public EntityAccessControlHandler::access(EntityInterface $entity, $operation, AccountInterface $account = NULL, $return_as_object = FALSE)
Checks access to an operation on a given entity or entity translation.
Use \Drupal\Core\Entity\EntityAccessControlHandlerInterface::createAccess() to check access to create an entity.
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.
string $operation: The operation access should be checked for. Usually one of "view", "view label", "update" or "delete".
\Drupal\Core\Session\AccountInterface $account: (optional) The user session for which to check access, or NULL to check access for the current user. Defaults to NULL.
bool $return_as_object: (optional) Defaults to FALSE.
bool|\Drupal\Core\Access\AccessResultInterface The access result. Returns a boolean if $return_as_object is FALSE (this is the default) and otherwise an AccessResultInterface object. When a boolean is returned, the result of AccessInterface::isAllowed() is returned, i.e. TRUE means access is explicitly allowed, FALSE means access is either explicitly forbidden or "no opinion".
Overrides EntityAccessControlHandlerInterface::access
public function access(EntityInterface $entity, $operation, AccountInterface $account = NULL, $return_as_object = FALSE) { $account = $this->prepareUser($account); $langcode = $entity->language()->getId(); if ($operation === 'view label' && $this->viewLabelOperation == FALSE) { $operation = 'view'; } if (($return = $this->getCache($entity->uuid(), $operation, $langcode, $account)) !== NULL) { // Cache hit, no work necessary. return $return_as_object ? $return : $return->isAllowed(); } // Invoke hook_entity_access() and hook_ENTITY_TYPE_access(). Hook results // take precedence over overridden implementations of // EntityAccessControlHandler::checkAccess(). Entities that have checks that // need to be done before the hook is invoked should do so by overriding // this method. // We grant access to the entity if both of these conditions are met: // - No modules say to deny access. // - At least one module says to grant access. $access = array_merge( $this->moduleHandler()->invokeAll('entity_access', [$entity, $operation, $account]), $this->moduleHandler()->invokeAll($entity->getEntityTypeId() . '_access', [$entity, $operation, $account]) ); $return = $this->processAccessHookResults($access); // Also execute the default access check except when the access result is // already forbidden, as in that case, it can not be anything else. if (!$return->isForbidden()) { $return = $return->orIf($this->checkAccess($entity, $operation, $account)); } $result = $this->setCache($return, $entity->uuid(), $operation, $langcode, $account); return $return_as_object ? $result : $result->isAllowed(); }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Entity!EntityAccessControlHandler.php/function/EntityAccessControlHandler::access/8.1.x