Documentation & API reference
protected function UserAccessController::checkAccess
Performs access checks.
This method is supposed to be overwritten by extending classes that do their own custom access checking.
Parameters
\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check 'create' access.
string $operation: The entity operation. Usually one of 'view', 'edit', 'create' or 'delete'.
string $langcode: The language code for which to check access.
\Drupal\Core\Session\AccountInterface; $account: The user for which to check access.
Return value
bool|null TRUE if access was granted, FALSE if access was denied and NULL if access could not be determined.
Overrides EntityAccessController::checkAccess
File
- drupal/
core/ modules/ user/ lib/ Drupal/ user/ UserAccessController.php, line 22 - Contains \Drupal\user\UserAccessController.
Class
- UserAccessController
- Defines the access controller for the user entity type.
Namespace
Drupal\userCode
protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
switch ($operation) {
case 'view':
return $this
->viewAccess($entity, $langcode, $account);
break;
case 'create':
return user_access('administer users', $account);
break;
case 'update':
// Users can always edit their own account. Users with the 'administer
// users' permission can edit any account except the anonymous account.
return ($account
->id() == $entity
->id() || user_access('administer users', $account)) && $entity
->id() > 0;
break;
case 'delete':
// Users with 'cancel account' permission can cancel their own account,
// users with 'administer users' permission can cancel any account
// except the anonymous account.
return ($account
->id() == $entity
->id() && user_access('cancel account', $account) || user_access('administer users', $account)) && $entity
->id() > 0;
break;
}
}