You are here

protected function RestfulEntityBase::checkPropertyAccess in RESTful 7

Check access on a property.

Parameters

string $op: The operation that access should be checked for. Can be "view" or "edit". Defaults to "edit".

string $public_field_name: The name of the public field.

EntityMetadataWrapper $property_wrapper: The wrapped property.

EntityMetadataWrapper $wrapper: The wrapped entity.

Return value

bool TRUE if the current user has access to set the property, FALSE otherwise.

3 calls to RestfulEntityBase::checkPropertyAccess()
RestfulEntityBase::setPropertyValues in plugins/restful/RestfulEntityBase.php
Set properties of the entity based on the request, and save the entity.
RestfulEntityBase::viewEntity in plugins/restful/RestfulEntityBase.php
View an entity.
RestfulEntityBaseTaxonomyTerm::checkPropertyAccess in plugins/restful/RestfulEntityBaseTaxonomyTerm.php
Overrides \RestfulEntityBase::checkPropertyAccess().
1 method overrides RestfulEntityBase::checkPropertyAccess()
RestfulEntityBaseTaxonomyTerm::checkPropertyAccess in plugins/restful/RestfulEntityBaseTaxonomyTerm.php
Overrides \RestfulEntityBase::checkPropertyAccess().

File

plugins/restful/RestfulEntityBase.php, line 1085
Contains RestfulEntityBase.

Class

RestfulEntityBase
An abstract implementation of RestfulEntityInterface.

Code

protected function checkPropertyAccess($op, $public_field_name, EntityMetadataWrapper $property_wrapper, EntityMetadataWrapper $wrapper) {
  if (!$this
    ->checkPropertyAccessByAccessCallbacks($op, $public_field_name, $property_wrapper, $wrapper)) {

    // Access callbacks denied access.
    return;
  }
  $account = $this
    ->getAccount();

  // Check format access for text fields.
  if ($property_wrapper
    ->type() == 'text_formatted' && $property_wrapper
    ->value() && $property_wrapper->format
    ->value()) {
    $format = (object) array(
      'format' => $property_wrapper->format
        ->value(),
    );

    // Only check filter access on write contexts.
    if (\RestfulBase::isWriteMethod($this
      ->getMethod()) && !filter_access($format, $account)) {
      return FALSE;
    }
  }
  $info = $property_wrapper
    ->info();
  if ($op == 'edit' && empty($info['setter callback'])) {

    // Property does not allow setting.
    return FALSE;
  }
  $access = $property_wrapper
    ->access($op, $account);
  return $access !== FALSE;
}