You are here

protected function NodeAccessControlHandler::checkFieldAccess in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkFieldAccess()

Default field access as determined by this access control handler.

Parameters

string $operation: The operation access should be checked for. Usually one of "view" or "edit".

\Drupal\Core\Field\FieldDefinitionInterface $field_definition: The field definition.

\Drupal\Core\Session\AccountInterface $account: The user session for which to check access.

\Drupal\Core\Field\FieldItemListInterface $items: (optional) The field values for which to check access, or NULL if access is checked for the field definition, without any specific value available. Defaults to NULL.

Return value

bool TRUE if access is allowed, FALSE otherwise.

Overrides EntityAccessControlHandler::checkFieldAccess

File

core/modules/node/src/NodeAccessControlHandler.php, line 125
Contains \Drupal\node\NodeAccessControlHandler.

Class

NodeAccessControlHandler
Defines the access control handler for the node entity type.

Namespace

Drupal\node

Code

protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {

  // Only users with the administer nodes permission can edit administrative
  // fields.
  $administrative_fields = array(
    'uid',
    'status',
    'created',
    'promote',
    'sticky',
  );
  if ($operation == 'edit' && in_array($field_definition
    ->getName(), $administrative_fields, TRUE)) {
    return AccessResult::allowedIfHasPermission($account, 'administer nodes');
  }

  // No user can change read only fields.
  $read_only_fields = array(
    'revision_timestamp',
    'revision_uid',
  );
  if ($operation == 'edit' && in_array($field_definition
    ->getName(), $read_only_fields, TRUE)) {
    return AccessResult::forbidden();
  }

  // Users have access to the revision_log field either if they have
  // administrative permissions or if the new revision option is enabled.
  if ($operation == 'edit' && $field_definition
    ->getName() == 'revision_log') {
    if ($account
      ->hasPermission('administer nodes')) {
      return AccessResult::allowed()
        ->cachePerPermissions();
    }
    return AccessResult::allowedIf($items
      ->getEntity()->type->entity
      ->isNewRevision())
      ->cachePerPermissions();
  }
  return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}