You are here

public function OgAccessInterface::userAccessEntityOperation in Organic groups 8

Checks whether a user can perform an operation on a given entity.

This does an exhaustive, but slow, check to discover whether the operation can be performed. It works both with groups and group content entities. It will iterate over all groups that are associated with the entity and check if the user is allowed to perform the entity operation on the group content entity according to their role within each group.

For access to be granted, at least one of the groups with which the entity is associated should allow access, and none of the associated groups should deny access. Access is denied if one or more groups deny access, regardless of how many groups grant access. A neutral result is returned if the passed in entity is not associated with any groups, or if all the associated groups return a neutral result.

If a passed in entity is both a group and group content, it will first check if the user has permission to perform the operation on the entity itself. Only if this returns a neutral result the access check will be performed on its parent group(s).

In case you know the specific group you want to check access for then it is recommended to use the faster ::userAccessGroupContentEntityOperation().

Parameters

string $operation: The entity operation, such as "create", "update" or "delete".

\Drupal\Core\Entity\EntityInterface $entity: The entity object. This can be either a group or group content entity.

\Drupal\Core\Session\AccountInterface|null $user: (optional) The user object. If empty the current user will be used.

Return value

\Drupal\Core\Access\AccessResultInterface An access result object.

See also

\Drupal\og\userAccessGroupContentEntityOperation();

1 method overrides OgAccessInterface::userAccessEntityOperation()
OgAccess::userAccessEntityOperation in src/OgAccess.php
Checks whether a user can perform an operation on a given entity.

File

src/OgAccessInterface.php, line 130

Class

OgAccessInterface
Interface for classes that handle access checks in Organic Groups.

Namespace

Drupal\og

Code

public function userAccessEntityOperation(string $operation, EntityInterface $entity, ?AccountInterface $user = NULL) : AccessResultInterface;