Same filename and directory in other branches
- 8.9.x core/modules/file/src/FileAccessControlHandler.php
- 9 core/modules/file/src/FileAccessControlHandler.php
Namespace
Drupal\file
File
core/modules/file/src/FileAccessControlHandler.php
View source
<?php
namespace Drupal\file;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Field\FieldItemListInterface;
use Drupal\Core\Session\AccountInterface;
class FileAccessControlHandler extends EntityAccessControlHandler {
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
if ($operation == 'download' || $operation == 'view') {
if (\Drupal::service('stream_wrapper_manager')
->getScheme($entity
->getFileUri()) === 'public') {
if ($operation === 'download') {
return AccessResult::allowed();
}
else {
return AccessResult::allowedIfHasPermission($account, 'access content');
}
}
elseif ($references = $this
->getFileReferences($entity)) {
foreach ($references as $field_name => $entity_map) {
foreach ($entity_map as $referencing_entities) {
foreach ($referencing_entities as $referencing_entity) {
$entity_and_field_access = $referencing_entity
->access('view', $account, TRUE)
->andIf($referencing_entity->{$field_name}
->access('view', $account, TRUE));
if ($entity_and_field_access
->isAllowed()) {
return $entity_and_field_access;
}
}
}
}
}
elseif ($entity
->getOwnerId() == $account
->id()) {
if ($account
->isAnonymous()) {
$allowed_fids = \Drupal::service('session')
->get('anonymous_allowed_file_ids', []);
if (!empty($allowed_fids[$entity
->id()])) {
return AccessResult::allowed()
->addCacheContexts([
'session',
'user',
]);
}
}
else {
return AccessResult::allowed()
->addCacheContexts([
'user',
]);
}
}
}
elseif ($operation == 'update') {
$account = $this
->prepareUser($account);
$file_uid = $entity
->get('uid')
->getValue();
if (isset($file_uid[0]['target_id']) && $account
->id() == $file_uid[0]['target_id']) {
return AccessResult::allowed();
}
return AccessResult::forbidden('Only the file owner can update the file entity.');
}
elseif ($operation == 'delete') {
$access = AccessResult::allowedIfHasPermission($account, 'delete any file');
if (!$access
->isAllowed() && $account
->hasPermission('delete own files')) {
$access = $access
->orIf(AccessResult::allowedIf($account
->id() == $entity
->getOwnerId()))
->cachePerUser()
->addCacheableDependency($entity);
}
return $access;
}
return AccessResult::neutral();
}
protected function getFileReferences(FileInterface $file) {
return file_get_file_references($file, NULL, EntityStorageInterface::FIELD_LOAD_REVISION, NULL);
}
protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
$create_only_fields = [
'uri',
'filemime',
'filesize',
];
$field_name = $field_definition
->getName();
if ($operation === 'edit' && $items && ($entity = $items
->getEntity()) && !$entity
->isNew() && in_array($field_name, $create_only_fields, TRUE)) {
return AccessResult::forbidden();
}
if ($operation === 'edit' && $field_name === 'status') {
return AccessResult::forbidden();
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::neutral();
}
}
Classes