function ContentModerationHooks::entityAccess

Implements hook_entity_access().

Entities should be viewable if unpublished and the user has the appropriate permission. This permission is therefore effectively mandatory for any user that wants to moderate things.

File

core/modules/content_moderation/src/Hook/ContentModerationHooks.php, line 207

Class

ContentModerationHooks
Hook implementations for content_moderation.

Namespace

Drupal\content_moderation\Hook

Code

public function entityAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    
    /** @var \Drupal\content_moderation\ModerationInformationInterface $moderation_info */
    $moderation_info = \Drupal::service('content_moderation.moderation_information');
    $access_result = NULL;
    if ($operation === 'view') {
        $access_result = $entity instanceof EntityPublishedInterface && !$entity->isPublished() ? AccessResult::allowedIfHasPermission($account, 'view any unpublished content') : AccessResult::neutral();
        $access_result->addCacheableDependency($entity);
    }
    elseif ($operation === 'update' && $moderation_info->isModeratedEntity($entity) && $entity->moderation_state) {
        
        /** @var \Drupal\content_moderation\StateTransitionValidation $transition_validation */
        $transition_validation = \Drupal::service('content_moderation.state_transition_validation');
        $valid_transition_targets = $transition_validation->getValidTransitions($entity, $account);
        $access_result = $valid_transition_targets ? AccessResult::neutral() : AccessResult::forbidden('No valid transitions exist for given account.');
        $access_result->addCacheableDependency($entity);
        $workflow = $moderation_info->getWorkflowForEntity($entity);
        $access_result->addCacheableDependency($workflow);
        // The state transition validation service returns a list of transitions
        // based on the user's permission to use them.
        $access_result->cachePerPermissions();
    }
    // Do not allow users to delete the state that is configured as the default
    // state for the workflow.
    if ($entity instanceof WorkflowInterface) {
        $configuration = $entity->getTypePlugin()
            ->getConfiguration();
        if (!empty($configuration['default_moderation_state']) && $operation === sprintf('delete-state:%s', $configuration['default_moderation_state'])) {
            return AccessResult::forbidden()->addCacheableDependency($entity);
        }
    }
    return $access_result;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.