TemporaryQueryGuard
class TemporaryQueryGuard (View source)
| internal | JSON:API maintains no PHP API. The API is the HTTP API. This class may change at any time and could break any dependencies on it. |
Adds sufficient access control to collection queries.
This class will be removed when new Drupal core APIs have been put in place to make it obsolete.
Properties
| static protected EntityFieldManagerInterface | $fieldManager | The entity field manager. |
|
| static protected ModuleHandlerInterface | $moduleHandler | The module handler. |
Methods
Applies access controls to an entity query.
Applies tags, metadata and conditions to secure an entity query.
Applies access conditions to ensure 'view' access is respected.
Prefixes all fields in an EntityConditionGroup.
Gets an EntityConditionGroup that filters out inaccessible entities.
Gets an access condition for the allowed JSONAPI_FILTERAMONG* subsets.
Gets the combined access result for each JSONAPI_FILTERAMONG* subset.
Gets an access condition for a comment entity.
Gets an always FALSE entity condition group for the given entity type.
Recursively collects all entity query condition fields.
Copied from \Drupal\jsonapi\IncludeResolver.
Details
static
setFieldManager(EntityFieldManagerInterface $field_manager)
Sets the entity field manager.
This must be called before calling ::applyAccessControls().
static
setModuleHandler(ModuleHandlerInterface $module_handler)
Sets the module handler.
This must be called before calling ::applyAccessControls().
static
applyAccessControls(Filter $filter, QueryInterface $query, CacheableMetadata $cacheability)
Applies access controls to an entity query.
static protected
secureQuery(QueryInterface $query, string $entity_type_id, array $tree, CacheableMetadata $cacheability, string|null $field_prefix = NULL, FieldStorageDefinitionInterface $field_storage_definition = NULL)
Applies tags, metadata and conditions to secure an entity query.
static protected
applyAccessConditions(QueryInterface $query, string $entity_type_id, string|null $field_prefix, CacheableMetadata $cacheability)
Applies access conditions to ensure 'view' access is respected.
Since the given entity type might not be the base entity type of the query, the field prefix should be applied to ensure that the conditions are applied to the right subset of entities in the query.
static protected
addConditionFieldPrefix(EntityConditionGroup $group, $field_prefix)
Prefixes all fields in an EntityConditionGroup.
static protected EntityConditionGroup|null
getAccessCondition(string $entity_type_id, CacheableMetadata $cacheability)
Gets an EntityConditionGroup that filters out inaccessible entities.
static protected EntityConditionGroup|null
getAccessConditionForKnownSubsets(EntityTypeInterface $entity_type, AccountInterface $account, CacheableMetadata $cacheability)
Gets an access condition for the allowed JSONAPI_FILTERAMONG* subsets.
If access is allowed for the JSONAPI_FILTER_AMONG_ALL subset, then no conditions are returned. Otherwise, if access is allowed for JSONAPI_FILTER_AMONG_PUBLISHED, JSONAPI_FILTER_AMONG_ENABLED, or JSONAPI_FILTER_AMONG_OWN, then a condition group is returned for the union of allowed subsets. If no subsets are allowed, then static::alwaysFalse() is returned.
static protected AccessResultInterface[]
getAccessResultsFromEntityFilterHook(EntityTypeInterface $entity_type, AccountInterface $account)
Gets the combined access result for each JSONAPI_FILTERAMONG* subset.
This invokes hook_jsonapi_entity_filter_access() and hook_jsonapi_ENTITY_TYPE_filter_access() and combines the results from all of the modules into a single set of results.
static protected EntityConditionGroup|null
getCommentAccessCondition(EntityTypeInterface $comment_entity_type, AccountInterface $current_user, CacheableMetadata $cacheability, int $depth = 1)
Gets an access condition for a comment entity.
Unlike all other core entity types, Comment entities' access control depends on access to a referenced entity. More challenging yet, that entity reference field may target different entity types depending on the comment bundle. This makes the query access conditions sufficiently complex to merit a dedicated method.
static protected EntityConditionGroup
alwaysFalse(EntityTypeInterface $entity_type)
Gets an always FALSE entity condition group for the given entity type.
static protected array
collectFilteredFields(EntityConditionGroup $group, array $fields = [])
Recursively collects all entity query condition fields.
Entity conditions can be nested within AND and OR groups. This recursively finds all unique fields in an entity query condition.
static protected
buildTree(array $paths)
Copied from \Drupal\jsonapi\IncludeResolver.