function NodeAccessControlHandler::checkViewAccess

Performs view access checks.

Parameters

\Drupal\node\NodeInterface $node: The node for which to check access.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

\Drupal\Core\Cache\CacheableMetadata $cacheability: Allows cacheability information bubble up from this method.

Return value

\Drupal\Core\Access\AccessResultInterface|null The calculated access result or null when no opinion.

1 call to NodeAccessControlHandler::checkViewAccess()
NodeAccessControlHandler::checkAccess in core/modules/node/src/NodeAccessControlHandler.php
Performs access checks.

File

core/modules/node/src/NodeAccessControlHandler.php, line 205

Class

NodeAccessControlHandler
Defines the access control handler for the node entity type.

Namespace

Drupal\node

Code

protected function checkViewAccess(NodeInterface $node, AccountInterface $account, CacheableMetadata $cacheability) : ?AccessResultInterface {
    // If the node status changes, so does the outcome of the check below, so
    // we need to add the node as a cacheable dependency.
    $cacheability->addCacheableDependency($node);
    if ($node->isPublished()) {
        return NULL;
    }
    $cacheability->addCacheContexts([
        'user.permissions',
    ]);
    if (!$account->hasPermission('view own unpublished content')) {
        return NULL;
    }
    $cacheability->addCacheContexts([
        'user.roles:authenticated',
    ]);
    // The "view own unpublished content" permission must not be granted
    // to anonymous users for security reasons.
    if (!$account->isAuthenticated()) {
        return NULL;
    }
    $cacheability->addCacheContexts([
        'user',
    ]);
    if ($account->id() != $node->getOwnerId()) {
        return NULL;
    }
    return AccessResult::allowed()->addCacheableDependency($cacheability);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.