EntityAccessDeniedHttpException.php

Same filename in other branches
  1. 9 core/modules/jsonapi/src/Exception/EntityAccessDeniedHttpException.php
  2. 10 core/modules/jsonapi/src/Exception/EntityAccessDeniedHttpException.php
  3. 11.x core/modules/jsonapi/src/Exception/EntityAccessDeniedHttpException.php

Namespace

Drupal\jsonapi\Exception

File

core/modules/jsonapi/src/Exception/EntityAccessDeniedHttpException.php

View source
<?php

namespace Drupal\jsonapi\Exception;

use Drupal\Core\Access\AccessResultInterface;
use Drupal\Core\Access\AccessResultReasonInterface;
use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\DependencyInjection\DependencySerializationTrait;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException;
use Drupal\jsonapi\JsonApiResource\ResourceIdentifier;
use Drupal\jsonapi\JsonApiResource\ResourceIdentifierInterface;
use Drupal\jsonapi\JsonApiResource\ResourceIdentifierTrait;

/**
 * Enhances the access denied exception with information about the entity.
 *
 * @internal JSON:API maintains no PHP API. The API is the HTTP API. This class
 *   may change at any time and could break any dependencies on it.
 *
 * @see https://www.drupal.org/project/drupal/issues/3032787
 * @see jsonapi.api.php
 */
class EntityAccessDeniedHttpException extends CacheableAccessDeniedHttpException implements ResourceIdentifierInterface {
    use DependencySerializationTrait;
    use ResourceIdentifierTrait;
    
    /**
     * The error which caused the 403.
     *
     * The error contains:
     *   - entity: The entity which the current user does not have access to.
     *   - pointer: A path in the JSON:API response structure pointing to the
     *     entity.
     *   - reason: (Optional) An optional reason for this failure.
     *
     * @var array
     */
    protected $error = [];
    
    /**
     * EntityAccessDeniedHttpException constructor.
     *
     * @param \Drupal\Core\Entity\EntityInterface|null $entity
     *   The entity, or NULL when an entity is being created.
     * @param \Drupal\Core\Access\AccessResultInterface $entity_access
     *   The access result.
     * @param string $pointer
     *   (optional) The pointer.
     * @param string $message
     *   (Optional) The display to display.
     * @param string $relationship_field
     *   (Optional) A relationship field name if access was denied because the
     *   user does not have permission to view an entity's relationship field.
     * @param \Exception|null $previous
     *   The previous exception.
     * @param int $code
     *   The code.
     */
    public function __construct($entity, AccessResultInterface $entity_access, $pointer, $message = 'The current user is not allowed to GET the selected resource.', $relationship_field = NULL, \Exception $previous = NULL, $code = 0) {
        assert(is_null($entity) || $entity instanceof EntityInterface);
        parent::__construct(CacheableMetadata::createFromObject($entity_access), $message, $previous, $code);
        $error = [
            'entity' => $entity,
            'pointer' => $pointer,
            'reason' => NULL,
            'relationship_field' => $relationship_field,
        ];
        if ($entity_access instanceof AccessResultReasonInterface) {
            $error['reason'] = $entity_access->getReason();
        }
        $this->error = $error;
        // @todo: remove this ternary operation in https://www.drupal.org/project/drupal/issues/2997594.
        $this->resourceIdentifier = $entity ? ResourceIdentifier::fromEntity($entity) : NULL;
    }
    
    /**
     * Returns the error.
     *
     * @return array
     *   The error.
     */
    public function getError() {
        return $this->error;
    }

}

Classes

Title Deprecated Summary
EntityAccessDeniedHttpException Enhances the access denied exception with information about the entity.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.