Mercurial > hg > isophonics-drupal-site

comparison core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php @ 14:1fec387a4317

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to 8.5.2 via Composer
author Chris Cannam
date Mon, 23 Apr 2018 09:46:53 +0100
parents 4c8ae668cc8c
children 129ea1e6d783
comparison
equal deleted inserted replaced
13:5fb285c0d0e3 14:1fec387a4317
156 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { 156 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
157 if ($operation == 'delete' && $entity->isNew()) { 157 if ($operation == 'delete' && $entity->isNew()) {
158 return AccessResult::forbidden()->addCacheableDependency($entity); 158 return AccessResult::forbidden()->addCacheableDependency($entity);
159 } 159 }
160 if ($admin_permission = $this->entityType->getAdminPermission()) { 160 if ($admin_permission = $this->entityType->getAdminPermission()) {
161 return AccessResult::allowedIfHasPermission($account, $this->entityType->getAdminPermission()); 161 return AccessResult::allowedIfHasPermission($account, $admin_permission);
162 } 162 }
163 else { 163 else {
164 // No opinion. 164 // No opinion.
165 return AccessResult::neutral(); 165 return AccessResult::neutral();
166 } 166 }
314 314
315 // Get the default access restriction that lives within this field. 315 // Get the default access restriction that lives within this field.
316 $default = $items ? $items->defaultAccess($operation, $account) : AccessResult::allowed(); 316 $default = $items ? $items->defaultAccess($operation, $account) : AccessResult::allowed();
317 317
318 // Explicitly disallow changing the entity ID and entity UUID. 318 // Explicitly disallow changing the entity ID and entity UUID.
319 if ($operation === 'edit') { 319 $entity = $items ? $items->getEntity() : NULL;
320 if ($operation === 'edit' && $entity) {
320 if ($field_definition->getName() === $this->entityType->getKey('id')) { 321 if ($field_definition->getName() === $this->entityType->getKey('id')) {
321 return $return_as_object ? AccessResult::forbidden('The entity ID cannot be changed') : FALSE; 322 // String IDs can be set when creating the entity.
323 if (!($entity->isNew() && $field_definition->getType() === 'string')) {
324 return $return_as_object ? AccessResult::forbidden('The entity ID cannot be changed')->addCacheableDependency($entity) : FALSE;
325 }
322 } 326 }
323 elseif ($field_definition->getName() === $this->entityType->getKey('uuid')) { 327 elseif ($field_definition->getName() === $this->entityType->getKey('uuid')) {
324 // UUIDs can be set when creating an entity. 328 // UUIDs can be set when creating an entity.
325 if ($items && ($entity = $items->getEntity()) && !$entity->isNew()) { 329 if (!$entity->isNew()) {
326 return $return_as_object ? AccessResult::forbidden('The entity UUID cannot be changed')->addCacheableDependency($entity) : FALSE; 330 return $return_as_object ? AccessResult::forbidden('The entity UUID cannot be changed')->addCacheableDependency($entity) : FALSE;
327 } 331 }
328 } 332 }
329 } 333 }
330 334