public function QueryAccessHandlerBase::buildConditions in Entity API 8
Builds the conditions for the given operation and user.
Parameters
string $operation: The access operation. Usually one of "view", "update", "duplicate", or "delete".
\Drupal\Core\Session\AccountInterface $account: The user for which to restrict access.
Return value
\Drupal\entity\QueryAccess\ConditionGroup The conditions.
1 call to QueryAccessHandlerBase::buildConditions()
- QueryAccessHandlerBase::getConditions in src/
QueryAccess/ QueryAccessHandlerBase.php - Gets the conditions for the given operation and user.
File
- src/
QueryAccess/ QueryAccessHandlerBase.php, line 109
Class
- QueryAccessHandlerBase
- Provides common logic for query access handlers.
Namespace
Drupal\entity\QueryAccessCode
public function buildConditions($operation, AccountInterface $account) {
$entity_type_id = $this->entityType
->id();
$has_owner = $this->entityType
->entityClassImplements(EntityOwnerInterface::class);
$has_published = $this->entityType
->entityClassImplements(EntityPublishedInterface::class);
// Guard against broken/incomplete entity type definitions.
if ($has_owner && !$this->entityType
->hasKey('owner') && !$this->entityType
->hasKey('uid')) {
throw new \RuntimeException(sprintf('The "%s" entity type did not define an "owner" or "uid" key.', $entity_type_id));
}
if ($has_published && !$this->entityType
->hasKey('published')) {
throw new \RuntimeException(sprintf('The "%s" entity type did not define a "published" key', $entity_type_id));
}
$admin_permission = $this->entityType
->getAdminPermission() ?: "administer {$entity_type_id}";
if ($account
->hasPermission($admin_permission)) {
// The user has full access to all operations, no conditions needed.
$conditions = new ConditionGroup('OR');
$conditions
->addCacheContexts([
'user.permissions',
]);
return $conditions;
}
if ($has_owner) {
$entity_conditions = $this
->buildEntityOwnerConditions($operation, $account);
}
else {
$entity_conditions = $this
->buildEntityConditions($operation, $account);
}
$conditions = NULL;
if ($operation == 'view' && $has_published) {
$owner_key = $this->entityType
->hasKey('owner') ? $this->entityType
->getKey('owner') : $this->entityType
->getKey('uid');
$published_key = $this->entityType
->getKey('published');
$published_conditions = NULL;
$unpublished_conditions = NULL;
if ($entity_conditions) {
// Restrict the existing conditions to published entities only.
$published_conditions = new ConditionGroup('AND');
$published_conditions
->addCacheContexts([
'user.permissions',
]);
$published_conditions
->addCondition($entity_conditions);
$published_conditions
->addCondition($published_key, '1');
}
if ($has_owner && $account
->hasPermission("view own unpublished {$entity_type_id}")) {
$unpublished_conditions = new ConditionGroup('AND');
$unpublished_conditions
->addCacheContexts([
'user',
]);
$unpublished_conditions
->addCondition($owner_key, $account
->id());
$unpublished_conditions
->addCondition($published_key, '0');
}
if ($published_conditions && $unpublished_conditions) {
$conditions = new ConditionGroup('OR');
$conditions
->addCondition($published_conditions);
$conditions
->addCondition($unpublished_conditions);
}
elseif ($published_conditions) {
$conditions = $published_conditions;
}
elseif ($unpublished_conditions) {
$conditions = $unpublished_conditions;
}
}
else {
$conditions = $entity_conditions;
}
if (!$conditions) {
// The user doesn't have access to any entities.
// Falsify the query to ensure no results are returned.
$conditions = new ConditionGroup('OR');
$conditions
->addCacheContexts([
'user.permissions',
]);
$conditions
->alwaysFalse();
}
return $conditions;
}