class RelationshipFieldAccess

Defines a class to check access to related and relationship routes.

@todo Deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. There is no replacement. JSON:API's access checkers are not part of its public API.

@internal JSON:API maintains no PHP API. The API is the HTTP API. This class may change at any time and could break any dependencies on it.

Hierarchy

Expanded class hierarchy of RelationshipFieldAccess

See also

https://www.drupal.org/node/3194641

https://www.drupal.org/project/drupal/issues/3032787

jsonapi.api.php

1 string reference to 'RelationshipFieldAccess'
jsonapi.services.yml in core/modules/jsonapi/jsonapi.services.yml
core/modules/jsonapi/jsonapi.services.yml
1 service uses RelationshipFieldAccess
access_check.jsonapi.relationship_field_access in core/modules/jsonapi/jsonapi.services.yml
Drupal\jsonapi\Access\RelationshipFieldAccess

File

View on git.drupalcode.org

core/modules/jsonapi/src/Access/RelationshipFieldAccess.php, line 27

Namespace

Drupal\jsonapi\Access
View source 
class RelationshipFieldAccess implements AccessInterface {
  
  /**
   * The route requirement key for this access check.
   *
   * @var string
   */
  const ROUTE_REQUIREMENT_KEY = '_jsonapi_relationship_field_access';
  
  /**
   * The JSON:API entity access checker.
   *
   * @var \Drupal\jsonapi\Access\EntityAccessChecker
   */
  protected $entityAccessChecker;
  
  /**
   * RelationshipFieldAccess constructor.
   *
   * @param \Drupal\jsonapi\Access\EntityAccessChecker $entity_access_checker
   *   The JSON:API entity access checker.
   */
  public function __construct(EntityAccessChecker $entity_access_checker) {
    $this->entityAccessChecker = $entity_access_checker;
  }
  
  /**
   * Checks access to the relationship field on the given route.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The incoming HTTP request object.
   * @param \Symfony\Component\Routing\Route $route
   *   The route to check against.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The currently logged in account.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The access result.
   */
  public function access(Request $request, Route $route, AccountInterface $account) {
    @trigger_error(sprintf("The %s access check is deprecated in drupal:9.2.0 and is removed from drupal:10.0.0. There is no replacement. JSON:API's route access checks are internal. See https://www.drupal.org/node/3194641.", static::ROUTE_REQUIREMENT_KEY), E_USER_DEPRECATED);
    $relationship_route_access_checker = \Drupal::service('access_check.jsonapi.relationship_route_access');
    assert($relationship_route_access_checker instanceof RelationshipRouteAccessCheck);
    $access_result = $relationship_route_access_checker->access($route, RouteMatch::createFromRequest($request), $account);
    assert($access_result instanceof AccessResultReasonInterface);
    if (!$access_result->isAllowed() && $request->isMethodCacheable()) {
      throw new CacheableAccessDeniedHttpException(CacheableMetadata::createFromObject($access_result), $access_result->getReason());
    }
    return $access_result;
  }

}

Members

Title Modifiers Object type Summary
RelationshipFieldAccess::$entityAccessChecker protected property The JSON:API entity access checker.
RelationshipFieldAccess::access public function Checks access to the relationship field on the given route.
RelationshipFieldAccess::ROUTE_REQUIREMENT_KEY constant The route requirement key for this access check.
RelationshipFieldAccess::__construct public function RelationshipFieldAccess constructor.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.