CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
checkFieldAccess example
$field_name = $field_definition->getName();
if ($operation === 'edit' && $items && ($entity = $items->getEntity()) && !$entity->isNew() && in_array($field_name, $create_only_fields, TRUE)) {
return AccessResult::forbidden();
}
// Regardless of whether the entity exists access should be denied to the // status field as this is managed via other APIs, for example: // - \Drupal\file\FileUsage\FileUsageBase::add() // - \Drupal\file\Plugin\EntityReferenceSelection\FileSelection::createNewEntity() if ($operation === 'edit' && $field_name === 'status') {
return AccessResult::forbidden();
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
// The file entity has no "create" permission because by default Drupal core // does not allow creating file entities independently. It allows you to // create file entities that are referenced from another entity // (e.g. an image for an article). A contributed module is free to alter // this to allow file entities to be created directly.
if ($operation === 'edit' && $items && ($entity = $items->getEntity()) && !$entity->isNew() && in_array($field_name, $create_only_fields, TRUE)) {
return AccessResult::forbidden();
}
// Regardless of whether the entity exists access should be denied to the // status field as this is managed via other APIs, for example: // - \Drupal\file\FileUsage\FileUsageBase::add() // - \Drupal\file\Plugin\EntityReferenceSelection\FileSelection::createNewEntity() if ($operation === 'edit' && $field_name === 'status') {
return AccessResult::forbidden();
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
// The file entity has no "create" permission because by default Drupal core // does not allow creating file entities independently. It allows you to // create file entities that are referenced from another entity // (e.g. an image for an article). A contributed module is free to alter // this to allow file entities to be created directly.
elseif ($field_definition->getName() === $this->entityType->getKey('uuid')) {
// UUIDs can be set when creating an entity. if (!$entity->isNew()) {
return $return_as_object ? AccessResult::forbidden('The entity UUID cannot be changed.')->addCacheableDependency($entity) : FALSE;
}
}
}
// Get the default access restriction as specified by the access control // handler. $entity_default = $this->checkFieldAccess($operation, $field_definition, $account, $items);
// Combine default access, denying access wins. $default = $default->andIf($entity_default);
// Invoke hook and collect grants/denies for field access from other // modules. $grants = [];
$this->moduleHandler()->invokeAllWith(
'entity_field_access',
function Dcallable $hook, string $module) use ($operation, $field_definition, $account, $items, &$grants) {
$grants[] = [$module => $hook($operation, $field_definition, $account, $items)];
}
return AccessResult::forbidden();
}
// Users have access to the revision_log field either if they have // administrative permissions or if the new revision option is enabled. if ($operation == 'edit' && $field_definition->getName() == 'revision_log') {
if ($account->hasPermission('administer nodes')) {
return AccessResult::allowed()->cachePerPermissions();
}
return AccessResult::allowedIf($items->getEntity()->type->entity->shouldCreateNewRevision())->cachePerPermissions();
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
/** * {@inheritdoc} */
public function acquireGrants(NodeInterface $node) {
$grants = $this->moduleHandler->invokeAll('node_access_records', [$node]);
// Let modules alter the grants. $this->moduleHandler->alter('node_access_records', $grants, $node);
// If no grants are set and the node is published, then use the default grant. if (empty($grants) && $node->isPublished()) {
}
// Users have access to the revision_log field either if they have // administrative permissions or if the new revision option is enabled. if ($operation == 'edit' && $field_definition->getName() == 'revision_log') {
if ($account->hasPermission('administer nodes')) {
return AccessResult::allowed()->cachePerPermissions();
}
return AccessResult::allowedIf($items->getEntity()->type->entity->shouldCreateNewRevision())->cachePerPermissions();
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
/** * {@inheritdoc} */
public function acquireGrants(NodeInterface $node) {
$grants = $this->moduleHandler->invokeAll('node_access_records', [$node]);
// Let modules alter the grants. $this->moduleHandler->alter('node_access_records', $grants, $node);
// If no grants are set and the node is published, then use the default grant. if (empty($grants) && $node->isPublished()) {
if ($operation == 'view') {
// Nobody has access to the hostname. if ($field_definition->getName() == 'hostname') {
return AccessResult::forbidden();
}
// The mail field is hidden from non-admins. if ($field_definition->getName() == 'mail') {
return AccessResult::allowedIfHasPermission($account, 'administer comments');
}
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
}
// Nobody has access to the hostname. if ($field_definition->getName() == 'hostname') {
return AccessResult::forbidden();
}
// The mail field is hidden from non-admins. if ($field_definition->getName() == 'mail') {
return AccessResult::allowedIfHasPermission($account, 'administer comments');
}
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
}
// Allow viewing the created date, but not editing it.
return ($operation == 'view') ? AccessResult::allowed() : AccessResult::neutral();
case 'roles':
case 'status':
case 'access':
case 'login':
case 'init':
return AccessResult::neutral();
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
}
case 'roles':
case 'status':
case 'access':
case 'login':
case 'init':
return AccessResult::neutral();
}
return parent::checkFieldAccess($operation, $field_definition, $account, $items);
}
}