You are here

Home » API reference » Entity API 8 » QueryAccessSubscriber.php » QueryAccessSubscriber

public function QueryAccessSubscriber::onQueryAccess in Entity API 8

Modifies the access conditions based on the current user.

This is just a convenient example for testing. A real subscriber would ignore the account and extend the conditions to cover additional factors, such as a custom entity field.

Parameters

\Drupal\entity\QueryAccess\QueryAccessEvent $event: The event.

File

tests/modules/entity_module_test/src/EventSubscriber/QueryAccessSubscriber.php, line 58

Class

QueryAccessSubscriber

Namespace

Drupal\entity_module_test\EventSubscriber

Code

public function onQueryAccess(QueryAccessEvent $event) {
  $conditions = $event
    ->getConditions();
  $email = $event
    ->getAccount()
    ->getEmail();
  if ($email == 'user1@example.com') {

    // This user should not have access to any entities.
    $conditions
      ->alwaysFalse();
  }
  elseif ($email == 'user2@example.com') {

    // This user should have access to entities with the IDs 1, 2, and 3.
    // The query access handler might have already set ->alwaysFalse()
    // due to the user not having any other access, so we make sure
    // to undo it with $conditions->alwaysFalse(TRUE).
    $conditions
      ->alwaysFalse(FALSE);
    $conditions
      ->addCondition('id', [
      '1',
      '2',
      '3',
    ]);
  }
  elseif ($email == 'user3@example.com') {

    // This user should only have access to entities assigned to "marketing",
    // or unassigned entities.
    $conditions
      ->alwaysFalse(FALSE);
    $conditions
      ->addCondition((new ConditionGroup('OR'))
      ->addCondition('assigned', NULL, 'IS NULL')
      ->addCondition('assigned.value', 'marketing'));
  }
}