protected function FileEntityAccessControlHandler::checkAccess in File Entity (fieldable files) 8.2
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides FileAccessControlHandler::checkAccess
File
- src/
FileEntityAccessControlHandler.php, line 48
Class
- FileEntityAccessControlHandler
- Defines the access control handler for the file entity type.
Namespace
Drupal\file_entityCode
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var FileEntity $entity */
$is_owner = $entity
->getOwnerId() === $account
->id();
if ($operation == 'view') {
$schemes = file_entity_get_public_and_private_stream_wrapper_names();
if (isset($schemes['private'][StreamWrapperManager::getScheme($entity
->getFileUri())])) {
return AccessResult::allowedIfHasPermission($account, 'view private files')
->orIf(AccessResult::allowedIf($account
->isAuthenticated() && $is_owner)
->addCacheableDependency($entity)
->andIf(AccessResult::allowedIfHasPermission($account, 'view own private files')));
}
elseif ($entity
->isPermanent()) {
return AccessResult::allowedIfHasPermission($account, 'view files')
->orIf(AccessResult::allowedIf($is_owner)
->addCacheableDependency($entity)
->andIf(AccessResult::allowedIfHasPermission($account, 'view own files')));
}
}
// Public files can always be downloaded, fix for regression after
// SA-CORE-2020-011.
if ($operation == 'download' && StreamWrapperManager::getScheme($entity
->getFileUri()) == 'public') {
return AccessResult::allowed();
}
// User can perform these operations if they have the "any" permission or if
// they own it and have the "own" permission.
if (in_array($operation, array(
'download',
'update',
'delete',
))) {
$permission_action = $operation == 'update' ? 'edit' : $operation;
$type = $entity
->get('type')->target_id;
return AccessResult::allowedIfHasPermission($account, "{$permission_action} any {$type} files")
->orIf(AccessResult::allowedIf($is_owner)
->addCacheableDependency($entity)
->andIf(AccessResult::allowedIfHasPermission($account, "{$permission_action} own {$type} files")));
}
// Fall back to the parent implementation so that file uploads work.
// @todo Merge that in here somehow?
return parent::checkAccess($entity, $operation, $account);
}