class EntityAccessController

BlockAccessController.php in drupal/core/modules/block/lib/Drupal/block/BlockAccessController.php

Contains \Drupal\block\BlockAccessController.

CategoryAccessController.php in drupal/core/modules/contact/lib/Drupal/contact/CategoryAccessController.php

Contains \Drupal\contact\CategoryAccessController.

CommentAccessController.php in drupal/core/modules/comment/lib/Drupal/comment/CommentAccessController.php

Contains \Drupal\comment\CommentAccessController

CustomBlockAccessController.php in drupal/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockAccessController.php

Contains \Drupal\custom_block\CustomBlockAccessController.

EntityAccessTest.php in drupal/core/modules/system/lib/Drupal/system/Tests/Entity/EntityAccessTest.php

Contains Drupal\system\Tests\Entity\EntityAccessTest.

... See full list

class EntityAccessController implements EntityAccessControllerInterface {

  /**
   * Stores calculcated access check results.
   *
   * @var array
   */
  protected $accessCache = array();

  /**
   * {@inheritdoc}
   */
  public function access(EntityInterface $entity, $operation, $langcode = Language::LANGUAGE_DEFAULT, AccountInterface $account = NULL) {
    if (!$account) {
      $account = $GLOBALS['user'];
    }
    if (($access = $this
      ->getCache($entity, $operation, $langcode, $account)) !== NULL) {

      // Cache hit, no work necessary.
      return $access;
    }

    // Invoke hook_entity_access(), hook results take precedence over overridden
    // implementations of EntityAccessController::checkAccess(). Entities
    // that have checks that need to be done before the hook is invoked should
    // do so by overridding this method.
    // We grant access to the entity if both of these conditions are met:
    // - No modules say to deny access.
    // - At least one module says to grant access.
    $access = module_invoke_all($entity
      ->entityType() . '_access', $entity
      ->getBCEntity(), $operation, $account, $langcode);
    if (in_array(FALSE, $access, TRUE)) {
      $return = FALSE;
    }
    elseif (in_array(TRUE, $access, TRUE)) {
      $return = TRUE;
    }
    else {

      // No result from hook, so entity checks are done.
      $return = (bool) $this
        ->checkAccess($entity, $operation, $langcode, $account);
    }
    return $this
      ->setCache($return, $entity, $operation, $langcode, $account);
  }

  /**
   * Performs access checks.
   *
   * This method is supposed to be overwritten by extending classes that
   * do their own custom access checking.
   *
   * @param \Drupal\Core\Entity\EntityInterface $entity
   *   The entity for which to check 'create' access.
   * @param string $operation
   *   The entity operation. Usually one of 'view', 'edit', 'create' or
   *   'delete'.
   * @param string $langcode
   *   The language code for which to check access.
   * @param \Drupal\Core\Session\AccountInterface; $account
   *   The user for which to check access.
   *
   * @return bool|null
   *   TRUE if access was granted, FALSE if access was denied and NULL if access
   *   could not be determined.
   */
  protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
    return NULL;
  }

  /**
   * Tries to retrieve a previously cached access value from the static cache.
   *
   * @param \Drupal\Core\Entity\EntityInterface $entity
   *   The entity for which to check 'create' access.
   * @param string $operation
   *   The entity operation. Usually one of 'view', 'edit', 'create' or
   *   'delete'.
   * @param string $langcode
   *   The language code for which to check access.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user for which to check access.
   *
   * @return bool|null
   *   TRUE if access was granted, FALSE if access was denied and NULL if there
   *   is no record for the given user, operation, langcode and entity in the
   *   cache.
   */
  protected function getCache(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
    $uid = $account ? $account
      ->id() : 0;
    $uuid = $entity
      ->uuid();

    // Return from cache if a value has been set for it previously.
    if (isset($this->accessCache[$uid][$uuid][$langcode][$operation])) {
      return $this->accessCache[$uid][$uuid][$langcode][$operation];
    }
  }

  /**
   * Statically caches whether the given user has access.
   *
   * @param \Drupal\Core\Entity\EntityInterface $entity
   *   The entity for which to check 'create' access.
   * @param string $operation
   *   The entity operation. Usually one of 'view', 'edit', 'create' or
   *   'delete'.
   * @param string $langcode
   *   The language code for which to check access.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user for which to check access.
   *
   * @return bool
   *   TRUE if access was granted, FALSE otherwise.
   */
  protected function setCache($access, EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
    $uid = $account ? $account
      ->id() : 0;
    $uuid = $entity
      ->uuid();

    // Save the given value in the static cache and directly return it.
    return $this->accessCache[$uid][$uuid][$langcode][$operation] = (bool) $access;
  }

  /**
   * {@inheritdoc}
   */
  public function resetCache() {
    $this->accessCache = array();
  }

}