function RelationshipRouteAccessCheck::access
Same name in other branches
- 9 core/modules/jsonapi/src/Access/RelationshipRouteAccessCheck.php \Drupal\jsonapi\Access\RelationshipRouteAccessCheck::access()
- 11.x core/modules/jsonapi/src/Access/RelationshipRouteAccessCheck.php \Drupal\jsonapi\Access\RelationshipRouteAccessCheck::access()
Checks access to the relationship field on the given route.
Parameters
\Symfony\Component\Routing\Route $route: The route to check against.
\Drupal\Core\Routing\RouteMatchInterface $route_match: The route match.
\Drupal\Core\Session\AccountInterface $account: The currently logged in account.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
File
-
core/
modules/ jsonapi/ src/ Access/ RelationshipRouteAccessCheck.php, line 63
Class
- RelationshipRouteAccessCheck
- Defines a class to check access to related and relationship routes.
Namespace
Drupal\jsonapi\AccessCode
public function access(Route $route, RouteMatchInterface $route_match, ?AccountInterface $account = NULL) {
[
$relationship_field_name,
$field_operation,
] = explode('.', $route->getRequirement(static::ROUTE_REQUIREMENT_KEY));
assert(in_array($field_operation, [
'view',
'edit',
], TRUE));
$entity_operation = $field_operation === 'view' ? 'view' : 'update';
if ($resource_type = $route_match->getParameter(Routes::RESOURCE_TYPE_KEY)) {
assert($resource_type instanceof ResourceType);
$entity = $route_match->getParameter('entity');
$internal_name = $resource_type->getInternalName($relationship_field_name);
if ($entity instanceof FieldableEntityInterface && $entity->hasField($internal_name)) {
$entity_access = $this->entityAccessChecker
->checkEntityAccess($entity, $entity_operation, $account);
$field_access = $entity->get($internal_name)
->access($field_operation, $account, TRUE);
// Ensure that access is respected for different entity revisions.
$access_result = $entity_access->andIf($field_access);
if (!$access_result->isAllowed()) {
$reason = "The current user is not allowed to {$field_operation} this relationship.";
$access_reason = $access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : NULL;
$detailed_reason = empty($access_reason) ? $reason : $reason . " {$access_reason}";
$access_result->setReason($detailed_reason);
}
return $access_result;
}
}
return AccessResult::neutral();
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.