You are here

Home » API reference » Services Entity API 7.2 » services_entity_resource_clean.inc » ServicesEntityResourceControllerClean

protected function ServicesEntityResourceControllerClean::propertyAccess in Services Entity API 7.2

Check access on an entity metadata property.

This is a wrapper around EntityMetadataWrapper::access() because that makes no distinction between 'create' and 'update' operations.

Parameters

EntityDrupalWrapper $wrapper: The wrapped entity for which the property access is to be checked.

string $name: The wrapper name of the property whose access is to be checked.

string $op: One of 'create', 'update' or 'view'.

Return value

bool TRUE if the current user has access to set the property, FALSE otherwise.

2 calls to ServicesEntityResourceControllerClean::propertyAccess()
ServicesEntityResourceControllerClean::create in plugins/services_entity_resource_clean.inc
Implements ServicesResourceControllerInterface::create().
ServicesEntityResourceControllerClean::update in plugins/services_entity_resource_clean.inc
Implements ServicesResourceControllerInterface::update().

File

plugins/services_entity_resource_clean.inc, line 346

Class

ServicesEntityResourceControllerClean
This class is designed to create a very clean API that integrates with the services and entity modules. We want to strip all "drupalisms" out of the API. For example, there should be no [LANGUAGE_NONE][0][value] or field_ in the API.

Code

protected function propertyAccess($wrapper, $name, $op) {
  $property = $wrapper->{$name};
  $info = $property
    ->info();
  switch ($op) {
    case 'create':

      // Don't check access on bundle for new entities. Otherwise,
      // property access checks will fail for, e.g., node type, which
      // requires the 'administer nodes' permission to set.
      // @see entity_metadata_node_entity_property_info().
      if (isset($info['schema field']) && $info['schema field'] == $wrapper
        ->entityKey('bundle')) {
        return TRUE;
      }

      // Don't check access on node author if set to the current user.
      if ($wrapper
        ->type() == 'node' && $name == 'author' && $wrapper
        ->value()->uid == $GLOBALS['user']->uid) {
        return TRUE;
      }

    // No break: no special cases apply, so contine as for 'update'.
    case 'update':

      // This is a hack to check format access for text fields.
      // @todo remove once this is handled properly by core or Entity API.
      // @see https://drupal.org/node/2065021
      if ($property
        ->type() == 'text_formatted' && $property->format
        ->value()) {
        $format = (object) array(
          'format' => $property->format
            ->value(),
        );
        if (!filter_access($format)) {
          return FALSE;
        }
      }

      // Entity API create access is currently broken for nodes.
      // @todo remove this check once https://drupal.org/node/1780646 is fixed.
      // @see also https://drupal.org/node/1865102
      if ($op == 'create' && $wrapper
        ->type() == 'node') {
        return TRUE;
      }

      // Finally, use the property access.
      return $property
        ->access('edit');
    case 'view':
      return $property
        ->access('view');
  }
}