FileAccessControlHandler::checkAccess

protected FileAccessControlHandler::checkAccess(EntityInterface $entity, $operation, AccountInterface $account)

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

core/modules/file/src/FileAccessControlHandler.php, line 21

Class

FileAccessControlHandler
Provides a File access control handler.

Namespace

Drupal\file

Code

protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
  /** @var \Drupal\file\FileInterface $entity */
  if ($operation == 'download' || $operation == 'view') {
    if (\Drupal::service('file_system')->uriScheme($entity->getFileUri()) === 'public') {
      // Always allow access to file in public file system.
      return AccessResult::allowed();
    }
    elseif ($references = $this->getFileReferences($entity)) {
      foreach ($references as $field_name => $entity_map) {
        foreach ($entity_map as $referencing_entity_type => $referencing_entities) {
          /** @var \Drupal\Core\Entity\EntityInterface $referencing_entity */
          foreach ($referencing_entities as $referencing_entity) {
            $entity_and_field_access = $referencing_entity->access('view', $account, TRUE)->andIf($referencing_entity->$field_name->access('view', $account, TRUE));
            if ($entity_and_field_access->isAllowed()) {
              return $entity_and_field_access;
            }
          }
        }
      }
    }
    elseif ($entity->getOwnerId() == $account->id()) {
      // This case handles new nodes, or detached files. The user who uploaded
      // the file can always access if it's not yet used.
      return AccessResult::allowed();
    }
  }

  if ($operation == 'delete' || $operation == 'update') {
    $account = $this->prepareUser($account);
    $file_uid = $entity->get('uid')->getValue();
    // Only the file owner can delete and update the file entity.
    if ($account->id() == $file_uid[0]['target_id']) {
      return AccessResult::allowed();
    }
    return AccessResult::forbidden();
  }

  // No opinion.
  return AccessResult::neutral();
}
doc_Drupal
2016-10-29 09:13:19
Comments
Leave a Comment

Please login to continue.