function NodeAccessControlHandler::checkViewAccess

Performs view access checks.

Parameters

\Drupal\node\NodeInterface $node: The node for which to check access.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

\Drupal\Core\Cache\CacheableMetadata $cacheability: Allows cacheability information bubble up from this method.

Return value

\Drupal\Core\Access\AccessResultInterface|null The calculated access result or null when no opinion.

1 call to NodeAccessControlHandler::checkViewAccess()

NodeAccessControlHandler::checkAccess in core/modules/node/src/NodeAccessControlHandler.php: Performs access checks.

File

core/modules/node/src/NodeAccessControlHandler.php, line 205

Class

NodeAccessControlHandler: Defines the access control handler for the node entity type.

Namespace

Drupal\node

Code

protected function checkViewAccess(NodeInterface $node, AccountInterface $account, CacheableMetadata $cacheability) : ?AccessResultInterface {
  // If the node status changes, so does the outcome of the check below, so
  // we need to add the node as a cacheable dependency.
  $cacheability->addCacheableDependency($node);
  if ($node->isPublished()) {
    return NULL;
  }
  $cacheability->addCacheContexts([
    'user.permissions',
  ]);
  if (!$account->hasPermission('view own unpublished content')) {
    return NULL;
  }
  $cacheability->addCacheContexts([
    'user.roles:authenticated',
  ]);
  // The "view own unpublished content" permission must not be granted
  // to anonymous users for security reasons.
  if (!$account->isAuthenticated()) {
    return NULL;
  }
  // When access is granted due to the 'view own unpublished content'
  // permission and for no other reason, node grants are bypassed. However,
  // to ensure the full set of cacheable metadata is available to variation
  // cache, additionally add the node_grants cache context so that if the
  // status or the owner of the node changes, cache redirects will continue to
  // reflect the latest state without needing to be invalidated.
  $cacheability->addCacheContexts([
    'user',
  ]);
  if ($this->moduleHandler
    ->hasImplementations('node_grants')) {
    $cacheability->addCacheContexts([
      'user.node_grants:view',
    ]);
  }
  if ($account->id() != $node->getOwnerId()) {
    return NULL;
  }
  return AccessResult::allowed()->addCacheableDependency($cacheability);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

Breadcrumb