Let's add an API for checking access to entity objects, e.g. like the
entity_access() function of the d7 contrib entity API module. Furthermore, the API should provide means for checking property/field access based upon , while incorporating entity access.
Note, that this issue is supposed to implement access checks on already loaded entity objects and/or checking general access, but not about applying access checks on queries. Let's handle that in another issue, e.g..
Problem / Motivation
For implementing web services an easy way to check entity access is necessary, such that inaccessible properties can be filtered out and access to inaccessible entities is denied. Of course, that API would be useful in many other situations as well, i.e. for pretty much every module that wants to generally support entities and incorporate access checks.
- Work in the lines of , i.e. implement a sane default behaviour in a swappable and customizable controller class.
- Keep it optional: entity types may specify an access controller, but it's not mandatory.
is postponed on this issue.
PASSED: [[SimpleTest]]: [MySQL] 48,248 pass(es).
PASSED: [[SimpleTest]]: [MySQL] 48,234 pass(es).
FAILED: [[SimpleTest]]: [MySQL] 48,212 pass(es), 1 fail(s), and 0 exception(s).