function NodeAccessControlHandler::checkAccess
Same name in other branches
- 9 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()
- 8.9.x core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()
- 11.x core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()
Overrides EntityAccessControlHandler::checkAccess
File
-
core/
modules/ node/ src/ NodeAccessControlHandler.php, line 128
Class
- NodeAccessControlHandler
- Defines the access control handler for the node entity type.
Namespace
Drupal\nodeCode
protected function checkAccess(EntityInterface $node, $operation, AccountInterface $account) {
/** @var \Drupal\node\NodeInterface $node */
// Fetch information from the node object if possible.
$status = $node->isPublished();
$uid = $node->getOwnerId();
// Check if authors can view their own unpublished nodes.
if ($operation === 'view' && !$status && $account->hasPermission('view own unpublished content') && $account->isAuthenticated() && $account->id() == $uid) {
return AccessResult::allowed()->cachePerPermissions()
->cachePerUser()
->addCacheableDependency($node);
}
[
$revision_permission_operation,
$entity_operation,
] = static::REVISION_OPERATION_MAP[$operation] ?? [
NULL,
NULL,
];
// Revision operations.
if ($revision_permission_operation) {
$bundle = $node->bundle();
// If user doesn't have any of these then quit.
if (!$account->hasPermission("{$revision_permission_operation} all revisions") && !$account->hasPermission("{$revision_permission_operation} {$bundle} revisions") && !$account->hasPermission('administer nodes')) {
return AccessResult::neutral()->cachePerPermissions();
}
// If the user has the view all revisions permission and this is the view
// all revisions operation then we can allow access.
if ($operation === 'view all revisions') {
return AccessResult::allowed()->cachePerPermissions();
}
// If this is the default revision, return access denied for revert or
// delete operations.
if ($node->isDefaultRevision() && ($operation === 'revert revision' || $operation === 'delete revision')) {
return AccessResult::forbidden()->addCacheableDependency($node);
}
elseif ($account->hasPermission('administer nodes')) {
return AccessResult::allowed()->cachePerPermissions();
}
// First check the access to the default revision and finally, if the
// node passed in is not the default revision then check access to
// that, too.
$node_storage = $this->entityTypeManager
->getStorage($node->getEntityTypeId());
$access = $this->access($node_storage->load($node->id()), $entity_operation, $account, TRUE);
if (!$node->isDefaultRevision()) {
$access = $access->andIf($this->access($node, $entity_operation, $account, TRUE));
}
return $access->cachePerPermissions()
->addCacheableDependency($node);
}
// Evaluate node grants.
$access_result = $this->grantStorage
->access($node, $operation, $account);
if ($operation === 'view' && $access_result instanceof RefinableCacheableDependencyInterface) {
// Node variations can affect the access to the node. For instance, the
// access result cache varies on the node's published status. Only the
// 'view' node grant can currently be cached. The 'update' and 'delete'
// grants are already marked as uncacheable in the node grant storage.
// @see \Drupal\node\NodeGrantDatabaseStorage::access()
$access_result->addCacheableDependency($node);
}
return $access_result;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.