diff --git a/core/lib/Drupal/Core/Access/AccessibleInterface.php b/core/lib/Drupal/Core/Access/AccessibleInterface.php index faa5a6f..4316853 100644 --- a/core/lib/Drupal/Core/Access/AccessibleInterface.php +++ b/core/lib/Drupal/Core/Access/AccessibleInterface.php @@ -11,6 +11,8 @@ /** * Interface for checking access. + * + * @ingroup entity_api */ interface AccessibleInterface extends AccessInterface { diff --git a/core/lib/Drupal/Core/Session/AccountInterface.php b/core/lib/Drupal/Core/Session/AccountInterface.php index 93d5969..084943b 100644 --- a/core/lib/Drupal/Core/Session/AccountInterface.php +++ b/core/lib/Drupal/Core/Session/AccountInterface.php @@ -12,6 +12,8 @@ * * Defines an object that has a user id, roles and can have session data. The * interface is implemented both by the global session and the user entity. + * + * @ingroup user_api */ interface AccountInterface { diff --git a/core/lib/Drupal/Core/Session/AccountProxyInterface.php b/core/lib/Drupal/Core/Session/AccountProxyInterface.php index 649e07e..11eee58 100644 --- a/core/lib/Drupal/Core/Session/AccountProxyInterface.php +++ b/core/lib/Drupal/Core/Session/AccountProxyInterface.php @@ -9,6 +9,8 @@ /** * Defines an interface for a service which has the current account stored. + * + * @ingroup user_api */ interface AccountProxyInterface extends AccountInterface { diff --git a/core/modules/system/core.api.php b/core/modules/system/core.api.php index 624426e..b1234f9 100644 --- a/core/modules/system/core.api.php +++ b/core/modules/system/core.api.php @@ -389,6 +389,19 @@ * $files = $storage->loadMultiple($fids); * @endcode * + * @section sec_access Access checking on entities + * Entity types define their access permission scheme in their annotation. + * Access permissions can be quite complex, so you should not assume any + * particular permission scheme. Instead, once you have an entity item object + * loaded, you can check for permission for a particular operation (such as + * 'view') at the entity or field level by calling: + * @code + * $entity->access($operation); + * $entity->nameOfField->access($operation); + * @endcode + * The interface related to access checking in entities and fields is + * \Drupal\Core\Access\AccessibleInterface. + * * @see i18n * @} */ @@ -727,13 +740,22 @@ * - Entities: Access for various entity operations is designated either with * simple permissions or access controller classes in the entity annotation. * See the @link entity_api Entity API topic @endlink for more information. + * - Other code: There is a 'current_user' service, which can be injected into + * classes to provide access to the current user account (see the + * @link container Services and Dependency Injection topic @endlink for more + * information on dependency injection). In code that cannot use dependency + * injection, you can access this service and retrieve the current user + * account object by calling \Drupal::currentUser(). Once you have a user + * object for the current user (implementing \Drupal\user\UserInterface), you + * can call inherited method + * \Drupal\Core\Session\AccountInterface::hasPermission() to check + * permissions, or pass this object into other functions/methods for more + * complex permission checking. * - Forms: Each element of a form array can have a Boolean '#access' property, * which determines whether that element is visible and/or usable. This is a - * common need in forms, so method - * \Drupal\Core\Form\FormBuilder::currentUser() on the default form builder - * class can be used to retrieve a user object for the current user, and - * then methods on \Drupal\user\UserInterface can be called to check - * permissions. + * common need in forms, so the current user service (described above) is + * injected into the form base class as method + * \Drupal\Core\Form\FormBase::currentUser(). * * @sec sec_entities User and role objects * User objects in Drupal are entity items, implementing @@ -741,6 +763,13 @@ * implementing \Drupal\user\RoleInterface. See the * @link entity_api Entity API topic @endlink for more information about * entities in general (including how to load, create, modify, and query them). + * + * Other important interfaces: + * - \Drupal\Core\Session\AccountInterface: The part of UserInterface that + * deals with access checking. In writing code that checks access, your + * method parameters should use this interface, not UserInterface. + * - \Drupal\Core\Session\AccountProxyInterface: The interface for the + * current_user service (described above). * @} */