControlHandlerInterface::createAccess 1
EntityAccessControlHandler::fieldAccess public function Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface::fieldAccess
EntityAccessControlHandler::getCache protected function Tries to retrieve a previously cached access value from the static cache.
EntityAccessControlHandler::prepareUser protected function Loads the current account object, if it does not exist yet.
EntityAccessControlHandler::processAccessHookResults protected function We grant access to the entity if both of these conditions are met:
EntityAccessControlHandler::resetCache public function Clears all cached access checks. Overrides EntityAccessControlHandlerInterface::resetCache
EntityAccessControlHandler::setCache protected function Statically caches whether the given user has access.
EntityAccessControlHandler::__construct public function Constructs an access control handler instance. 5
EntityAccessControlHandlerBase::checkAccess protected function Performs access checks. Overrides EntityAccessControlHandler::checkAccess
EntityAccessControlHandlerBase::checkCreateAccess protected function Performs create access checks. Overrides EntityAccessControlHandler::checkCreateAccess
EntityAccessControlHandlerBase::checkEntityOwnerPermissions protected function Checks the entity operation and bundle permissions, with owners. 2
EntityAccessControlHandlerBase::checkEntityPermissions protected function Checks the entity operation and bundle permissions.
EntityHandlerBase::$moduleHandler protected property The module handler to invoke hooks on. 2
EntityHandlerBase::moduleHandler protected function Gets the module handler. 2
EntityHandlerBase::setModuleHandler public function Sets the module handler for this handler.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.