function jsonapi_jsonapi_node_filter_access

Same name in other branches
  1. 9 core/modules/jsonapi/jsonapi.module \jsonapi_jsonapi_node_filter_access()
  2. 10 core/modules/jsonapi/jsonapi.module \jsonapi_jsonapi_node_filter_access()
  3. 11.x core/modules/jsonapi/jsonapi.module \jsonapi_jsonapi_node_filter_access()

Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'node'.

File

core/modules/jsonapi/jsonapi.module, line 248

Code

function jsonapi_jsonapi_node_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) {
    // @see \Drupal\node\NodeAccessControlHandler::access()
    if ($account->hasPermission('bypass node access')) {
        return [
            JSONAPI_FILTER_AMONG_ALL => AccessResult::allowed()->cachePerPermissions(),
        ];
    }
    if (!$account->hasPermission('access content')) {
        $forbidden = AccessResult::forbidden("The 'access content' permission is required.")->cachePerPermissions();
        return [
            JSONAPI_FILTER_AMONG_ALL => $forbidden,
            JSONAPI_FILTER_AMONG_OWN => $forbidden,
            JSONAPI_FILTER_AMONG_PUBLISHED => $forbidden,
            // For legacy reasons, the Node entity type has a "status" key, so forbid
            // this subset as well, even though it has no semantic meaning.
JSONAPI_FILTER_AMONG_ENABLED => $forbidden,
        ];
    }
    return [
        // @see \Drupal\node\NodeAccessControlHandler::checkAccess()
JSONAPI_FILTER_AMONG_OWN => AccessResult::allowedIfHasPermission($account, 'view own unpublished content'),
        // @see \Drupal\node\NodeGrantDatabaseStorage::access()
        // Note that:
        // - This is just for the default grant. Other node access conditions are
        //   added via the 'node_access' query tag.
        // - Permissions were checked earlier in this function, so we must vary the
        //   cache by them.
JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowed()->cachePerPermissions(),
    ];
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.