function NodeAccessControlHandler::checkViewAccess
Performs view access checks.
Parameters
\Drupal\node\NodeInterface $node: The node for which to check access.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
\Drupal\Core\Cache\CacheableMetadata $cacheability: Allows cacheability information bubble up from this method.
Return value
\Drupal\Core\Access\AccessResultInterface|null The calculated access result or null when no opinion.
1 call to NodeAccessControlHandler::checkViewAccess()
- NodeAccessControlHandler::checkAccess in core/
modules/ node/ src/ NodeAccessControlHandler.php - Performs access checks.
File
-
core/
modules/ node/ src/ NodeAccessControlHandler.php, line 205
Class
- NodeAccessControlHandler
- Defines the access control handler for the node entity type.
Namespace
Drupal\nodeCode
protected function checkViewAccess(NodeInterface $node, AccountInterface $account, CacheableMetadata $cacheability) : ?AccessResultInterface {
// If the node status changes, so does the outcome of the check below, so
// we need to add the node as a cacheable dependency.
$cacheability->addCacheableDependency($node);
if ($node->isPublished()) {
return NULL;
}
$cacheability->addCacheContexts([
'user.permissions',
]);
if (!$account->hasPermission('view own unpublished content')) {
return NULL;
}
$cacheability->addCacheContexts([
'user.roles:authenticated',
]);
// The "view own unpublished content" permission must not be granted
// to anonymous users for security reasons.
if (!$account->isAuthenticated()) {
return NULL;
}
$cacheability->addCacheContexts([
'user',
]);
if ($account->id() != $node->getOwnerId()) {
return NULL;
}
return AccessResult::allowed()->addCacheableDependency($cacheability);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.