function TemporaryQueryGuard::getAccessConditionForKnownSubsets

Same name in other branches
  1. 9 core/modules/jsonapi/src/Access/TemporaryQueryGuard.php \Drupal\jsonapi\Access\TemporaryQueryGuard::getAccessConditionForKnownSubsets()
  2. 10 core/modules/jsonapi/src/Access/TemporaryQueryGuard.php \Drupal\jsonapi\Access\TemporaryQueryGuard::getAccessConditionForKnownSubsets()
  3. 11.x core/modules/jsonapi/src/Access/TemporaryQueryGuard.php \Drupal\jsonapi\Access\TemporaryQueryGuard::getAccessConditionForKnownSubsets()

Gets an access condition for the allowed JSONAPI_FILTER_AMONG_* subsets.

If access is allowed for the JSONAPI_FILTER_AMONG_ALL subset, then no conditions are returned. Otherwise, if access is allowed for JSONAPI_FILTER_AMONG_PUBLISHED, JSONAPI_FILTER_AMONG_ENABLED, or JSONAPI_FILTER_AMONG_OWN, then a condition group is returned for the union of allowed subsets. If no subsets are allowed, then static::alwaysFalse() is returned.

Parameters

\Drupal\Core\Entity\EntityTypeInterface $entity_type: The entity type for which to check filter access.

\Drupal\Core\Session\AccountInterface $account: The account for which to check access.

\Drupal\Core\Cache\CacheableMetadata $cacheability: Collects cacheability for the query.

Return value

\Drupal\jsonapi\Query\EntityConditionGroup|null An EntityConditionGroup or NULL if no conditions need to be applied to secure an entity query.

1 call to TemporaryQueryGuard::getAccessConditionForKnownSubsets()
TemporaryQueryGuard::getAccessCondition in core/modules/jsonapi/src/Access/TemporaryQueryGuard.php
Gets an EntityConditionGroup that filters out inaccessible entities.

File

core/modules/jsonapi/src/Access/TemporaryQueryGuard.php, line 345

Class

TemporaryQueryGuard
Adds sufficient access control to collection queries.

Namespace

Drupal\jsonapi\Access

Code

protected static function getAccessConditionForKnownSubsets(EntityTypeInterface $entity_type, AccountInterface $account, CacheableMetadata $cacheability) {
    // Get the combined access results for each JSONAPI_FILTER_AMONG_* subset.
    $access_results = static::getAccessResultsFromEntityFilterHook($entity_type, $account);
    // No conditions are needed if access is allowed for all entities.
    $cacheability->addCacheableDependency($access_results[JSONAPI_FILTER_AMONG_ALL]);
    if ($access_results[JSONAPI_FILTER_AMONG_ALL]->isAllowed()) {
        return NULL;
    }
    // If filtering is not allowed across all entities, but is allowed for
    // certain subsets, then add conditions that reflect those subsets. These
    // will be grouped in an OR to reflect that access may be granted to
    // more than one subset. If no conditions are added below, then
    // static::alwaysFalse() is returned.
    $conditions = [];
    // The "published" subset.
    $published_field_name = $entity_type->getKey('published');
    if ($published_field_name) {
        $access_result = $access_results[JSONAPI_FILTER_AMONG_PUBLISHED];
        $cacheability->addCacheableDependency($access_result);
        if ($access_result->isAllowed()) {
            $conditions[] = new EntityCondition($published_field_name, 1);
            $cacheability->addCacheTags($entity_type->getListCacheTags());
        }
    }
    // The "enabled" subset.
    // @todo Remove ternary when the 'status' key is added to the User entity type.
    $status_field_name = $entity_type->id() === 'user' ? 'status' : $entity_type->getKey('status');
    if ($status_field_name) {
        $access_result = $access_results[JSONAPI_FILTER_AMONG_ENABLED];
        $cacheability->addCacheableDependency($access_result);
        if ($access_result->isAllowed()) {
            $conditions[] = new EntityCondition($status_field_name, 1);
            $cacheability->addCacheTags($entity_type->getListCacheTags());
        }
    }
    // The "owner" subset.
    // @todo Remove ternary when the 'uid' key is added to the User entity type.
    $owner_field_name = $entity_type->id() === 'user' ? 'uid' : $entity_type->getKey('owner');
    if ($owner_field_name) {
        $access_result = $access_results[JSONAPI_FILTER_AMONG_OWN];
        $cacheability->addCacheableDependency($access_result);
        if ($access_result->isAllowed()) {
            $cacheability->addCacheContexts([
                'user',
            ]);
            if ($account->isAuthenticated()) {
                $conditions[] = new EntityCondition($owner_field_name, $account->id());
                $cacheability->addCacheTags($entity_type->getListCacheTags());
            }
        }
    }
    // If no conditions were added above, then access wasn't granted to any
    // subset, so return alwaysFalse().
    if (empty($conditions)) {
        return static::alwaysFalse($entity_type);
    }
    // If more than one condition was added above, then access was granted to
    // more than one subset, so combine them with an OR.
    if (count($conditions) > 1) {
        return new EntityConditionGroup('OR', $conditions);
    }
    // Otherwise return the single condition.
    return $conditions[0];
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.