function BlockContentAccessControlHandler::checkAccess
Same name in other branches
- 9 core/modules/block_content/src/BlockContentAccessControlHandler.php \Drupal\block_content\BlockContentAccessControlHandler::checkAccess()
- 8.9.x core/modules/block_content/src/BlockContentAccessControlHandler.php \Drupal\block_content\BlockContentAccessControlHandler::checkAccess()
- 11.x core/modules/block_content/src/BlockContentAccessControlHandler.php \Drupal\block_content\BlockContentAccessControlHandler::checkAccess()
Overrides EntityAccessControlHandler::checkAccess
File
-
core/
modules/ block_content/ src/ BlockContentAccessControlHandler.php, line 57
Class
- BlockContentAccessControlHandler
- Defines the access control handler for the content block entity type.
Namespace
Drupal\block_contentCode
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
assert($entity instanceof BlockContentInterface);
$bundle = $entity->bundle();
$forbidIfNotReusable = fn(): AccessResultInterface => AccessResult::forbiddenIf($entity->isReusable() === FALSE, sprintf('Block content must be reusable to use `%s` operation', $operation));
$access = AccessResult::allowedIfHasPermissions($account, [
'administer block content',
]);
if (!$access->isAllowed()) {
$access = match ($operation) { 'view' => AccessResult::allowedIf($entity->isPublished())
->orIf(AccessResult::allowedIfHasPermission($account, 'access block library')),
'update' => AccessResult::allowedIfHasPermission($account, 'edit any ' . $bundle . ' block content'),
'delete' => AccessResult::allowedIfHasPermission($account, 'delete any ' . $bundle . ' block content'),
'view revision', 'view all revisions' => AccessResult::allowedIfHasPermission($account, 'view any ' . $bundle . ' block content history'),
'revert' => AccessResult::allowedIfHasPermission($account, 'revert any ' . $bundle . ' block content revisions')->orIf($forbidIfNotReusable()),
'delete revision' => AccessResult::allowedIfHasPermission($account, 'delete any ' . $bundle . ' block content revisions')->orIf($forbidIfNotReusable()),
default => parent::checkAccess($entity, $operation, $account),
};
}
// Add the entity as a cacheable dependency because access will at least be
// determined by whether the block is reusable.
$access->addCacheableDependency($entity);
if ($entity->isReusable() === FALSE && $access->isForbidden() !== TRUE) {
if (!$entity instanceof DependentAccessInterface) {
throw new \LogicException("Non-reusable block entities must implement \\Drupal\\block_content\\Access\\DependentAccessInterface for access control.");
}
$dependency = $entity->getAccessDependency();
if (empty($dependency)) {
// If an access dependency has not been set let modules set one.
$event = new BlockContentGetDependencyEvent($entity);
$this->eventDispatcher
->dispatch($event, BlockContentEvents::BLOCK_CONTENT_GET_DEPENDENCY);
$dependency = $event->getAccessDependency();
if (empty($dependency)) {
return AccessResult::forbidden("Non-reusable blocks must set an access dependency for access control.");
}
}
/** @var \Drupal\Core\Entity\EntityInterface $dependency */
$access = $access->andIf($dependency->access($operation, $account, TRUE));
}
return $access;
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.