class EntityAccess
Same name in this branch
- 11.x core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess
Same name in other branches
- 9 core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess
- 8.9.x core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess
- 10 core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess
Defines a class for reacting to entity access control hooks.
Hierarchy
- class \Drupal\workspaces\Hook\EntityAccess
Expanded class hierarchy of EntityAccess
File
-
core/
modules/ workspaces/ src/ Hook/ EntityAccess.php, line 19
Namespace
Drupal\workspaces\HookView source
class EntityAccess {
public function __construct(EntityTypeManagerInterface $entityTypeManager, WorkspaceManagerInterface $workspaceManager, WorkspaceInformationInterface $workspaceInfo) {
}
/**
* Implements hook_entity_access().
*/
public function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) : AccessResultInterface {
// Workspaces themselves are handled by their own access handler and we
// should not try to do any access checks for entity types that can not
// belong to a workspace.
if (!$this->workspaceInfo
->isEntitySupported($entity) || !$this->workspaceManager
->hasActiveWorkspace()) {
return AccessResult::neutral();
}
// Prevent the deletion of entities with a published default revision.
if ($operation === 'delete') {
$active_workspace = $this->workspaceManager
->getActiveWorkspace();
$is_deletable = $this->workspaceInfo
->isEntityDeletable($entity, $active_workspace);
return AccessResult::forbiddenIf(!$is_deletable)->addCacheableDependency($entity)
->addCacheableDependency($active_workspace);
}
return $this->bypassAccessResult($account);
}
/**
* Implements hook_entity_create_access().
*/
public function entityCreateAccess(AccountInterface $account, array $context, $entity_bundle) : AccessResultInterface {
// Workspaces themselves are handled by their own access handler and we
// should not try to do any access checks for entity types that can not
// belong to a workspace.
$entity_type = $this->entityTypeManager
->getDefinition($context['entity_type_id']);
if (!$this->workspaceInfo
->isEntityTypeSupported($entity_type) || !$this->workspaceManager
->hasActiveWorkspace()) {
return AccessResult::neutral();
}
return $this->bypassAccessResult($account);
}
/**
* Checks the 'bypass' permissions.
*
* @param \Drupal\Core\Session\AccountInterface $account
* The user account making the to check access for.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The result of the access check.
*/
protected function bypassAccessResult(AccountInterface $account) : AccessResultInterface {
// This approach assumes that the current "global" active workspace is
// correct, i.e. if you're "in" a given workspace then you get ALL THE PERMS
// to ALL THE THINGS! That's why this is a dangerous permission.
$active_workspace = $this->workspaceManager
->getActiveWorkspace();
return AccessResult::allowedIf($active_workspace->getOwnerId() == $account->id())
->cachePerUser()
->addCacheableDependency($active_workspace)
->andIf(AccessResult::allowedIfHasPermission($account, 'bypass entity access own workspace'));
}
}Members
| Title Sort descending | Modifiers | Object type | Summary |
|---|---|---|---|
| EntityAccess::bypassAccessResult | protected | function | Checks the 'bypass' permissions. |
| EntityAccess::entityAccess | public | function | Implements hook_entity_access(). |
| EntityAccess::entityCreateAccess | public | function | Implements hook_entity_create_access(). |
| EntityAccess::__construct | public | function |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.