diff --git a/jsonapi.api.php b/jsonapi.api.php index 926029a..74abde1 100644 --- a/jsonapi.api.php +++ b/jsonapi.api.php @@ -86,8 +86,7 @@ * @see https://www.drupal.org/project/jsonapi/issues/2955020 * * In doing so, JSON:API module should be maximally compatible with other - * systems and should minimize the "Drupalisms" that a developer building - * against a JSON:API implementation will be required to know. + * systems. * * A "version" in the JSON:API module is any revision that was previously, or is * currently, a default revision. Not all revisions are considered to be a @@ -121,7 +120,7 @@ * latest-version @endcode or the string @code working-copy @endcode. * * In future, other negotiators may be developed. For instance, a negotiator - * which is timestamp or workspace based. + * which is UUID, timestamp or workspace based. * * To illustrate how a particular entity revision is requested, imagine a node * that has a "Published" revision and a subsequent "Draft" revision. diff --git a/src/Access/EntityAccessChecker.php b/src/Access/EntityAccessChecker.php index c95e247..713ba55 100644 --- a/src/Access/EntityAccessChecker.php +++ b/src/Access/EntityAccessChecker.php @@ -6,6 +6,7 @@ use Drupal\content_moderation\Access\LatestRevisionCheck; use Drupal\Core\Access\AccessResult; use Drupal\Core\Access\AccessResultReasonInterface; use Drupal\Core\Entity\EntityInterface; +use Drupal\Core\Entity\EntityRepositoryInterface; use Drupal\Core\Entity\RevisionableInterface; use Drupal\Core\Routing\RouteMatch; use Drupal\Core\Session\AccountInterface; @@ -43,6 +44,20 @@ final class EntityAccessChecker { */ protected $router; + /** + * The current user. + * + * @var \Drupal\Core\Session\AccountInterface + */ + protected $currentUser; + + /** + * The entity repository. + * + * @var \Drupal\Core\Entity\EntityRepositoryInterface + */ + protected $entityRepository; + /** * The node revision access check service. * @@ -79,10 +94,16 @@ final class EntityAccessChecker { * The JSON:API resource type repository. * @param \Symfony\Component\Routing\RouterInterface $router * The router. + * @param \Drupal\Core\Session\AccountInterface $account + * The current user. + * @param \Drupal\Core\Entity\EntityRepositoryInterface $entity_repository + * The entity repository. */ - public function __construct(ResourceTypeRepositoryInterface $resource_type_repository, RouterInterface $router) { + public function __construct(ResourceTypeRepositoryInterface $resource_type_repository, RouterInterface $router, AccountInterface $account, EntityRepositoryInterface $entity_repository) { $this->resourceTypeRepository = $resource_type_repository; $this->router = $router; + $this->currentUser = $account; + $this->entityRepository = $entity_repository; } /** @@ -139,10 +160,8 @@ final class EntityAccessChecker { * three possible return values carry the access result cacheability. */ public function getAccessCheckedEntity(EntityInterface $entity, AccountInterface $account = NULL) { - $account = $account ?: \Drupal::currentUser(); - /** @var \Drupal\Core\Entity\EntityRepositoryInterface $entity_repository */ - $entity_repository = \Drupal::service('entity.repository'); - $entity = $entity_repository->getTranslationFromContext($entity, NULL, ['operation' => 'entity_upcast']); + $account = $account ?: $this->currentUser; + $entity = $this->entityRepository->getTranslationFromContext($entity, NULL, ['operation' => 'entity_upcast']); $access = $this->checkEntityAccess($entity, 'view', $account); $entity->addCacheableDependency($access); if (!$access->isAllowed()) {