1. class
  2. Drupal
  3. \
  4. jsonapi
  5. \
  6. Access
  7. \
  8. EntityAccessChecker

EntityAccessChecker

class EntityAccessChecker (View source)

internal  JSON:API maintains no PHP API. The API is the HTTP API. This class may change at any time and could break any dependencies on it.
 

Checks access to entities.

JSON:API needs to check access to every single entity type. Some entity types have non-standard access checking logic. This class centralizes entity access checking logic.

Properties

protected ResourceTypeRepositoryInterface $resourceTypeRepository

The JSON:API resource type repository.
protected RouterInterface $router

The router.
protected AccountInterface $currentUser

The current user.
protected EntityRepositoryInterface $entityRepository

The entity repository.
protected NodeRevisionAccessCheck|null $nodeRevisionAccessCheck

The node revision access check service.
protected MediaRevisionAccessCheck|null $mediaRevisionAccessCheck

The media revision access check service.
protected LatestRevisionCheck $latestRevisionCheck

The latest revision check service.

Methods

__construct(ResourceTypeRepositoryInterface $resource_type_repository, RouterInterface $router, AccountInterface $account, EntityRepositoryInterface $entity_repository)

EntityAccessChecker constructor.

setNodeRevisionAccessCheck(NodeRevisionAccessCheck $node_revision_access_check)

Sets the node revision access check service.

setMediaRevisionAccessCheck(MediaRevisionAccessCheck $media_revision_access_check)

Sets the media revision access check service.

setLatestRevisionCheck(LatestRevisionCheck $latest_revision_check)

Sets the media revision access check service.

ResourceObject|LabelOnlyResourceObject|EntityAccessDeniedHttpException
getAccessCheckedResourceObject(EntityInterface $entity, AccountInterface $account = NULL)

Get the object to normalize and the access based on the provided entity.

AccessResultInterface|AccessResultReasonInterface
checkEntityAccess(EntityInterface $entity, string $operation, AccountInterface $account)

Checks access to the given entity.

AccessResultInterface|AccessResultReasonInterface
checkRevisionViewAccess(EntityInterface $entity, AccountInterface $account)

Checks access to the given revision entity.

Details

at line 108
__construct(ResourceTypeRepositoryInterface $resource_type_repository, RouterInterface $router, AccountInterface $account, EntityRepositoryInterface $entity_repository)

EntityAccessChecker constructor.

Parameters

ResourceTypeRepositoryInterface $resource_type_repository

The JSON:API resource type repository.
RouterInterface $router

The router.
AccountInterface $account

The current user.
EntityRepositoryInterface $entity_repository

The entity repository.

at line 123
setNodeRevisionAccessCheck(NodeRevisionAccessCheck $node_revision_access_check)

Sets the node revision access check service.

This is only called when node module is installed.

Parameters

NodeRevisionAccessCheck $node_revision_access_check

The node revision access check service.

at line 135
setMediaRevisionAccessCheck(MediaRevisionAccessCheck $media_revision_access_check)

Sets the media revision access check service.

This is only called when media module is installed.

Parameters

MediaRevisionAccessCheck $media_revision_access_check

The media revision access check service.

at line 150
setLatestRevisionCheck(LatestRevisionCheck $latest_revision_check)

Sets the media revision access check service.

This is only called when content_moderation module is installed.

Parameters

LatestRevisionCheck $latest_revision_check

The latest revision access check service provided by the content_moderation module.

See also

self::$latestRevisionCheck

at line 168
ResourceObject|LabelOnlyResourceObject|EntityAccessDeniedHttpException getAccessCheckedResourceObject(EntityInterface $entity, AccountInterface $account = NULL)

Get the object to normalize and the access based on the provided entity.

Parameters

EntityInterface $entity

The entity to test access for.
AccountInterface $account

(optional) The account with which access should be checked. Defaults to the current user.

Return Value

ResourceObject|LabelOnlyResourceObject|EntityAccessDeniedHttpException

The ResourceObject, a LabelOnlyResourceObject or an EntityAccessDeniedHttpException object if neither is accessible. All three possible return values carry the access result cacheability.

at line 204
AccessResultInterface|AccessResultReasonInterface checkEntityAccess(EntityInterface $entity, string $operation, AccountInterface $account)

Checks access to the given entity.

Parameters

EntityInterface $entity

The entity for which access should be evaluated.
string $operation

The entity operation for which access should be evaluated.
AccountInterface $account

(optional) The account with which access should be checked. Defaults to the current user.

Return Value

AccessResultInterface|AccessResultReasonInterface

The access check result.

at line 243
protected AccessResultInterface|AccessResultReasonInterface checkRevisionViewAccess(EntityInterface $entity, AccountInterface $account)

Checks access to the given revision entity.

This should only be called for non-default revisions.

There is no standardized API for revision access checking in Drupal core and this method shims that missing API.

Parameters

EntityInterface $entity

The revised entity for which to check access.
AccountInterface $account

(optional) The account with which access should be checked. Defaults to the current user.

Return Value

AccessResultInterface|AccessResultReasonInterface

The access check result.

See also

https://www.drupal.org/project/drupal/issues/2992833#comment-12818386