checkEntityAccess example


  public function getAccessCheckedResourceObject(EntityInterface $entity, AccountInterface $account = NULL) {
    $account = $account ?: $this->currentUser;
    $resource_type = $this->resourceTypeRepository->get($entity->getEntityTypeId()$entity->bundle());
    $entity = $this->entityRepository->getTranslationFromContext($entity, NULL, ['operation' => 'entity_upcast']);
    $access = $this->checkEntityAccess($entity, 'view', $account);
    $entity->addCacheableDependency($access);
    if (!$access->isAllowed()) {
      // If this is the default revision or the entity is not revisionable, then       // check access to the entity label. Revision support is all or nothing.       if (!$entity->getEntityType()->isRevisionable() || $entity->isDefaultRevision()) {
        $label_access = $entity->access('view label', NULL, TRUE);
        $entity->addCacheableDependency($label_access);
        if ($label_access->isAllowed()) {
          return LabelOnlyResourceObject::createFromEntity($resource_type$entity);
        }
        $access = $access->orIf($label_access);
      }

  public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account = NULL) {
    [$relationship_field_name$field_operation] = explode('.', $route->getRequirement(static::ROUTE_REQUIREMENT_KEY));
    assert(in_array($field_operation['view', 'edit'], TRUE));
    $entity_operation = $field_operation === 'view' ? 'view' : 'update';
    if ($resource_type = $route_match->getParameter(Routes::RESOURCE_TYPE_KEY)) {
      assert($resource_type instanceof ResourceType);
      $entity = $route_match->getParameter('entity');
      $internal_name = $resource_type->getInternalName($relationship_field_name);
      if ($entity instanceof FieldableEntityInterface && $entity->hasField($internal_name)) {
        $entity_access = $this->entityAccessChecker->checkEntityAccess($entity$entity_operation$account);
        $field_access = $entity->get($internal_name)->access($field_operation$account, TRUE);
        // Ensure that access is respected for different entity revisions.         $access_result = $entity_access->andIf($field_access);
        if (!$access_result->isAllowed()) {
          $reason = "The current user is not allowed to {$field_operation} this relationship.";
          $access_reason = $access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : NULL;
          $detailed_reason = empty($access_reason) ? $reason : $reason . " {$access_reason}";
          $access_result->setReason($detailed_reason);
        }
        return $access_result;
      }
    }
Home | Imprint | This part of the site doesn't use cookies.