You are here

class ReferenceAccessConstraintValidator in Zircon Profile 8.0

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Entity/Plugin/Validation/Constraint/ReferenceAccessConstraintValidator.php \Drupal\Core\Entity\Plugin\Validation\Constraint\ReferenceAccessConstraintValidator

Checks if the current user has access to newly referenced entities.

Hierarchy

Expanded class hierarchy of ReferenceAccessConstraintValidator

File

core/lib/Drupal/Core/Entity/Plugin/Validation/Constraint/ReferenceAccessConstraintValidator.php, line 16
Contains \Drupal\Core\Entity\Plugin\Validation\Constraint\ReferenceAccessConstraintValidator.

Namespace

Drupal\Core\Entity\Plugin\Validation\Constraint
View source
class ReferenceAccessConstraintValidator extends ConstraintValidator {

  /**
   * {@inheritdoc}
   */
  public function validate($value, Constraint $constraint) {

    /* @var \Drupal\Core\Field\FieldItemInterface $value */
    if (!isset($value)) {
      return;
    }
    $id = $value->target_id;

    // '0' or NULL are considered valid empty references.
    if (empty($id)) {
      return;
    }

    /* @var \Drupal\Core\Entity\FieldableEntityInterface $referenced_entity */
    $referenced_entity = $value->entity;
    if ($referenced_entity) {
      $entity = $value
        ->getEntity();
      $check_permission = TRUE;
      if (!$entity
        ->isNew()) {
        $existing_entity = \Drupal::entityManager()
          ->getStorage($entity
          ->getEntityTypeId())
          ->loadUnchanged($entity
          ->id());
        $referenced_entities = $existing_entity->{$value
          ->getFieldDefinition()
          ->getName()}
          ->referencedEntities();

        // Check permission if we are not already referencing the entity.
        foreach ($referenced_entities as $ref) {
          if (isset($referenced_entities[$ref
            ->id()])) {
            $check_permission = FALSE;
            break;
          }
        }
      }

      // We check that the current user had access to view any newly added
      // referenced entity.
      if ($check_permission && !$referenced_entity
        ->access('view')) {
        $type = $value
          ->getFieldDefinition()
          ->getSetting('target_type');
        $this->context
          ->addViolation($constraint->message, array(
          '%type' => $type,
          '%id' => $id,
        ));
      }
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
ConstraintValidator::$context protected property 3
ConstraintValidator::buildViolation Deprecated protected function Wrapper for {@link ExecutionContextInterface::buildViolation} that supports the 2.4 context API.
ConstraintValidator::buildViolationInContext Deprecated protected function Wrapper for {@link ExecutionContextInterface::buildViolation} that supports the 2.4 context API.
ConstraintValidator::formatTypeOf protected function Returns a string representation of the type of the value.
ConstraintValidator::formatValue protected function Returns a string representation of the value.
ConstraintValidator::formatValues protected function Returns a string representation of a list of values.
ConstraintValidator::initialize public function Initializes the constraint validator. Overrides ConstraintValidatorInterface::initialize 1
ConstraintValidator::OBJECT_TO_STRING constant Whether to cast objects with a "__toString()" method to strings.
ConstraintValidator::PRETTY_DATE constant Whether to format {@link \DateTime} objects as RFC-3339 dates ("Y-m-d H:i:s").
ReferenceAccessConstraintValidator::validate public function Checks if the passed value is valid. Overrides ConstraintValidatorInterface::validate