Mercurial > hg > isophonics-drupal-site

view core/modules/field/src/FieldConfigAccessControlHandler.php @ 13:5fb285c0d0e3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've been lucky to get away with this so far, as we don't support self-registration which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5 was vulnerable to.
author Chris Cannam
date Mon, 23 Apr 2018 09:33:26 +0100
parents 4c8ae668cc8c
children
line wrap: on
line source
<?php

namespace Drupal\field;

use Drupal\Core\Entity\EntityAccessControlHandler;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;

/**
 * Defines the access control handler for the field config entity type.
 *
 * @see \Drupal\field\Entity\FieldConfig
 */
class FieldConfigAccessControlHandler extends EntityAccessControlHandler {

  /**
   * {@inheritdoc}
   */
  protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
    // Delegate access control to the underlying field storage config entity:
    // the field config entity merely handles configuration for a particular
    // bundle of an entity type, the bulk of the logic and configuration is with
    // the field storage config entity. Therefore, if an operation is allowed on
    // a certain field storage config entity, it should also be allowed for all
    // associated field config entities.
    // @see \Drupal\Core\Field\FieldDefinitionInterface
    /** \Drupal\field\FieldConfigInterface $entity */
    $field_storage_entity = $entity->getFieldStorageDefinition();
    return $field_storage_entity->access($operation, $account, TRUE);
  }

}