You are here

Home » API reference » Zircon Profile 8 » NodeAccessControlHandler.php » NodeAccessControlHandler

public function NodeAccessControlHandler::access in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::access()

Checks access to an operation on a given entity or entity translation.

Use \Drupal\Core\Entity\EntityAccessControlHandlerInterface::createAccess() to check access to create an entity.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The operation access should be checked for. Usually one of "view", "update" or "delete".

\Drupal\Core\Session\AccountInterface $account: (optional) The user session for which to check access, or NULL to check access for the current user. Defaults to NULL.

bool $return_as_object: (optional) Defaults to FALSE.

Return value

bool|\Drupal\Core\Access\AccessResultInterface The access result. Returns a boolean if $return_as_object is FALSE (this is the default) and otherwise an AccessResultInterface object. When a boolean is returned, the result of AccessInterface::isAllowed() is returned, i.e. TRUE means access is explicitly allowed, FALSE means access is either explicitly forbidden or "no opinion".

Overrides EntityAccessControlHandler::access

File

core/modules/node/src/NodeAccessControlHandler.php, line 62
Contains \Drupal\node\NodeAccessControlHandler.

Class

NodeAccessControlHandler
Defines the access control handler for the node entity type.

Namespace

Drupal\node

Code

public function access(EntityInterface $entity, $operation, AccountInterface $account = NULL, $return_as_object = FALSE) {
  $account = $this
    ->prepareUser($account);
  if ($account
    ->hasPermission('bypass node access')) {
    $result = AccessResult::allowed()
      ->cachePerPermissions();
    return $return_as_object ? $result : $result
      ->isAllowed();
  }
  if (!$account
    ->hasPermission('access content')) {
    $result = AccessResult::forbidden()
      ->cachePerPermissions();
    return $return_as_object ? $result : $result
      ->isAllowed();
  }
  $result = parent::access($entity, $operation, $account, TRUE)
    ->cachePerPermissions();
  return $return_as_object ? $result : $result
    ->isAllowed();
}