3 namespace Drupal\entity;
5 use Drupal\Core\Access\AccessResult;
6 use Drupal\Core\Entity\EntityAccessControlHandler as CoreEntityAccessControlHandler;
7 use Drupal\Core\Entity\EntityInterface;
8 use Drupal\Core\Session\AccountInterface;
9 use Drupal\user\EntityOwnerInterface;
12 * Controls access based on the generic entity permissions.
14 * @see \Drupal\entity\EntityPermissionProvider
16 class EntityAccessControlHandler extends CoreEntityAccessControlHandler {
21 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
22 $account = $this->prepareUser($account);
23 /** @var \Drupal\Core\Access\AccessResult $result */
24 $result = parent::checkAccess($entity, $operation, $account);
26 if ($result->isNeutral()) {
27 if ($entity instanceof EntityOwnerInterface) {
28 $result = $this->checkEntityOwnerPermissions($entity, $operation, $account);
31 $result = $this->checkEntityPermissions($entity, $operation, $account);
35 // Ensure that access is evaluated again when the entity changes.
36 return $result->addCacheableDependency($entity);
40 * Checks the entity operation and bundle permissions.
42 * @param \Drupal\Core\Entity\EntityInterface $entity
43 * The entity for which to check access.
44 * @param string $operation
45 * The entity operation. Usually one of 'view', 'view label', 'update' or
47 * @param \Drupal\Core\Session\AccountInterface $account
48 * The user for which to check access.
50 * @return \Drupal\Core\Access\AccessResultInterface
53 protected function checkEntityPermissions(EntityInterface $entity, $operation, AccountInterface $account) {
54 return AccessResult::allowedIfHasPermissions($account, [
55 "$operation {$entity->getEntityTypeId()}",
56 "$operation {$entity->bundle()} {$entity->getEntityTypeId()}",
61 * Checks the entity operation and bundle permissions, with owners.
63 * @param \Drupal\Core\Entity\EntityInterface $entity
64 * The entity for which to check access.
65 * @param string $operation
66 * The entity operation. Usually one of 'view', 'view label', 'update' or
68 * @param \Drupal\Core\Session\AccountInterface $account
69 * The user for which to check access.
71 * @return \Drupal\Core\Access\AccessResultInterface
74 protected function checkEntityOwnerPermissions(EntityInterface $entity, $operation, AccountInterface $account) {
75 /** @var \Drupal\Core\Entity\EntityInterface|\Drupal\user\EntityOwnerInterface $entity */
76 if (($account->id() == $entity->getOwnerId())) {
77 $result = AccessResult::allowedIfHasPermissions($account, [
78 "$operation own {$entity->getEntityTypeId()}",
79 "$operation any {$entity->getEntityTypeId()}",
80 "$operation own {$entity->bundle()} {$entity->getEntityTypeId()}",
81 "$operation any {$entity->bundle()} {$entity->getEntityTypeId()}",
85 $result = AccessResult::allowedIfHasPermissions($account, [
86 "$operation any {$entity->getEntityTypeId()}",
87 "$operation any {$entity->bundle()} {$entity->getEntityTypeId()}",
91 return $result->cachePerUser();
97 protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
98 $result = parent::checkCreateAccess($account, $context, $entity_bundle);
99 if ($result->isNeutral()) {
101 'administer ' . $this->entityTypeId,
102 'create ' . $this->entityTypeId,
104 if ($entity_bundle) {
105 $permissions[] = 'create ' . $entity_bundle . ' ' . $this->entityTypeId;
108 $result = AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');