You are here

protected function QueryAccessHandlerBase::buildEntityOwnerConditions in Entity API 8

Builds the conditions for entities that have an owner.

Parameters

string $operation: The access operation. Usually one of "view", "update", "duplicate", or "delete".

\Drupal\Core\Session\AccountInterface $account: The user for which to restrict access.

Return value

\Drupal\entity\QueryAccess\ConditionGroup|null The conditions, or NULL if the user doesn't have access to any entity.

2 calls to QueryAccessHandlerBase::buildEntityOwnerConditions()
QueryAccessHandler::buildEntityOwnerConditions in src/QueryAccess/QueryAccessHandler.php
Builds the conditions for entities that have an owner.
QueryAccessHandlerBase::buildConditions in src/QueryAccess/QueryAccessHandlerBase.php
Builds the conditions for the given operation and user.
1 method overrides QueryAccessHandlerBase::buildEntityOwnerConditions()
QueryAccessHandler::buildEntityOwnerConditions in src/QueryAccess/QueryAccessHandler.php
Builds the conditions for entities that have an owner.

File

src/QueryAccess/QueryAccessHandlerBase.php, line 196

Class

QueryAccessHandlerBase
Provides common logic for query access handlers.

Namespace

Drupal\entity\QueryAccess

Code

protected function buildEntityOwnerConditions($operation, AccountInterface $account) {
  $entity_type_id = $this->entityType
    ->id();
  $owner_key = $this->entityType
    ->hasKey('owner') ? $this->entityType
    ->getKey('owner') : $this->entityType
    ->getKey('uid');
  $bundle_key = $this->entityType
    ->getKey('bundle');
  $conditions = new ConditionGroup('OR');
  $conditions
    ->addCacheContexts([
    'user.permissions',
  ]);

  // Any $entity_type permission.
  if ($account
    ->hasPermission("{$operation} any {$entity_type_id}")) {

    // The user has full access, no conditions needed.
    return $conditions;
  }

  // Own $entity_type permission.
  if ($account
    ->hasPermission("{$operation} own {$entity_type_id}")) {
    $conditions
      ->addCacheContexts([
      'user',
    ]);
    $conditions
      ->addCondition($owner_key, $account
      ->id());
  }
  $bundles = array_keys($this->bundleInfo
    ->getBundleInfo($entity_type_id));
  $bundles_with_any_permission = [];
  $bundles_with_own_permission = [];
  foreach ($bundles as $bundle) {
    if ($account
      ->hasPermission("{$operation} any {$bundle} {$entity_type_id}")) {
      $bundles_with_any_permission[] = $bundle;
    }
    if ($account
      ->hasPermission("{$operation} own {$bundle} {$entity_type_id}")) {
      $bundles_with_own_permission[] = $bundle;
    }
  }

  // Any $bundle permission.
  if ($bundles_with_any_permission) {
    $conditions
      ->addCondition($bundle_key, $bundles_with_any_permission);
  }

  // Own $bundle permission.
  if ($bundles_with_own_permission) {
    $conditions
      ->addCacheContexts([
      'user',
    ]);
    $conditions
      ->addCondition((new ConditionGroup('AND'))
      ->addCondition($owner_key, $account
      ->id())
      ->addCondition($bundle_key, $bundles_with_own_permission));
  }
  return $conditions
    ->count() ? $conditions : NULL;
}