function NodeAccessControlHandler::checkFieldAccess

Same name and namespace in other branches
  1. 8.9.x core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkFieldAccess()
  2. 10 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkFieldAccess()
  3. 11.x core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkFieldAccess()

Overrides EntityAccessControlHandler::checkFieldAccess

File

core/modules/node/src/NodeAccessControlHandler.php, line 206

Class

NodeAccessControlHandler
Defines the access control handler for the node entity type.

Namespace

Drupal\node

Code

protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
    // Only users with the administer nodes permission can edit administrative
    // fields.
    $administrative_fields = [
        'uid',
        'status',
        'created',
        'promote',
        'sticky',
    ];
    if ($operation == 'edit' && in_array($field_definition->getName(), $administrative_fields, TRUE)) {
        return AccessResult::allowedIfHasPermission($account, 'administer nodes');
    }
    // No user can change read only fields.
    $read_only_fields = [
        'revision_timestamp',
        'revision_uid',
    ];
    if ($operation == 'edit' && in_array($field_definition->getName(), $read_only_fields, TRUE)) {
        return AccessResult::forbidden();
    }
    // Users have access to the revision_log field either if they have
    // administrative permissions or if the new revision option is enabled.
    if ($operation == 'edit' && $field_definition->getName() == 'revision_log') {
        if ($account->hasPermission('administer nodes')) {
            return AccessResult::allowed()->cachePerPermissions();
        }
        return AccessResult::allowedIf($items->getEntity()->type->entity
            ->shouldCreateNewRevision())
            ->cachePerPermissions();
    }
    return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.