protected function ParagraphAccessControlHandler::checkAccess in Paragraphs 8
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
Overrides EntityAccessControlHandler::checkAccess
File
- src/
ParagraphAccessControlHandler.php, line 54
Class
- ParagraphAccessControlHandler
- Access controller for the paragraphs entity.
Namespace
Drupal\paragraphsCode
protected function checkAccess(EntityInterface $paragraph, $operation, AccountInterface $account) {
// Allowed when the operation is not view or the status is true.
/** @var \Drupal\paragraphs\Entity\Paragraph $paragraph */
$config = $this->configFactory
->get('paragraphs.settings');
if ($operation === 'view') {
$access_result = AccessResult::allowedIf($paragraph
->isPublished() || $account
->hasPermission('view unpublished paragraphs') && $config
->get('show_unpublished'))
->addCacheableDependency($config);
}
else {
$access_result = AccessResult::allowed();
}
if ($paragraph
->getParentEntity() != NULL) {
// Delete permission on the paragraph, should just depend on 'update'
// access permissions on the parent.
$operation = $operation == 'delete' ? 'update' : $operation;
// Library items have no support for parent entity access checking.
if ($paragraph
->getParentEntity()
->getEntityTypeId() != 'paragraphs_library_item') {
$parent_access = $paragraph
->getParentEntity()
->access($operation, $account, TRUE);
$access_result = $access_result
->andIf($parent_access);
}
}
return $access_result;
}