Same name and namespace in other branches

1. 9 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()
2. 8.9.x core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()
3. 10 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

core/modules/node/src/NodeAccessControlHandler.php, line 130

Class

NodeAccessControlHandler

Defines the access control handler for the node entity type.

Namespace

Drupal\node

Code

protected function checkAccess(EntityInterface $node, $operation, AccountInterface $account) {
  assert($node instanceof NodeInterface);
  $cacheability = new CacheableMetadata();
  /** @var \Drupal\node\NodeInterface $node */
  if ($operation === 'view') {
    $result = $this->checkViewAccess($node, $account, $cacheability);
    if ($result !== NULL) {
      return $result;
    }
  }
  [
    $revision_permission_operation,
    $entity_operation,
  ] = static::REVISION_OPERATION_MAP[$operation] ?? [
    NULL,
    NULL,
  ];
  // Revision operations.
  if ($revision_permission_operation) {
    $cacheability->addCacheContexts([
      'user.permissions',
    ]);
    $bundle = $node->bundle();
    // If user doesn't have any of these then quit.
    if (!$account->hasPermission("{$revision_permission_operation} all revisions") && !$account->hasPermission("{$revision_permission_operation} {$bundle} revisions") && !$account->hasPermission('administer nodes')) {
      return AccessResult::neutral()->addCacheableDependency($cacheability);
    }
    // If the user has the view all revisions permission and this is the view
    // all revisions operation then we can allow access.
    if ($operation === 'view all revisions') {
      return AccessResult::allowed()->addCacheableDependency($cacheability);
    }
    // If this is the default revision, return access denied for revert or
    // delete operations.
    $cacheability->addCacheableDependency($node);
    if ($node->isDefaultRevision() && ($operation === 'revert revision' || $operation === 'delete revision')) {
      return AccessResult::forbidden()->addCacheableDependency($cacheability);
    }
    elseif ($account->hasPermission('administer nodes')) {
      return AccessResult::allowed()->addCacheableDependency($cacheability);
    }
    // First check the access to the default revision and finally, if the
    // node passed in is not the default revision then check access to
    // that, too.
    $node_storage = $this->entityTypeManager
      ->getStorage($node->getEntityTypeId());
    $access = $this->access($node_storage->load($node->id()), $entity_operation, $account, TRUE);
    if (!$node->isDefaultRevision()) {
      $access = $access->andIf($this->access($node, $entity_operation, $account, TRUE));
    }
    return $access->addCacheableDependency($cacheability);
  }
  // Evaluate node grants.
  $access_result = $this->grantStorage
    ->access($node, $operation, $account);
  if ($access_result instanceof RefinableCacheableDependencyInterface) {
    $access_result->addCacheableDependency($cacheability);
  }
  return $access_result;
}

---