function BlockContentAccessControlHandler::checkAccess

Same name and namespace in other branches
  1. 9 core/modules/block_content/src/BlockContentAccessControlHandler.php \Drupal\block_content\BlockContentAccessControlHandler::checkAccess()
  2. 8.9.x core/modules/block_content/src/BlockContentAccessControlHandler.php \Drupal\block_content\BlockContentAccessControlHandler::checkAccess()
  3. 11.x core/modules/block_content/src/BlockContentAccessControlHandler.php \Drupal\block_content\BlockContentAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

core/modules/block_content/src/BlockContentAccessControlHandler.php, line 57

Class

BlockContentAccessControlHandler
Defines the access control handler for the content block entity type.

Namespace

Drupal\block_content

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  assert($entity instanceof BlockContentInterface);
  $bundle = $entity->bundle();
  $forbidIfNotReusable = fn(): AccessResultInterface => AccessResult::forbiddenIf($entity->isReusable() === FALSE, sprintf('Block content must be reusable to use `%s` operation', $operation));
  $access = AccessResult::allowedIfHasPermissions($account, [
    'administer block content',
  ]);
  if (!$access->isAllowed()) {
    $access = match ($operation) {  'view' => AccessResult::allowedIf($entity->isPublished())
        ->orIf(AccessResult::allowedIfHasPermission($account, 'access block library')),
      'update' => AccessResult::allowedIfHasPermission($account, 'edit any ' . $bundle . ' block content'),
      'delete' => AccessResult::allowedIfHasPermission($account, 'delete any ' . $bundle . ' block content'),
      'view revision', 'view all revisions' => AccessResult::allowedIfHasPermission($account, 'view any ' . $bundle . ' block content history'),
      'revert' => AccessResult::allowedIfHasPermission($account, 'revert any ' . $bundle . ' block content revisions')->orIf($forbidIfNotReusable()),
      'delete revision' => AccessResult::allowedIfHasPermission($account, 'delete any ' . $bundle . ' block content revisions')->orIf($forbidIfNotReusable()),
      default => parent::checkAccess($entity, $operation, $account),
    
    };
  }
  // Add the entity as a cacheable dependency because access will at least be
  // determined by whether the block is reusable.
  $access->addCacheableDependency($entity);
  if ($entity->isReusable() === FALSE && $access->isForbidden() !== TRUE) {
    if (!$entity instanceof DependentAccessInterface) {
      throw new \LogicException("Non-reusable block entities must implement \\Drupal\\block_content\\Access\\DependentAccessInterface for access control.");
    }
    $dependency = $entity->getAccessDependency();
    if (empty($dependency)) {
      // If an access dependency has not been set let modules set one.
      $event = new BlockContentGetDependencyEvent($entity);
      $this->eventDispatcher
        ->dispatch($event, BlockContentEvents::BLOCK_CONTENT_GET_DEPENDENCY);
      $dependency = $event->getAccessDependency();
      if (empty($dependency)) {
        return AccessResult::forbidden("Non-reusable blocks must set an access dependency for access control.");
      }
    }
    /** @var \Drupal\Core\Entity\EntityInterface $dependency */
    $access = $access->andIf($dependency->access($operation, $account, TRUE));
  }
  return $access;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.