function ContentModerationHooks::entityAccess

Implements hook_entity_access().

Entities should be viewable if unpublished and the user has the appropriate permission. This permission is therefore effectively mandatory for any user that wants to moderate things.

Attributes

#[Hook('entity_access')]

File

core/modules/content_moderation/src/Hook/ContentModerationHooks.php, line 213

Class

ContentModerationHooks: Hook implementations for content_moderation.

Namespace

Drupal\content_moderation\Hook

Code

public function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) : AccessResultInterface {
  /** @var \Drupal\content_moderation\ModerationInformationInterface $moderation_info */
  $moderation_info = \Drupal::service('content_moderation.moderation_information');
  $access_result = AccessResult::neutral();
  if ($operation === 'view') {
    $access_result = $entity instanceof EntityPublishedInterface && !$entity->isPublished() ? AccessResult::allowedIfHasPermission($account, 'view any unpublished content') : AccessResult::neutral();
    $access_result->addCacheableDependency($entity);
  }
  elseif ($operation === 'update' && $moderation_info->isModeratedEntity($entity) && $entity->moderation_state) {
    /** @var \Drupal\content_moderation\StateTransitionValidation $transition_validation */
    $transition_validation = \Drupal::service('content_moderation.state_transition_validation');
    $valid_transition_targets = $transition_validation->getValidTransitions($entity, $account);
    $access_result = $valid_transition_targets ? AccessResult::neutral() : AccessResult::forbidden('No valid transitions exist for given account.');
    $access_result->addCacheableDependency($entity);
    $workflow = $moderation_info->getWorkflowForEntity($entity);
    $access_result->addCacheableDependency($workflow);
    // The state transition validation service returns a list of transitions
    // based on the user's permission to use them.
    $access_result->cachePerPermissions();
  }
  // Do not allow users to delete the state that is configured as the default
  // state for the workflow.
  if ($entity instanceof WorkflowInterface) {
    $configuration = $entity->getTypePlugin()
      ->getConfiguration();
    if (!empty($configuration['default_moderation_state']) && $operation === sprintf('delete-state:%s', $configuration['default_moderation_state'])) {
      return AccessResult::forbidden()->addCacheableDependency($entity);
    }
  }
  return $access_result;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function ContentModerationHooks::entityAccess

Attributes

File

Class

Namespace

Code

Search drupal 11.x

API Navigation

Breadcrumb

function ContentModerationHooks::entityAccess

Attributes

File

Class

Namespace

Code

Search drupal 11.x

API Navigation