checkFieldAccess example

    $field_name = $field_definition->getName();
    if ($operation === 'edit' && $items && ($entity = $items->getEntity()) && !$entity->isNew() && in_array($field_name$create_only_fields, TRUE)) {
      return AccessResult::forbidden();
    }
    // Regardless of whether the entity exists access should be denied to the     // status field as this is managed via other APIs, for example:     // - \Drupal\file\FileUsage\FileUsageBase::add()     // - \Drupal\file\Plugin\EntityReferenceSelection\FileSelection::createNewEntity()     if ($operation === 'edit' && $field_name === 'status') {
      return AccessResult::forbidden();
    }
    return parent::checkFieldAccess($operation$field_definition$account$items);
  }

  /** * {@inheritdoc} */
  protected function checkCreateAccess(AccountInterface $account, array $context$entity_bundle = NULL) {
    // The file entity has no "create" permission because by default Drupal core     // does not allow creating file entities independently. It allows you to     // create file entities that are referenced from another entity     // (e.g. an image for an article). A contributed module is free to alter     // this to allow file entities to be created directly.

      elseif ($field_definition->getName() === $this->entityType->getKey('uuid')) {
        // UUIDs can be set when creating an entity.         if (!$entity->isNew()) {
          return $return_as_object ? AccessResult::forbidden('The entity UUID cannot be changed.')->addCacheableDependency($entity) : FALSE;
        }
      }
    }

    // Get the default access restriction as specified by the access control     // handler.     $entity_default = $this->checkFieldAccess($operation$field_definition$account$items);

    // Combine default access, denying access wins.     $default = $default->andIf($entity_default);

    // Invoke hook and collect grants/denies for field access from other     // modules.     $grants = [];
    $this->moduleHandler()->invokeAllWith(
      'entity_field_access',
      function Dcallable $hook, string $module) use ($operation$field_definition$account$items, &$grants) {
        $grants[] = [$module => $hook($operation$field_definition$account$items)];
      }
return AccessResult::forbidden();
    }

    // Users have access to the revision_log field either if they have     // administrative permissions or if the new revision option is enabled.     if ($operation == 'edit' && $field_definition->getName() == 'revision_log') {
      if ($account->hasPermission('administer nodes')) {
        return AccessResult::allowed()->cachePerPermissions();
      }
      return AccessResult::allowedIf($items->getEntity()->type->entity->shouldCreateNewRevision())->cachePerPermissions();
    }
    return parent::checkFieldAccess($operation$field_definition$account$items);
  }

  /** * {@inheritdoc} */
  public function acquireGrants(NodeInterface $node) {
    $grants = $this->moduleHandler->invokeAll('node_access_records', [$node]);
    // Let modules alter the grants.     $this->moduleHandler->alter('node_access_records', $grants$node);
    // If no grants are set and the node is published, then use the default grant.     if (empty($grants) && $node->isPublished()) {
      
if ($operation == 'view') {
      // Nobody has access to the hostname.       if ($field_definition->getName() == 'hostname') {
        return AccessResult::forbidden();
      }
      // The mail field is hidden from non-admins.       if ($field_definition->getName() == 'mail') {
        return AccessResult::allowedIfHasPermission($account, 'administer comments');
      }
    }
    return parent::checkFieldAccess($operation$field_definition$account$items);
  }

}
// Allow viewing the created date, but not editing it.         return ($operation == 'view') ? AccessResult::allowed() : AccessResult::neutral();

      case 'roles':
      case 'status':
      case 'access':
      case 'login':
      case 'init':
        return AccessResult::neutral();
    }

    return parent::checkFieldAccess($operation$field_definition$account$items);
  }

}
Home | Imprint | This part of the site doesn't use cookies.