You are here

Home » API reference » Zircon Profile 8 » FileAccessControlHandler.php » FileAccessControlHandler

protected function FileAccessControlHandler::checkAccess in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/file/src/FileAccessControlHandler.php \Drupal\file\FileAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

1 call to FileAccessControlHandler::checkAccess()
FileTestAccessControlHandler::checkAccess in core/modules/file/tests/file_test/src/FileTestAccessControlHandler.php
Performs access checks.
1 method overrides FileAccessControlHandler::checkAccess()
FileTestAccessControlHandler::checkAccess in core/modules/file/tests/file_test/src/FileTestAccessControlHandler.php
Performs access checks.

File

core/modules/file/src/FileAccessControlHandler.php, line 24
Contains \Drupal\file\FileAccessControlHandler.

Class

FileAccessControlHandler
Provides a File access control handler.

Namespace

Drupal\file

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {

  /** @var \Drupal\file\FileInterface $entity */
  if ($operation == 'download' || $operation == 'view') {
    if (\Drupal::service('file_system')
      ->uriScheme($entity
      ->getFileUri()) === 'public') {

      // Always allow access to file in public file system.
      return AccessResult::allowed();
    }
    elseif ($references = $this
      ->getFileReferences($entity)) {
      foreach ($references as $field_name => $entity_map) {
        foreach ($entity_map as $referencing_entity_type => $referencing_entities) {

          /** @var \Drupal\Core\Entity\EntityInterface $referencing_entity */
          foreach ($referencing_entities as $referencing_entity) {
            $entity_and_field_access = $referencing_entity
              ->access('view', $account, TRUE)
              ->andIf($referencing_entity->{$field_name}
              ->access('view', $account, TRUE));
            if ($entity_and_field_access
              ->isAllowed()) {
              return $entity_and_field_access;
            }
          }
        }
      }
    }
    elseif ($entity
      ->getOwnerId() == $account
      ->id()) {

      // This case handles new nodes, or detached files. The user who uploaded
      // the file can always access if it's not yet used.
      return AccessResult::allowed();
    }
  }

  // No opinion.
  return AccessResult::neutral();
}