function FileAccessControlHandler::checkFieldAccess
Same name in other branches
- 9 core/modules/file/src/FileAccessControlHandler.php \Drupal\file\FileAccessControlHandler::checkFieldAccess()
- 8.9.x core/modules/file/src/FileAccessControlHandler.php \Drupal\file\FileAccessControlHandler::checkFieldAccess()
- 11.x core/modules/file/src/FileAccessControlHandler.php \Drupal\file\FileAccessControlHandler::checkFieldAccess()
Overrides EntityAccessControlHandler::checkFieldAccess
File
-
core/
modules/ file/ src/ FileAccessControlHandler.php, line 103
Class
- FileAccessControlHandler
- Provides a File access control handler.
Namespace
Drupal\fileCode
protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, ?FieldItemListInterface $items = NULL) {
// Deny access to fields that should only be set on file creation, and
// "status" which should only be changed based on a file's usage.
$create_only_fields = [
'uri',
'filemime',
'filesize',
];
// The operation is 'edit' when the entity is being created or updated.
// Determine if the entity is being updated by checking if it is new.
$field_name = $field_definition->getName();
if ($operation === 'edit' && $items && ($entity = $items->getEntity()) && !$entity->isNew() && in_array($field_name, $create_only_fields, TRUE)) {
return AccessResult::forbidden();
}
// Regardless of whether the entity exists access should be denied to the
// status field as this is managed via other APIs, for example:
// - \Drupal\file\FileUsage\FileUsageBase::add()
// - \Drupal\file\Plugin\EntityReferenceSelection\FileSelection::createNewEntity()
if ($operation === 'edit' && $field_name === 'status') {
return AccessResult::forbidden();
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.