LogAccessControlHandler.php in Log entity 8

<?php

/**
 * @file
 * Contains \Drupal\log\LogAccessControlHandler.
 */
namespace Drupal\log;

use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Field\FieldItemListInterface;
use Drupal\Core\Session\AccountInterface;

/**
 * Defines the access control handler for the log log entity type.
 *
 * @see \Drupal\log\Entity\Log
 */
class LogAccessControlHandler extends EntityAccessControlHandler {

  /**
   * {@inheritdoc}
   */
  protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {

    // Only users with the administer logs permission can edit administrative
    // fields.
    $administrative_fields = array(
      'user_id',
      'created',
    );
    if ($operation == 'edit' && in_array($field_definition
      ->getName(), $administrative_fields, TRUE)) {
      return AccessResult::allowedIfHasPermission($account, 'administer logs');
    }

    // No user can change read only fields.
    $read_only_fields = array(
      'revision_timestamp',
      'revision_uid',
    );
    if ($operation == 'edit' && in_array($field_definition
      ->getName(), $read_only_fields, TRUE)) {
      return AccessResult::forbidden();
    }
    return parent::checkFieldAccess($operation, $field_definition, $account, $items);
  }

}