class ReferenceAccessConstraintValidator

Same name in other branches
  1. 9 core/lib/Drupal/Core/Entity/Plugin/Validation/Constraint/ReferenceAccessConstraintValidator.php \Drupal\Core\Entity\Plugin\Validation\Constraint\ReferenceAccessConstraintValidator
  2. 10 core/lib/Drupal/Core/Entity/Plugin/Validation/Constraint/ReferenceAccessConstraintValidator.php \Drupal\Core\Entity\Plugin\Validation\Constraint\ReferenceAccessConstraintValidator
  3. 11.x core/lib/Drupal/Core/Entity/Plugin/Validation/Constraint/ReferenceAccessConstraintValidator.php \Drupal\Core\Entity\Plugin\Validation\Constraint\ReferenceAccessConstraintValidator

Checks if the current user has access to newly referenced entities.

Hierarchy

Expanded class hierarchy of ReferenceAccessConstraintValidator

File

core/lib/Drupal/Core/Entity/Plugin/Validation/Constraint/ReferenceAccessConstraintValidator.php, line 11

Namespace

Drupal\Core\Entity\Plugin\Validation\Constraint
View source
class ReferenceAccessConstraintValidator extends ConstraintValidator {
    
    /**
     * {@inheritdoc}
     */
    public function validate($value, Constraint $constraint) {
        
        /* @var \Drupal\Core\Field\FieldItemInterface $value */
        if (!isset($value)) {
            return;
        }
        $id = $value->target_id;
        // '0' or NULL are considered valid empty references.
        if (empty($id)) {
            return;
        }
        
        /* @var \Drupal\Core\Entity\FieldableEntityInterface $referenced_entity */
        $referenced_entity = $value->entity;
        if ($referenced_entity) {
            $entity = $value->getEntity();
            $check_permission = TRUE;
            if (!$entity->isNew()) {
                $existing_entity = \Drupal::entityTypeManager()->getStorage($entity->getEntityTypeId())
                    ->loadUnchanged($entity->id());
                $referenced_entities = $existing_entity->{$value->getFieldDefinition()
                    ->getName()}
                    ->referencedEntities();
                // Check permission if we are not already referencing the entity.
                foreach ($referenced_entities as $ref) {
                    if (isset($referenced_entities[$ref->id()])) {
                        $check_permission = FALSE;
                        break;
                    }
                }
            }
            // We check that the current user had access to view any newly added
            // referenced entity.
            if ($check_permission && !$referenced_entity->access('view')) {
                $type = $value->getFieldDefinition()
                    ->getSetting('target_type');
                $this->context
                    ->addViolation($constraint->message, [
                    '%type' => $type,
                    '%id' => $id,
                ]);
            }
        }
    }

}

Members

Title Sort descending Modifiers Object type Summary
ReferenceAccessConstraintValidator::validate public function

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.