src/Access/EntityAccessChecker.php | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/src/Access/EntityAccessChecker.php b/src/Access/EntityAccessChecker.php index ff74c81..23e208a 100644 --- a/src/Access/EntityAccessChecker.php +++ b/src/Access/EntityAccessChecker.php @@ -30,7 +30,7 @@ final class EntityAccessChecker { /** * The node revision access check service. * - * This will be NULL unless the node module is enabled. + * This will be NULL unless the node module is installed. * * @var \Drupal\node\Access\NodeRevisionAccessCheck|null */ @@ -39,7 +39,7 @@ final class EntityAccessChecker { /** * The media revision access check service. * - * This will be NULL unless the media module is enabled. + * This will be NULL unless the media module is installed. * * @var \Drupal\media\Access\MediaRevisionAccessCheck|null */ @@ -48,7 +48,7 @@ final class EntityAccessChecker { /** * Sets the node revision access check service. * - * This is only called when node module is enabled. + * This is only called when node module is installed. * * @param \Drupal\node\Access\NodeRevisionAccessCheck $node_revision_access_check * The node revision access check service. @@ -60,7 +60,7 @@ final class EntityAccessChecker { /** * Sets the media revision access check service. * - * This is only called when media module is enabled. + * This is only called when media module is installed. * * @param \Drupal\media\Access\MediaRevisionAccessCheck $media_revision_access_check * The media revision access check service. @@ -90,10 +90,10 @@ final class EntityAccessChecker { $entity = $entity_repository->getTranslationFromContext($entity, NULL, ['operation' => 'entity_upcast']); $access = $entity->access('view', NULL, TRUE); // Ensure that access is respected for different entity revisions. - if ($entity instanceof RevisionableInterface) { + if ($entity->getEntityType()->isRevisionable()) { $access = AccessResult::neutral()->addCacheContexts(['url.query_args:resource_version'])->orIf($access); if (!$entity->isDefaultRevision()) { - $revision_access = $this->checkRevisionAccess($entity, $account, 'view'); + $revision_access = $this->checkRevisionViewAccess($entity, $account); $combined_access = $access->andIf($revision_access); // The revision access reason should trump the primary access reason. if ($access instanceof AccessResultReasonInterface) { @@ -131,25 +131,29 @@ final class EntityAccessChecker { * * @param \Drupal\Core\Entity\EntityInterface $entity * The revised entity for which to check access. + * @param \Drupal\Core\Session\AccountInterface $account + * (optional) The account with which access should be checked. Defaults to + * the current user. * * @return \Drupal\Core\Access\AccessResultReasonInterface * The access check result. * - * @todo: remove this when a generic revision access API exists in Drupal core. + * @todo: remove when a generic revision access API exists in Drupal core, and + * also remove the injected "node" and "media" services. is explicitly injected. + * @see https://www.drupal.org/project/jsonapi/issues/2992833#comment-12818386 */ - protected function checkRevisionAccess(EntityInterface $entity, AccountInterface $account, $operation) { + protected function checkRevisionViewAccess(EntityInterface $entity, AccountInterface $account) { assert($entity instanceof RevisionableInterface); assert(!$entity->isDefaultRevision(), 'It is not necessary to check revision access when the entity is the default revision.'); - assert($operation === 'view', 'JSON API does not yet support mutable operations on revisions.'); switch ($entity->getEntityTypeId()) { case 'node': assert($entity instanceof NodeInterface); - $access = AccessResult::allowedIf($this->nodeRevisionAccessCheck->checkAccess($entity, $account, $operation))->cachePerPermissions()->addCacheableDependency($entity); + $access = AccessResult::allowedIf($this->nodeRevisionAccessCheck->checkAccess($entity, $account, 'view'))->cachePerPermissions()->addCacheableDependency($entity); break; case 'media': assert($entity instanceof MediaInterface); - $access = AccessResult::allowedIf($this->mediaRevisionAccessCheck->checkAccess($entity, $account, $operation))->cachePerPermissions()->addCacheableDependency($entity); + $access = AccessResult::allowedIf($this->mediaRevisionAccessCheck->checkAccess($entity, $account, 'view'))->cachePerPermissions()->addCacheableDependency($entity); break; case 'block_content':