function EntityAccessControlHandler::checkFieldAccess

Same name in other branches
  1. 9 core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php \Drupal\Core\Entity\EntityAccessControlHandler::checkFieldAccess()
  2. 8.9.x core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php \Drupal\Core\Entity\EntityAccessControlHandler::checkFieldAccess()
  3. 10 core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php \Drupal\Core\Entity\EntityAccessControlHandler::checkFieldAccess()

Default field access as determined by this access control handler.

Parameters

string $operation: The operation access should be checked for. Usually one of "view" or "edit".

\Drupal\Core\Field\FieldDefinitionInterface $field_definition: The field definition.

\Drupal\Core\Session\AccountInterface $account: The user session for which to check access.

\Drupal\Core\Field\FieldItemListInterface $items: (optional) The field values for which to check access, or NULL if access is checked for the field definition, without any specific value available. Defaults to NULL.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

2 calls to EntityAccessControlHandler::checkFieldAccess()
EntityAccessControlHandler::fieldAccess in core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
FileAccessControlHandler::checkFieldAccess in core/modules/file/src/FileAccessControlHandler.php
4 methods override EntityAccessControlHandler::checkFieldAccess()
CommentAccessControlHandler::checkFieldAccess in core/modules/comment/src/CommentAccessControlHandler.php
Default field access as determined by this access control handler.
FileAccessControlHandler::checkFieldAccess in core/modules/file/src/FileAccessControlHandler.php
NodeAccessControlHandler::checkFieldAccess in core/modules/node/src/NodeAccessControlHandler.php
Default field access as determined by this access control handler.
UserAccessControlHandler::checkFieldAccess in core/modules/user/src/UserAccessControlHandler.php
Default field access as determined by this access control handler.

File

core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php, line 391

Class

EntityAccessControlHandler
Defines a default implementation for entity access control handler.

Namespace

Drupal\Core\Entity

Code

protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, ?FieldItemListInterface $items = NULL) {
    if (!$items instanceof FieldItemListInterface || $operation !== 'view') {
        return AccessResult::allowed();
    }
    $entity = $items->getEntity();
    $isRevisionLogField = $this->entityType instanceof ContentEntityTypeInterface && $field_definition->getName() === $this->entityType
        ->getRevisionMetadataKey('revision_log_message');
    if ($entity && $isRevisionLogField) {
        // The revision log should only be visible to those who can view the
        // revisions OR edit the entity.
        return $entity->access('view revision', $account, TRUE)
            ->orIf($entity->access('update', $account, TRUE));
    }
    return AccessResult::allowed();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.