function EntityAccessCheck::access

Same name in other branches
  1. 9 core/lib/Drupal/Core/Entity/EntityAccessCheck.php \Drupal\Core\Entity\EntityAccessCheck::access()
  2. 8.9.x core/lib/Drupal/Core/Entity/EntityAccessCheck.php \Drupal\Core\Entity\EntityAccessCheck::access()
  3. 11.x core/lib/Drupal/Core/Entity/EntityAccessCheck.php \Drupal\Core\Entity\EntityAccessCheck::access()

Checks access to the entity operation on the given route.

The route's '_entity_access' requirement must follow the pattern 'slug.operation'. Typically, the slug is an entity type ID, but it can be any slug defined in the route. The route match parameter corresponding to the slug is checked to see if it is entity-like, that is: implements EntityInterface. Available operations are: 'view', 'update', 'create', and 'delete'.

For example, this route configuration invokes a permissions check for 'update' access to entities of type 'node':


example.route:
  path: '/foo/{node}/bar'
  requirements:
    _entity_access: 'node.update'

And this will check 'delete' access to a dynamic entity type:


example.route:
  path: '/foo/{entity_type}/{example}'
  requirements:
    _entity_access: 'example.delete'
  options:
    parameters:
      example:
        type: entity:{entity_type}

@link https://www.drupal.org/docs/8/api/routing-system/parameters-in-routes

Parameters

\Symfony\Component\Routing\Route $route: The route to check against.

\Drupal\Core\Routing\RouteMatchInterface $route_match: The parametrized route.

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

See also

\Drupal\Core\ParamConverter\EntityConverter

File

core/lib/Drupal/Core/Entity/EntityAccessCheck.php, line 63

Class

EntityAccessCheck
Provides a generic access checker for entities.

Namespace

Drupal\Core\Entity

Code

public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) {
    // Split the entity type and the operation.
    $requirement = $route->getRequirement('_entity_access');
    [
        $entity_type,
        $operation,
    ] = explode('.', $requirement);
    // If $entity_type parameter is a valid entity, call its own access check.
    $parameters = $route_match->getParameters();
    if ($parameters->has($entity_type)) {
        $entity = $parameters->get($entity_type);
        if ($entity instanceof EntityInterface) {
            return $entity->access($operation, $account, TRUE);
        }
    }
    // No opinion, so other access checks should decide if access should be
    // allowed or not.
    return AccessResult::neutral();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.