function ContentModerationHooks::entityAccess
Implements hook_entity_access().
Entities should be viewable if unpublished and the user has the appropriate permission. This permission is therefore effectively mandatory for any user that wants to moderate things.
File
-
core/
modules/ content_moderation/ src/ Hook/ ContentModerationHooks.php, line 207
Class
- ContentModerationHooks
- Hook implementations for content_moderation.
Namespace
Drupal\content_moderation\HookCode
public function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\content_moderation\ModerationInformationInterface $moderation_info */
$moderation_info = \Drupal::service('content_moderation.moderation_information');
$access_result = NULL;
if ($operation === 'view') {
$access_result = $entity instanceof EntityPublishedInterface && !$entity->isPublished() ? AccessResult::allowedIfHasPermission($account, 'view any unpublished content') : AccessResult::neutral();
$access_result->addCacheableDependency($entity);
}
elseif ($operation === 'update' && $moderation_info->isModeratedEntity($entity) && $entity->moderation_state) {
/** @var \Drupal\content_moderation\StateTransitionValidation $transition_validation */
$transition_validation = \Drupal::service('content_moderation.state_transition_validation');
$valid_transition_targets = $transition_validation->getValidTransitions($entity, $account);
$access_result = $valid_transition_targets ? AccessResult::neutral() : AccessResult::forbidden('No valid transitions exist for given account.');
$access_result->addCacheableDependency($entity);
$workflow = $moderation_info->getWorkflowForEntity($entity);
$access_result->addCacheableDependency($workflow);
// The state transition validation service returns a list of transitions
// based on the user's permission to use them.
$access_result->cachePerPermissions();
}
// Do not allow users to delete the state that is configured as the default
// state for the workflow.
if ($entity instanceof WorkflowInterface) {
$configuration = $entity->getTypePlugin()
->getConfiguration();
if (!empty($configuration['default_moderation_state']) && $operation === sprintf('delete-state:%s', $configuration['default_moderation_state'])) {
return AccessResult::forbidden()->addCacheableDependency($entity);
}
}
return $access_result;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.