Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check 'create' access.
string $operation: The entity operation. Usually one of 'view', 'edit', 'create' or 'delete'.
string $langcode: The language code for which to check access.
\Drupal\Core\Session\AccountInterface; $account: The user for which to check access.
bool|null TRUE if access was granted, FALSE if access was denied and NULL if access could not be determined.
Overrides EntityAccessController::checkAccess
protected function checkAccess(EntityInterface $node, $operation, $langcode, AccountInterface $account) {
// Fetch information from the node object if possible.
$status = isset($node->status) ? $node->status : NULL;
$uid = isset($node->uid) ? $node->uid : NULL;
// If it is a proper EntityNG object, use the proper methods.
if ($node instanceof EntityNG) {
$status = $node
->getTranslation($langcode, FALSE)->status->value;
$uid = $node
->getTranslation($langcode, FALSE)->uid->value;
}
// Check if authors can view their own unpublished nodes.
if ($operation === 'view' && !$status && user_access('view own unpublished content', $account)) {
if ($account
->id() != 0 && $account
->id() == $uid) {
return TRUE;
}
}
// If no module specified either allow or deny, we fall back to the
// node_access table.
if (($grants = $this
->accessGrants($node, $operation, $langcode, $account)) !== NULL) {
return $grants;
}
// If no modules implement hook_node_grants(), the default behavior is to
// allow all users to view published nodes, so reflect that here.
if ($operation === 'view') {
return $status;
}
}