EntityResourceAccessTrait.php

Namespace

Drupal\rest\Plugin\rest\resource

File

View on git.drupalcode.org

core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php

View source 
<?php

namespace Drupal\rest\Plugin\rest\resource;

use Drupal\Core\Entity\EntityInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

/**
 * @internal
 * @todo Consider making public in https://www.drupal.org/node/2300677
 */
trait EntityResourceAccessTrait {
  
  /**
   * Performs edit access checks for fields.
   *
   * @param \Drupal\Core\Entity\EntityInterface $entity
   *   The entity whose fields edit access should be checked for.
   *
   * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
   *   Throws access denied when the user does not have permissions to edit a
   *   field.
   */
  protected function checkEditFieldAccess(EntityInterface $entity) {
    // Only check 'edit' permissions for fields that were actually submitted by
    // the user. Field access makes no difference between 'create' and 'update',
    // so the 'edit' operation is used here.
    foreach ($entity->_restSubmittedFields as $field_name) {
      if (!$entity->get($field_name)
        ->access('edit')) {
        throw new AccessDeniedHttpException("Access denied on creating field '{$field_name}'.");
      }
    }
  }

}

Traits

Title Deprecated Summary
EntityResourceAccessTrait @internal @todo Consider making public in https://www.drupal.org/node/2300677

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.