class FileEntityAccessControlHandler in File Entity (fieldable files) 8.2
Defines the access control handler for the file entity type.
Hierarchy
- class \Drupal\Core\Entity\EntityHandlerBase uses DependencySerializationTrait, StringTranslationTrait
- class \Drupal\Core\Entity\EntityAccessControlHandler implements EntityAccessControlHandlerInterface
- class \Drupal\file\FileAccessControlHandler
- class \Drupal\file_entity\FileEntityAccessControlHandler
- class \Drupal\file\FileAccessControlHandler
- class \Drupal\Core\Entity\EntityAccessControlHandler implements EntityAccessControlHandlerInterface
Expanded class hierarchy of FileEntityAccessControlHandler
1 file declares its use of FileEntityAccessControlHandler
- FileEntityAccessTest.php in tests/
src/ Functional/ FileEntityAccessTest.php
File
- src/
FileEntityAccessControlHandler.php, line 16
Namespace
Drupal\file_entityView source
class FileEntityAccessControlHandler extends FileAccessControlHandler {
/**
* {@inheritdoc}
*/
public function access(EntityInterface $entity, $operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
$account = $this
->prepareUser($account);
$result = AccessResult::allowedIfHasPermission($account, 'bypass file access')
->orIf(parent::access($entity, $operation, $account, TRUE));
return $return_as_object ? $result : $result
->isAllowed();
}
/**
* {@inheritdoc}
*/
public function createAccess($entity_bundle = NULL, AccountInterface $account = NULL, array $context = array(), $return_as_object = FALSE) {
$account = $this
->prepareUser($account);
$result = AccessResult::allowedIfHasPermission($account, 'bypass file access')
->orIf(parent::createAccess($entity_bundle, $account, $context, TRUE));
return $return_as_object ? $result : $result
->isAllowed();
}
/**
* {@inheritdoc}
*/
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermission($account, 'create files');
}
/**
* {@inheritdoc}
*/
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var FileEntity $entity */
$is_owner = $entity
->getOwnerId() === $account
->id();
if ($operation == 'view') {
$schemes = file_entity_get_public_and_private_stream_wrapper_names();
if (isset($schemes['private'][StreamWrapperManager::getScheme($entity
->getFileUri())])) {
return AccessResult::allowedIfHasPermission($account, 'view private files')
->orIf(AccessResult::allowedIf($account
->isAuthenticated() && $is_owner)
->addCacheableDependency($entity)
->andIf(AccessResult::allowedIfHasPermission($account, 'view own private files')));
}
elseif ($entity
->isPermanent()) {
return AccessResult::allowedIfHasPermission($account, 'view files')
->orIf(AccessResult::allowedIf($is_owner)
->addCacheableDependency($entity)
->andIf(AccessResult::allowedIfHasPermission($account, 'view own files')));
}
}
// Public files can always be downloaded, fix for regression after
// SA-CORE-2020-011.
if ($operation == 'download' && StreamWrapperManager::getScheme($entity
->getFileUri()) == 'public') {
return AccessResult::allowed();
}
// User can perform these operations if they have the "any" permission or if
// they own it and have the "own" permission.
if (in_array($operation, array(
'download',
'update',
'delete',
))) {
$permission_action = $operation == 'update' ? 'edit' : $operation;
$type = $entity
->get('type')->target_id;
return AccessResult::allowedIfHasPermission($account, "{$permission_action} any {$type} files")
->orIf(AccessResult::allowedIf($is_owner)
->addCacheableDependency($entity)
->andIf(AccessResult::allowedIfHasPermission($account, "{$permission_action} own {$type} files")));
}
// Fall back to the parent implementation so that file uploads work.
// @todo Merge that in here somehow?
return parent::checkAccess($entity, $operation, $account);
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
DependencySerializationTrait:: |
protected | property | An array of entity type IDs keyed by the property name of their storages. | |
|
DependencySerializationTrait:: |
protected | property | An array of service IDs keyed by property name used for serialization. | |
|
DependencySerializationTrait:: |
public | function | 1 | |
|
DependencySerializationTrait:: |
public | function | 2 | |
|
EntityAccessControlHandler:: |
protected | property | Stores calculated access check results. | |
|
EntityAccessControlHandler:: |
protected | property | Information about the entity type. | |
|
EntityAccessControlHandler:: |
protected | property | The entity type ID of the access control handler instance. | |
|
EntityAccessControlHandler:: |
protected | property | Allows to grant access to just the labels. | 5 |
|
EntityAccessControlHandler:: |
public | function |
Checks access to an operation on a given entity field. Overrides EntityAccessControlHandlerInterface:: |
|
|
EntityAccessControlHandler:: |
protected | function | Tries to retrieve a previously cached access value from the static cache. | |
|
EntityAccessControlHandler:: |
protected | function | Loads the current account object, if it does not exist yet. | |
|
EntityAccessControlHandler:: |
protected | function | We grant access to the entity if both of these conditions are met: | |
|
EntityAccessControlHandler:: |
public | function |
Clears all cached access checks. Overrides EntityAccessControlHandlerInterface:: |
|
|
EntityAccessControlHandler:: |
protected | function | Statically caches whether the given user has access. | |
|
EntityAccessControlHandler:: |
public | function | Constructs an access control handler instance. | 5 |
|
EntityHandlerBase:: |
protected | property | The module handler to invoke hooks on. | 2 |
|
EntityHandlerBase:: |
protected | function | Gets the module handler. | 2 |
|
EntityHandlerBase:: |
public | function | Sets the module handler for this handler. | |
|
FileAccessControlHandler:: |
protected | function |
Default field access as determined by this access control handler. Overrides EntityAccessControlHandler:: |
|
|
FileAccessControlHandler:: |
protected | function | Wrapper for file_get_file_references(). | |
|
FileEntityAccessControlHandler:: |
public | function |
Checks access to an operation on a given entity or entity translation. Overrides EntityAccessControlHandler:: |
|
|
FileEntityAccessControlHandler:: |
protected | function |
Performs access checks. Overrides FileAccessControlHandler:: |
|
|
FileEntityAccessControlHandler:: |
protected | function |
Performs create access checks. Overrides FileAccessControlHandler:: |
|
|
FileEntityAccessControlHandler:: |
public | function |
Checks access to create an entity. Overrides EntityAccessControlHandler:: |
|
|
StringTranslationTrait:: |
protected | property | The string translation service. | 1 |
|
StringTranslationTrait:: |
protected | function | Formats a string containing a count of items. | |
|
StringTranslationTrait:: |
protected | function | Returns the number of plurals supported by a given language. | |
|
StringTranslationTrait:: |
protected | function | Gets the string translation service. | |
|
StringTranslationTrait:: |
public | function | Sets the string translation service to use. | 2 |
|
StringTranslationTrait:: |
protected | function | Translates a string to the current language or to a given language. |