function EntityAccessCheck::access
Same name in other branches
- 9 core/lib/Drupal/Core/Entity/EntityAccessCheck.php \Drupal\Core\Entity\EntityAccessCheck::access()
- 8.9.x core/lib/Drupal/Core/Entity/EntityAccessCheck.php \Drupal\Core\Entity\EntityAccessCheck::access()
- 11.x core/lib/Drupal/Core/Entity/EntityAccessCheck.php \Drupal\Core\Entity\EntityAccessCheck::access()
Checks access to the entity operation on the given route.
The route's '_entity_access' requirement must follow the pattern 'slug.operation'. Typically, the slug is an entity type ID, but it can be any slug defined in the route. The route match parameter corresponding to the slug is checked to see if it is entity-like, that is: implements EntityInterface. Available operations are: 'view', 'update', 'create', and 'delete'.
For example, this route configuration invokes a permissions check for 'update' access to entities of type 'node':
example.route:
path: '/foo/{node}/bar'
requirements:
_entity_access: 'node.update'
And this will check 'delete' access to a dynamic entity type:
example.route:
path: '/foo/{entity_type}/{example}'
requirements:
_entity_access: 'example.delete'
options:
parameters:
example:
type: entity:{entity_type}
@link https://www.drupal.org/docs/8/api/routing-system/parameters-in-routes
Parameters
\Symfony\Component\Routing\Route $route: The route to check against.
\Drupal\Core\Routing\RouteMatchInterface $route_match: The parametrized route.
\Drupal\Core\Session\AccountInterface $account: The currently logged in account.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
See also
\Drupal\Core\ParamConverter\EntityConverter
File
-
core/
lib/ Drupal/ Core/ Entity/ EntityAccessCheck.php, line 63
Class
- EntityAccessCheck
- Provides a generic access checker for entities.
Namespace
Drupal\Core\EntityCode
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) {
// Split the entity type and the operation.
$requirement = $route->getRequirement('_entity_access');
[
$entity_type,
$operation,
] = explode('.', $requirement);
// If $entity_type parameter is a valid entity, call its own access check.
$parameters = $route_match->getParameters();
if ($parameters->has($entity_type)) {
$entity = $parameters->get($entity_type);
if ($entity instanceof EntityInterface) {
return $entity->access($operation, $account, TRUE);
}
}
// No opinion, so other access checks should decide if access should be
// allowed or not.
return AccessResult::neutral();
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.