function RelationshipRouteAccessCheck::access

Same name in other branches
  1. 9 core/modules/jsonapi/src/Access/RelationshipRouteAccessCheck.php \Drupal\jsonapi\Access\RelationshipRouteAccessCheck::access()
  2. 11.x core/modules/jsonapi/src/Access/RelationshipRouteAccessCheck.php \Drupal\jsonapi\Access\RelationshipRouteAccessCheck::access()

Checks access to the relationship field on the given route.

Parameters

\Symfony\Component\Routing\Route $route: The route to check against.

\Drupal\Core\Routing\RouteMatchInterface $route_match: The route match.

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

File

core/modules/jsonapi/src/Access/RelationshipRouteAccessCheck.php, line 63

Class

RelationshipRouteAccessCheck
Defines a class to check access to related and relationship routes.

Namespace

Drupal\jsonapi\Access

Code

public function access(Route $route, RouteMatchInterface $route_match, ?AccountInterface $account = NULL) {
    [
        $relationship_field_name,
        $field_operation,
    ] = explode('.', $route->getRequirement(static::ROUTE_REQUIREMENT_KEY));
    assert(in_array($field_operation, [
        'view',
        'edit',
    ], TRUE));
    $entity_operation = $field_operation === 'view' ? 'view' : 'update';
    if ($resource_type = $route_match->getParameter(Routes::RESOURCE_TYPE_KEY)) {
        assert($resource_type instanceof ResourceType);
        $entity = $route_match->getParameter('entity');
        $internal_name = $resource_type->getInternalName($relationship_field_name);
        if ($entity instanceof FieldableEntityInterface && $entity->hasField($internal_name)) {
            $entity_access = $this->entityAccessChecker
                ->checkEntityAccess($entity, $entity_operation, $account);
            $field_access = $entity->get($internal_name)
                ->access($field_operation, $account, TRUE);
            // Ensure that access is respected for different entity revisions.
            $access_result = $entity_access->andIf($field_access);
            if (!$access_result->isAllowed()) {
                $reason = "The current user is not allowed to {$field_operation} this relationship.";
                $access_reason = $access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : NULL;
                $detailed_reason = empty($access_reason) ? $reason : $reason . " {$access_reason}";
                $access_result->setReason($detailed_reason);
            }
            return $access_result;
        }
    }
    return AccessResult::neutral();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.