{% extends "base/class.php.twig" %} {% block file_path %} \Drupal\{{module}}\{{ entity_class }}AccessControlHandler. {% endblock %} {% block namespace_class %} namespace Drupal\{{module}}; {% endblock %} {% block use_class %} use Drupal\Core\Entity\EntityAccessControlHandler; use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Session\AccountInterface; use Drupal\Core\Access\AccessResult; {% endblock %} {% block class_declaration %} /** * Access controller for the {{ label }} entity. * * @see \Drupal\{{module}}\Entity\{{ entity_class }}. */ class {{ entity_class }}AccessControlHandler extends EntityAccessControlHandler {% endblock %} {% block class_methods %} /** * {@inheritdoc} */ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { /** @var \Drupal\{{ module }}\Entity\{{ entity_class }}Interface $entity */ switch ($operation) { case 'view': if (!$entity->isPublished()) { {% if has_bundle_permissions %} $permission = $this->checkOwn($entity, 'view unpublished', $account); if (!empty($permission)) { return AccessResult::allowed(); } {% endif %} return AccessResult::allowedIfHasPermission($account, 'view unpublished {{ label|lower }} entities'); } {% if has_bundle_permissions %} $permission = $this->checkOwn($entity, $operation, $account); if (!empty($permission)) { return AccessResult::allowed(); } {% endif %} return AccessResult::allowedIfHasPermission($account, 'view published {{ label|lower }} entities'); case 'update': {% if has_bundle_permissions %} $permission = $this->checkOwn($entity, $operation, $account); if (!empty($permission)) { return AccessResult::allowed(); } {% endif %} return AccessResult::allowedIfHasPermission($account, 'edit {{ label|lower }} entities'); case 'delete': {% if has_bundle_permissions %} $permission = $this->checkOwn($entity, $operation, $account); if (!empty($permission)) { return AccessResult::allowed(); } {% endif %} return AccessResult::allowedIfHasPermission($account, 'delete {{ label|lower }} entities'); } // Unknown operation, no opinion. return AccessResult::neutral(); } /** * {@inheritdoc} */ protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { return AccessResult::allowedIfHasPermission($account, 'add {{ label|lower }} entities'); } {% if has_bundle_permissions %} /** * Test for given 'own' permission. * * @param \Drupal\Core\Entity\EntityInterface $entity * @param $operation * @param \Drupal\Core\Session\AccountInterface $account * * @return string|null * The permission string indicating it's allowed. */ protected function checkOwn(EntityInterface $entity, $operation, AccountInterface $account) { $status = $entity->isPublished(); $uid = $entity->getOwnerId(); $is_own = $account->isAuthenticated() && $account->id() == $uid; if (!$is_own) { return; } $bundle = $entity->bundle(); $ops = [ 'create' => '%bundle add own %bundle entities', 'view unpublished' => '%bundle view own unpublished %bundle entities', 'view' => '%bundle view own entities', 'update' => '%bundle edit own entities', 'delete' => '%bundle delete own entities', ]; $permission = strtr($ops[$operation], ['%bundle' => $bundle]); if ($operation === 'view unpublished') { if (!$status && $account->hasPermission($permission)) { return $permission; } else { return NULL; } } if ($account->hasPermission($permission)) { return $permission; } return NULL; } {% endif %} {% endblock %}