EntityResourceAccessTrait.php

Same filename in other branches
  1. 9 core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php
  2. 8.9.x core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php
  3. 11.x core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php

Namespace

Drupal\rest\Plugin\rest\resource

File

core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php

View source
<?php

namespace Drupal\rest\Plugin\rest\resource;

use Drupal\Core\Entity\EntityInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

/**
 * @internal
 * @todo Consider making public in https://www.drupal.org/node/2300677
 */
trait EntityResourceAccessTrait {
    
    /**
     * Performs edit access checks for fields.
     *
     * @param \Drupal\Core\Entity\EntityInterface $entity
     *   The entity whose fields edit access should be checked for.
     *
     * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
     *   Throws access denied when the user does not have permissions to edit a
     *   field.
     */
    protected function checkEditFieldAccess(EntityInterface $entity) {
        // Only check 'edit' permissions for fields that were actually submitted by
        // the user. Field access makes no difference between 'create' and 'update',
        // so the 'edit' operation is used here.
        foreach ($entity->_restSubmittedFields as $field_name) {
            if (!$entity->get($field_name)
                ->access('edit')) {
                throw new AccessDeniedHttpException("Access denied on creating field '{$field_name}'.");
            }
        }
    }

}

Traits

Title Deprecated Summary
EntityResourceAccessTrait @internal @todo Consider making public in https://www.drupal.org/node/2300677

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.