function NodeRevisionAccessCheck::checkAccess

Same name and namespace in other branches

9 core/modules/node/src/Access/NodeRevisionAccessCheck.php \Drupal\node\Access\NodeRevisionAccessCheck::checkAccess()

Checks node revision access.

Parameters

\Drupal\node\NodeInterface $node: The node to check.

\Drupal\Core\Session\AccountInterface $account: A user object representing the user for whom the operation is to be performed.

string $op: (optional) The specific operation being checked. Defaults to 'view.'

Return value

bool TRUE if the operation may be performed, FALSE otherwise.

File

core/modules/node/src/Access/NodeRevisionAccessCheck.php, line 92

Class

NodeRevisionAccessCheck: Provides an access checker for node revisions.

Namespace

Drupal\node\Access

Code

public function checkAccess(NodeInterface $node, AccountInterface $account, $op = 'view') {
    $map = [
        'view' => 'view all revisions',
        'update' => 'revert all revisions',
        'delete' => 'delete all revisions',
    ];
    $bundle = $node->bundle();
    $type_map = [
        'view' => "view {$bundle} revisions",
        'update' => "revert {$bundle} revisions",
        'delete' => "delete {$bundle} revisions",
    ];
    if (!$node || !isset($map[$op]) || !isset($type_map[$op])) {
        // If there was no node to check against, or the $op was not one of the
        // supported ones, we return access denied.
        return FALSE;
    }
    // Statically cache access by revision ID, language code, user account ID,
    // and operation.
    $langcode = $node->language()
        ->getId();
    $cid = $node->getRevisionId() . ':' . $langcode . ':' . $account->id() . ':' . $op;
    if (!isset($this->access[$cid])) {
        // Perform basic permission checks first.
        if (!$account->hasPermission($map[$op]) && !$account->hasPermission($type_map[$op]) && !$account->hasPermission('administer nodes')) {
            $this->access[$cid] = FALSE;
            return FALSE;
        }
        // If the revisions checkbox is selected for the content type, display the
        // revisions tab.
        $bundle_entity_type = $node->getEntityType()
            ->getBundleEntityType();
        $bundle_entity = \Drupal::entityTypeManager()->getStorage($bundle_entity_type)
            ->load($bundle);
        if ($bundle_entity->shouldCreateNewRevision() && $op === 'view') {
            $this->access[$cid] = TRUE;
        }
        else {
            // There should be at least two revisions. If the vid of the given node
            // and the vid of the default revision differ, then we already have two
            // different revisions so there is no need for a separate database
            // check. Also, if you try to revert to or delete the default revision,
            // that's not good.
            if ($node->isDefaultRevision() && ($this->nodeStorage
                ->countDefaultLanguageRevisions($node) == 1 || $op === 'update' || $op === 'delete')) {
                $this->access[$cid] = FALSE;
            }
            elseif ($account->hasPermission('administer nodes')) {
                $this->access[$cid] = TRUE;
            }
            else {
                // First check the access to the default revision and finally, if the
                // node passed in is not the default revision then check access to
                // that, too.
                $this->access[$cid] = $this->nodeAccess
                    ->access($this->nodeStorage
                    ->load($node->id()), $op, $account) && ($node->isDefaultRevision() || $this->nodeAccess
                    ->access($node, $op, $account));
            }
        }
    }
    return $this->access[$cid];
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

Breadcrumb