protected function EntityResource::relationshipAccess in JSON:API 8
Check the access to update the entity and the presence of a relationship.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity.
string $operation: The operation to test.
string $related_field: The name of the field to check.
See also
\Drupal\Core\Access\AccessibleInterface
5 calls to EntityResource::relationshipAccess()
- EntityResource::createRelationship in src/
Controller/ EntityResource.php - Adds a relationship to a to-many relationship.
- EntityResource::deleteRelationship in src/
Controller/ EntityResource.php - Deletes the relationship of an entity.
- EntityResource::getRelated in src/
Controller/ EntityResource.php - Gets the related resource.
- EntityResource::getRelationship in src/
Controller/ EntityResource.php - Gets the relationship of an entity.
- EntityResource::patchRelationship in src/
Controller/ EntityResource.php - Updates the relationship of an entity.
File
- src/
Controller/ EntityResource.php, line 932
Class
- EntityResource
- Process all entity requests.
Namespace
Drupal\jsonapi\ControllerCode
protected function relationshipAccess(EntityInterface $entity, $operation, $related_field) {
/* @var \Drupal\Core\Field\EntityReferenceFieldItemListInterface $parsed_field_list */
$field_access = $entity->{$related_field}
->access($operation, NULL, TRUE);
$entity_access = $entity
->access($operation, NULL, TRUE);
$combined_access = $entity_access
->andIf($field_access);
if (!$combined_access
->isAllowed()) {
// @todo Is this really the right path?
throw new EntityAccessDeniedHttpException($entity, $combined_access, $related_field, "The current user is not allowed to {$operation} this relationship.");
}
if (!($field_list = $entity
->get($related_field)) || !$this
->isRelationshipField($field_list)) {
throw new NotFoundHttpException(sprintf('The relationship %s is not present in this resource.', $related_field));
}
}