diff --git a/core/includes/entity.api.php b/core/includes/entity.api.php index 7c9c539..7c712bf 100644 --- a/core/includes/entity.api.php +++ b/core/includes/entity.api.php @@ -512,3 +512,26 @@ function hook_entity_field_info_alter(&$info, $entity_type) { $info['definitions']['mymodule_text']['class'] = '\Drupal\anothermodule\EntityComputedText'; } } + +/** + * Alters the default access behaviour for a given field. + * + * This hook is invoked from \Drupal\Core\Entity\Field\Type\Field::access() to + * let modules alter access to operations on fields. + * + * @param bool $access + * Access flag reference that can be altered. TRUE if the operation is + * allowed, and FALSE if the operation is denied. + * @param string $operation + * The operation to be performed. Supported values: 'view', 'create', 'update', + * 'delete'. + * @param \Drupal\Core\Entity\Field\Type\Field $field + * The entity field object on which the operation is to be performed. + * @param \Drupal\user\Plugin\Core\Entity\User $account + * The user account to check. + */ +function hook_entity_field_access_alter(&$access, $operation, $field, $account) { + if ($field->getName() == 'field_of_interest' && $operation == 'update') { + $access = user_access('update field of interest', $account); + } +} diff --git a/core/lib/Drupal/Core/Entity/Field/Type/Field.php b/core/lib/Drupal/Core/Entity/Field/Type/Field.php index 34baa61..d696da2 100644 --- a/core/lib/Drupal/Core/Entity/Field/Type/Field.php +++ b/core/lib/Drupal/Core/Entity/Field/Type/Field.php @@ -281,6 +281,18 @@ public function __clone() { * Implements \Drupal\Core\TypedData\AccessibleInterface::access(). */ public function access($operation = 'view', User $account = NULL) { - // TODO: Implement access() method. Use item access. + global $user; + if (!isset($account)) { + $account = $user; + } + // Grant access per default. + $access = TRUE; + // We do not use drupal_alter() here because it only allows two context + // parameters which would make the signature of the hook very ugly. + foreach (module_implements('entity_field_access_alter') as $module) { + $function = $module . '_entity_field_access_alter'; + $function($access, $operation, $this, $account); + } + return $access; } } diff --git a/core/modules/system/lib/Drupal/system/Tests/Entity/FieldAccessTest.php b/core/modules/system/lib/Drupal/system/Tests/Entity/FieldAccessTest.php new file mode 100644 index 0000000..623fb44 --- /dev/null +++ b/core/modules/system/lib/Drupal/system/Tests/Entity/FieldAccessTest.php @@ -0,0 +1,55 @@ + 'Field access tests', + 'description' => 'Test Field level access.', + 'group' => 'Entity API', + ); + } + + protected function setUp() { + parent::setUp(); + // Install field module schema and register entity_test text field. + $this->enableModules(array('field', 'entity_test')); + } + + /** + * Tests that hook_entity_field_access_alter() is called. + * + * @see entity_test_entity_field_access_alter() + */ + function testFieldAccess() { + $values = array( + 'name' => $this->randomName(), + 'user_id' => 1, + 'field_test_text' => array( + 'value' => 'no access value', + 'format' => 'full_html', + ), + ); + $entity = entity_create('entity_test', $values); + $this->assertFalse($entity->field_test_text->access('view'), 'Access to the field was denied.'); + } +} diff --git a/core/modules/system/tests/modules/entity_test/entity_test.module b/core/modules/system/tests/modules/entity_test/entity_test.module index 2752729..56daa96 100644 --- a/core/modules/system/tests/modules/entity_test/entity_test.module +++ b/core/modules/system/tests/modules/entity_test/entity_test.module @@ -251,3 +251,14 @@ function entity_test_entity_test_insert($entity) { throw new Exception("Test exception rollback."); } } + +/** + * Implements hook_entity_field_access_alter(). + * + * @see \Drupal\system\Tests\Entity\FieldAccessTest::testFieldAccess() + */ +function entity_test_entity_field_access_alter(&$access, $operation, $field, $account) { + if ($field->getName() == 'field_test_text' && $field->value == 'no access value') { + $access = FALSE; + } +}