function jsonapi_jsonapi_node_filter_access
Same name in other branches
- 9 core/modules/jsonapi/jsonapi.module \jsonapi_jsonapi_node_filter_access()
- 10 core/modules/jsonapi/jsonapi.module \jsonapi_jsonapi_node_filter_access()
- 11.x core/modules/jsonapi/jsonapi.module \jsonapi_jsonapi_node_filter_access()
Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'node'.
File
-
core/
modules/ jsonapi/ jsonapi.module, line 248
Code
function jsonapi_jsonapi_node_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) {
// @see \Drupal\node\NodeAccessControlHandler::access()
if ($account->hasPermission('bypass node access')) {
return [
JSONAPI_FILTER_AMONG_ALL => AccessResult::allowed()->cachePerPermissions(),
];
}
if (!$account->hasPermission('access content')) {
$forbidden = AccessResult::forbidden("The 'access content' permission is required.")->cachePerPermissions();
return [
JSONAPI_FILTER_AMONG_ALL => $forbidden,
JSONAPI_FILTER_AMONG_OWN => $forbidden,
JSONAPI_FILTER_AMONG_PUBLISHED => $forbidden,
// For legacy reasons, the Node entity type has a "status" key, so forbid
// this subset as well, even though it has no semantic meaning.
JSONAPI_FILTER_AMONG_ENABLED => $forbidden,
];
}
return [
// @see \Drupal\node\NodeAccessControlHandler::checkAccess()
JSONAPI_FILTER_AMONG_OWN => AccessResult::allowedIfHasPermission($account, 'view own unpublished content'),
// @see \Drupal\node\NodeGrantDatabaseStorage::access()
// Note that:
// - This is just for the default grant. Other node access conditions are
// added via the 'node_access' query tag.
// - Permissions were checked earlier in this function, so we must vary the
// cache by them.
JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowed()->cachePerPermissions(),
];
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.