You are here

Home » API reference » Entity API 8 » EntityAccessControlHandlerBase.php » EntityAccessControlHandlerBase

protected function EntityAccessControlHandlerBase::checkEntityOwnerPermissions in Entity API 8

Checks the entity operation and bundle permissions, with owners.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update', 'duplicate' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

3 calls to EntityAccessControlHandlerBase::checkEntityOwnerPermissions()
EntityAccessControlHandler::checkEntityOwnerPermissions in src/EntityAccessControlHandler.php
Checks the entity operation and bundle permissions, with owners.
EntityAccessControlHandlerBase::checkAccess in src/EntityAccessControlHandlerBase.php
Performs access checks.
UncacheableEntityAccessControlHandler::checkEntityOwnerPermissions in src/UncacheableEntityAccessControlHandler.php
Checks the entity operation and bundle permissions, with owners.
2 methods override EntityAccessControlHandlerBase::checkEntityOwnerPermissions()
EntityAccessControlHandler::checkEntityOwnerPermissions in src/EntityAccessControlHandler.php
Checks the entity operation and bundle permissions, with owners.
UncacheableEntityAccessControlHandler::checkEntityOwnerPermissions in src/UncacheableEntityAccessControlHandler.php
Checks the entity operation and bundle permissions, with owners.

File

src/EntityAccessControlHandlerBase.php, line 74

Class

EntityAccessControlHandlerBase
@internal

Namespace

Drupal\entity

Code

protected function checkEntityOwnerPermissions(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\user\EntityOwnerInterface $entity */

  // The "any" permission grants access regardless of the entity owner.
  $any_result = AccessResult::allowedIfHasPermissions($account, [
    "{$operation} any {$entity->getEntityTypeId()}",
    "{$operation} any {$entity->bundle()} {$entity->getEntityTypeId()}",
  ], 'OR');
  if ($any_result
    ->isAllowed()) {
    return $any_result;
  }
  if ($account
    ->id() == $entity
    ->getOwnerId()) {
    $own_result = AccessResult::allowedIfHasPermissions($account, [
      "{$operation} own {$entity->getEntityTypeId()}",
      "{$operation} own {$entity->bundle()} {$entity->getEntityTypeId()}",
    ], 'OR');
  }
  else {
    $own_result = AccessResult::neutral()
      ->cachePerPermissions();
  }

  // The "own" permission is based on the current user's ID, so the result
  // must be cached per user.
  return $own_result
    ->cachePerUser();
}