function EntityAccessControlHandler::access

Same name and namespace in other branches
  1. 9 core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php \Drupal\Core\Entity\EntityAccessControlHandler::access()
  2. 8.9.x core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php \Drupal\Core\Entity\EntityAccessControlHandler::access()
  3. 11.x core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php \Drupal\Core\Entity\EntityAccessControlHandler::access()

Checks access to an operation on a given entity or entity translation.

Use \Drupal\Core\Entity\EntityAccessControlHandlerInterface::createAccess() to check access to create an entity.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The operation access should be checked for. Usually one of "view", "view label", "update" or "delete".

\Drupal\Core\Session\AccountInterface $account: (optional) The user session for which to check access, or NULL to check access for the current user. Defaults to NULL.

bool $return_as_object: (optional) Defaults to FALSE.

Return value

bool|\Drupal\Core\Access\AccessResultInterface The access result. Returns a boolean if $return_as_object is FALSE (this is the default) and otherwise an AccessResultInterface object. When a boolean is returned, the result of AccessInterface::isAllowed() is returned, i.e. TRUE means access is explicitly allowed, FALSE means access is either explicitly forbidden or "no opinion".

Overrides EntityAccessControlHandlerInterface::access

1 call to EntityAccessControlHandler::access()
MediaAccessControlHandler::checkAccess in core/modules/media/src/MediaAccessControlHandler.php
Performs access checks.
1 method overrides EntityAccessControlHandler::access()
NodeAccessControlHandler::access in core/modules/node/src/NodeAccessControlHandler.php
Checks access to an operation on a given entity or entity translation.

File

core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php, line 61

Class

EntityAccessControlHandler
Defines a default implementation for entity access control handler.

Namespace

Drupal\Core\Entity

Code

public function access(EntityInterface $entity, $operation, ?AccountInterface $account = NULL, $return_as_object = FALSE) {
    $account = $this->prepareUser($account);
    $langcode = $entity->language()
        ->getId();
    if ($operation === 'view label' && $this->viewLabelOperation == FALSE) {
        $operation = 'view';
    }
    // If an entity does not have a UUID, either from not being set or from not
    // having them, use the 'entity type:ID' pattern as the cache $cid.
    $cid = $entity->uuid() ?: $entity->getEntityTypeId() . ':' . $entity->id();
    // If the entity is revisionable, then append the revision ID to allow
    // individual revisions to have specific access control and be cached
    // separately.
    if ($entity instanceof RevisionableInterface) {
        
        /** @var \Drupal\Core\Entity\RevisionableInterface $entity */
        $cid .= ':' . $entity->getRevisionId();
        // It is not possible to delete or revert the default revision.
        if ($entity->isDefaultRevision() && ($operation === 'revert' || $operation === 'delete revision')) {
            return $return_as_object ? AccessResult::forbidden() : FALSE;
        }
    }
    if (($return = $this->getCache($cid, $operation, $langcode, $account)) !== NULL) {
        // Cache hit, no work necessary.
        return $return_as_object ? $return : $return->isAllowed();
    }
    // Invoke hook_entity_access() and hook_ENTITY_TYPE_access(). Hook results
    // take precedence over overridden implementations of
    // EntityAccessControlHandler::checkAccess(). Entities that have checks that
    // need to be done before the hook is invoked should do so by overriding
    // this method.
    // We grant access to the entity if both of these conditions are met:
    // - No modules say to deny access.
    // - At least one module says to grant access.
    $access = array_merge($this->moduleHandler()
        ->invokeAll('entity_access', [
        $entity,
        $operation,
        $account,
    ]), $this->moduleHandler()
        ->invokeAll($entity->getEntityTypeId() . '_access', [
        $entity,
        $operation,
        $account,
    ]));
    $return = $this->processAccessHookResults($access);
    // Also execute the default access check except when the access result is
    // already forbidden, as in that case, it can not be anything else.
    if (!$return->isForbidden()) {
        $return = $return->orIf($this->checkAccess($entity, $operation, $account));
    }
    $result = $this->setCache($return, $cid, $operation, $langcode, $account);
    return $return_as_object ? $result : $result->isAllowed();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.