annotate core/modules/jsonapi/src/Access/RelationshipFieldAccess.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents af1871eacc83
children
rev   line source
Chris@18 1 <?php
Chris@18 2
Chris@18 3 namespace Drupal\jsonapi\Access;
Chris@18 4
Chris@18 5 use Drupal\Core\Access\AccessResult;
Chris@18 6 use Drupal\Core\Access\AccessResultReasonInterface;
Chris@18 7 use Drupal\Core\Cache\CacheableMetadata;
Chris@18 8 use Drupal\Core\Entity\FieldableEntityInterface;
Chris@18 9 use Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException;
Chris@18 10 use Drupal\Core\Routing\Access\AccessInterface;
Chris@18 11 use Drupal\Core\Session\AccountInterface;
Chris@18 12 use Drupal\jsonapi\ResourceType\ResourceType;
Chris@18 13 use Drupal\jsonapi\Routing\Routes;
Chris@18 14 use Symfony\Component\HttpFoundation\Request;
Chris@18 15 use Symfony\Component\Routing\Route;
Chris@18 16
Chris@18 17 /**
Chris@18 18 * Defines a class to check access to related and relationship routes.
Chris@18 19 *
Chris@18 20 * @internal JSON:API maintains no PHP API. The API is the HTTP API. This class
Chris@18 21 * may change at any time and could break any dependencies on it.
Chris@18 22 *
Chris@18 23 * @see https://www.drupal.org/project/jsonapi/issues/3032787
Chris@18 24 * @see jsonapi.api.php
Chris@18 25 */
Chris@18 26 class RelationshipFieldAccess implements AccessInterface {
Chris@18 27
Chris@18 28 /**
Chris@18 29 * The route requirement key for this access check.
Chris@18 30 *
Chris@18 31 * @var string
Chris@18 32 */
Chris@18 33 const ROUTE_REQUIREMENT_KEY = '_jsonapi_relationship_field_access';
Chris@18 34
Chris@18 35 /**
Chris@18 36 * The JSON:API entity access checker.
Chris@18 37 *
Chris@18 38 * @var \Drupal\jsonapi\Access\EntityAccessChecker
Chris@18 39 */
Chris@18 40 protected $entityAccessChecker;
Chris@18 41
Chris@18 42 /**
Chris@18 43 * RelationshipFieldAccess constructor.
Chris@18 44 *
Chris@18 45 * @param \Drupal\jsonapi\Access\EntityAccessChecker $entity_access_checker
Chris@18 46 * The JSON:API entity access checker.
Chris@18 47 */
Chris@18 48 public function __construct(EntityAccessChecker $entity_access_checker) {
Chris@18 49 $this->entityAccessChecker = $entity_access_checker;
Chris@18 50 }
Chris@18 51
Chris@18 52 /**
Chris@18 53 * Checks access to the relationship field on the given route.
Chris@18 54 *
Chris@18 55 * @param \Symfony\Component\HttpFoundation\Request $request
Chris@18 56 * The incoming HTTP request object.
Chris@18 57 * @param \Symfony\Component\Routing\Route $route
Chris@18 58 * The route to check against.
Chris@18 59 * @param \Drupal\Core\Session\AccountInterface $account
Chris@18 60 * The currently logged in account.
Chris@18 61 *
Chris@18 62 * @return \Drupal\Core\Access\AccessResultInterface
Chris@18 63 * The access result.
Chris@18 64 */
Chris@18 65 public function access(Request $request, Route $route, AccountInterface $account) {
Chris@18 66 $relationship_field_name = $route->getRequirement(static::ROUTE_REQUIREMENT_KEY);
Chris@18 67 $field_operation = $request->isMethodCacheable() ? 'view' : 'edit';
Chris@18 68 $entity_operation = $request->isMethodCacheable() ? 'view' : 'update';
Chris@18 69 if ($resource_type = $request->get(Routes::RESOURCE_TYPE_KEY)) {
Chris@18 70 assert($resource_type instanceof ResourceType);
Chris@18 71 $entity = $request->get('entity');
Chris@18 72 $internal_name = $resource_type->getInternalName($relationship_field_name);
Chris@18 73 if ($entity instanceof FieldableEntityInterface && $entity->hasField($internal_name)) {
Chris@18 74 $entity_access = $this->entityAccessChecker->checkEntityAccess($entity, $entity_operation, $account);
Chris@18 75 $field_access = $entity->get($internal_name)->access($field_operation, $account, TRUE);
Chris@18 76 // Ensure that access is respected for different entity revisions.
Chris@18 77 $access_result = $entity_access->andIf($field_access);
Chris@18 78 if (!$access_result->isAllowed()) {
Chris@18 79 $reason = "The current user is not allowed to {$field_operation} this relationship.";
Chris@18 80 $access_reason = $access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : NULL;
Chris@18 81 $detailed_reason = empty($access_reason) ? $reason : $reason . " {$access_reason}";
Chris@18 82 $access_result->setReason($detailed_reason);
Chris@18 83 if ($request->isMethodCacheable()) {
Chris@18 84 throw new CacheableAccessDeniedHttpException(CacheableMetadata::createFromObject($access_result), $detailed_reason);
Chris@18 85 }
Chris@18 86 }
Chris@18 87 return $access_result;
Chris@18 88 }
Chris@18 89 }
Chris@18 90 return AccessResult::neutral();
Chris@18 91 }
Chris@18 92
Chris@18 93 }