class EntityAccess

Same name in other branches
  1. 9 core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess
  2. 8.9.x core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess
  3. 11.x core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess

Service wrapper for hooks relating to entity access control.

@internal

Hierarchy

Expanded class hierarchy of EntityAccess

1 file declares its use of EntityAccess
workspaces.module in core/modules/workspaces/workspaces.module
Provides full-site preview functionality for content staging.

File

core/modules/workspaces/src/EntityAccess.php, line 18

Namespace

Drupal\workspaces
View source
class EntityAccess implements ContainerInjectionInterface {
    use StringTranslationTrait;
    
    /**
     * The entity type manager service.
     *
     * @var \Drupal\Core\Entity\EntityTypeManagerInterface
     */
    protected $entityTypeManager;
    
    /**
     * The workspace manager service.
     *
     * @var \Drupal\workspaces\WorkspaceManagerInterface
     */
    protected $workspaceManager;
    
    /**
     * The workspace information service.
     *
     * @var \Drupal\workspaces\WorkspaceInformationInterface
     */
    protected $workspaceInfo;
    
    /**
     * Constructs a new EntityAccess instance.
     *
     * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
     *   The entity type manager service.
     * @param \Drupal\workspaces\WorkspaceManagerInterface $workspace_manager
     *   The workspace manager service.
     * @param \Drupal\workspaces\WorkspaceInformationInterface $workspace_information
     *   The workspace information service.
     */
    public function __construct(EntityTypeManagerInterface $entity_type_manager, WorkspaceManagerInterface $workspace_manager, WorkspaceInformationInterface $workspace_information) {
        $this->entityTypeManager = $entity_type_manager;
        $this->workspaceManager = $workspace_manager;
        $this->workspaceInfo = $workspace_information;
    }
    
    /**
     * {@inheritdoc}
     */
    public static function create(ContainerInterface $container) {
        return new static($container->get('entity_type.manager'), $container->get('workspaces.manager'), $container->get('workspaces.information'));
    }
    
    /**
     * Implements a hook bridge for hook_entity_access().
     *
     * @param \Drupal\Core\Entity\EntityInterface $entity
     *   The entity to check access for.
     * @param string $operation
     *   The operation being performed.
     * @param \Drupal\Core\Session\AccountInterface $account
     *   The user account making the to check access for.
     *
     * @return \Drupal\Core\Access\AccessResult
     *   The result of the access check.
     *
     * @see hook_entity_access()
     */
    public function entityOperationAccess(EntityInterface $entity, $operation, AccountInterface $account) {
        // Workspaces themselves are handled by their own access handler and we
        // should not try to do any access checks for entity types that can not
        // belong to a workspace.
        if (!$this->workspaceInfo
            ->isEntitySupported($entity) || !$this->workspaceManager
            ->hasActiveWorkspace()) {
            return AccessResult::neutral();
        }
        // Prevent the deletion of entities with a published default revision.
        if ($operation === 'delete') {
            $active_workspace = $this->workspaceManager
                ->getActiveWorkspace();
            $is_deletable = $this->workspaceInfo
                ->isEntityDeletable($entity, $active_workspace);
            return AccessResult::forbiddenIf(!$is_deletable)->addCacheableDependency($entity)
                ->addCacheableDependency($active_workspace);
        }
        return $this->bypassAccessResult($account);
    }
    
    /**
     * Implements a hook bridge for hook_entity_create_access().
     *
     * @param \Drupal\Core\Session\AccountInterface $account
     *   The user account making the to check access for.
     * @param array $context
     *   The context of the access check.
     * @param string $entity_bundle
     *   The bundle of the entity.
     *
     * @return \Drupal\Core\Access\AccessResult
     *   The result of the access check.
     *
     * @see hook_entity_create_access()
     */
    public function entityCreateAccess(AccountInterface $account, array $context, $entity_bundle) {
        // Workspaces themselves are handled by their own access handler and we
        // should not try to do any access checks for entity types that can not
        // belong to a workspace.
        $entity_type = $this->entityTypeManager
            ->getDefinition($context['entity_type_id']);
        if (!$this->workspaceInfo
            ->isEntityTypeSupported($entity_type) || !$this->workspaceManager
            ->hasActiveWorkspace()) {
            return AccessResult::neutral();
        }
        return $this->bypassAccessResult($account);
    }
    
    /**
     * Checks the 'bypass' permissions.
     *
     * @param \Drupal\Core\Session\AccountInterface $account
     *   The user account making the to check access for.
     *
     * @return \Drupal\Core\Access\AccessResult
     *   The result of the access check.
     */
    protected function bypassAccessResult(AccountInterface $account) {
        // This approach assumes that the current "global" active workspace is
        // correct, i.e. if you're "in" a given workspace then you get ALL THE PERMS
        // to ALL THE THINGS! That's why this is a dangerous permission.
        $active_workspace = $this->workspaceManager
            ->getActiveWorkspace();
        return AccessResult::allowedIf($active_workspace->getOwnerId() == $account->id())
            ->cachePerUser()
            ->addCacheableDependency($active_workspace)
            ->andIf(AccessResult::allowedIfHasPermission($account, 'bypass entity access own workspace'));
    }

}

Members

Title Sort descending Modifiers Object type Summary Overriden Title Overrides
EntityAccess::$entityTypeManager protected property The entity type manager service.
EntityAccess::$workspaceInfo protected property The workspace information service.
EntityAccess::$workspaceManager protected property The workspace manager service.
EntityAccess::bypassAccessResult protected function Checks the 'bypass' permissions.
EntityAccess::create public static function Instantiates a new instance of this class. Overrides ContainerInjectionInterface::create
EntityAccess::entityCreateAccess public function Implements a hook bridge for hook_entity_create_access().
EntityAccess::entityOperationAccess public function Implements a hook bridge for hook_entity_access().
EntityAccess::__construct public function Constructs a new EntityAccess instance.
StringTranslationTrait::$stringTranslation protected property The string translation service. 3
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.