class EntityAccess

Same name in this branch
  1. 11.x core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess
Same name and namespace in other branches
  1. 9 core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess
  2. 8.9.x core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess
  3. 10 core/modules/workspaces/src/EntityAccess.php \Drupal\workspaces\EntityAccess

Defines a class for reacting to entity access control hooks.

Hierarchy

Expanded class hierarchy of EntityAccess

File

core/modules/workspaces/src/Hook/EntityAccess.php, line 19

Namespace

Drupal\workspaces\Hook
View source
class EntityAccess {
  public function __construct(protected EntityTypeManagerInterface $entityTypeManager, protected WorkspaceManagerInterface $workspaceManager, protected WorkspaceInformationInterface $workspaceInfo) {
  }
  
  /**
   * Implements hook_entity_access().
   */
  public function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) : AccessResultInterface {
    // Workspaces themselves are handled by their own access handler and we
    // should not try to do any access checks for entity types that can not
    // belong to a workspace.
    if (!$this->workspaceInfo
      ->isEntitySupported($entity) || !$this->workspaceManager
      ->hasActiveWorkspace()) {
      return AccessResult::neutral();
    }
    // Prevent the deletion of entities with a published default revision.
    if ($operation === 'delete') {
      $active_workspace = $this->workspaceManager
        ->getActiveWorkspace();
      $is_deletable = $this->workspaceInfo
        ->isEntityDeletable($entity, $active_workspace);
      return AccessResult::forbiddenIf(!$is_deletable)->addCacheableDependency($entity)
        ->addCacheableDependency($active_workspace);
    }
    return $this->bypassAccessResult($account);
  }
  
  /**
   * Implements hook_entity_create_access().
   */
  public function entityCreateAccess(AccountInterface $account, array $context, $entity_bundle) : AccessResultInterface {
    // Workspaces themselves are handled by their own access handler and we
    // should not try to do any access checks for entity types that can not
    // belong to a workspace.
    $entity_type = $this->entityTypeManager
      ->getDefinition($context['entity_type_id']);
    if (!$this->workspaceInfo
      ->isEntityTypeSupported($entity_type) || !$this->workspaceManager
      ->hasActiveWorkspace()) {
      return AccessResult::neutral();
    }
    return $this->bypassAccessResult($account);
  }
  
  /**
   * Checks the 'bypass' permissions.
   *
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user account making the to check access for.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The result of the access check.
   */
  protected function bypassAccessResult(AccountInterface $account) : AccessResultInterface {
    // This approach assumes that the current "global" active workspace is
    // correct, i.e. if you're "in" a given workspace then you get ALL THE PERMS
    // to ALL THE THINGS! That's why this is a dangerous permission.
    $active_workspace = $this->workspaceManager
      ->getActiveWorkspace();
    return AccessResult::allowedIf($active_workspace->getOwnerId() == $account->id())
      ->cachePerUser()
      ->addCacheableDependency($active_workspace)
      ->andIf(AccessResult::allowedIfHasPermission($account, 'bypass entity access own workspace'));
  }

}

Members

Title Sort descending Modifiers Object type Summary
EntityAccess::bypassAccessResult protected function Checks the 'bypass' permissions.
EntityAccess::entityAccess public function Implements hook_entity_access().
EntityAccess::entityCreateAccess public function Implements hook_entity_create_access().
EntityAccess::__construct public function

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.