protected function RestfulEntityBase::checkPropertyAccess in RESTful 7
Check access on a property.
Parameters
string $op: The operation that access should be checked for. Can be "view" or "edit". Defaults to "edit".
string $public_field_name: The name of the public field.
EntityMetadataWrapper $property_wrapper: The wrapped property.
EntityMetadataWrapper $wrapper: The wrapped entity.
Return value
bool TRUE if the current user has access to set the property, FALSE otherwise.
3 calls to RestfulEntityBase::checkPropertyAccess()
- RestfulEntityBase::setPropertyValues in plugins/
restful/ RestfulEntityBase.php - Set properties of the entity based on the request, and save the entity.
- RestfulEntityBase::viewEntity in plugins/
restful/ RestfulEntityBase.php - View an entity.
- RestfulEntityBaseTaxonomyTerm::checkPropertyAccess in plugins/
restful/ RestfulEntityBaseTaxonomyTerm.php - Overrides \RestfulEntityBase::checkPropertyAccess().
1 method overrides RestfulEntityBase::checkPropertyAccess()
- RestfulEntityBaseTaxonomyTerm::checkPropertyAccess in plugins/
restful/ RestfulEntityBaseTaxonomyTerm.php - Overrides \RestfulEntityBase::checkPropertyAccess().
File
- plugins/
restful/ RestfulEntityBase.php, line 1085 - Contains RestfulEntityBase.
Class
- RestfulEntityBase
- An abstract implementation of RestfulEntityInterface.
Code
protected function checkPropertyAccess($op, $public_field_name, EntityMetadataWrapper $property_wrapper, EntityMetadataWrapper $wrapper) {
if (!$this
->checkPropertyAccessByAccessCallbacks($op, $public_field_name, $property_wrapper, $wrapper)) {
// Access callbacks denied access.
return;
}
$account = $this
->getAccount();
// Check format access for text fields.
if ($property_wrapper
->type() == 'text_formatted' && $property_wrapper
->value() && $property_wrapper->format
->value()) {
$format = (object) array(
'format' => $property_wrapper->format
->value(),
);
// Only check filter access on write contexts.
if (\RestfulBase::isWriteMethod($this
->getMethod()) && !filter_access($format, $account)) {
return FALSE;
}
}
$info = $property_wrapper
->info();
if ($op == 'edit' && empty($info['setter callback'])) {
// Property does not allow setting.
return FALSE;
}
$access = $property_wrapper
->access($op, $account);
return $access !== FALSE;
}