The module now ships with an entity query access API, which alters entity queries and views to only list the entities that the user has access to.
That means that an entity query or a view might be restricted to only published entities, or only entities of specific bundles, or belonging to a specific user ("view own").
The query_access handler generates conditions which are then applied to the queries. The default handlers are permission-based, checking the permissions provided by EntityPermissionProvider and UncacheableEntityPermissionProvider.
Annotation examples:
* handlers = {
* "access" = "\Drupal\entity\EntityAccessControlHandler",
* "query_access" = "\Drupal\entity\QueryAccess\QueryAccessHandler",
* "permission_provider" = "\Drupal\entity\EntityPermissionProvider",
* handlers = {
* "access" = "\Drupal\entity\UncacheableEntityAccessControlHandler",
* "query_access" = "\Drupal\entity\QueryAccess\UncacheableQueryAccessHandler",
* "permission_provider" = "\Drupal\entity\UncacheableEntityPermissionProvider",
Modules can use the QueryAccessEvent ("entity.query_access.$entity_type_id") to alter the generated access conditions before they are applied to a query, in order to add additional filtering based on a group, store, or some other factor. See the QueryAccessSubscriber in tests/entity_module_test for an example.
Comments
Useful Example
I often have trouble understanding the usage from the test code. Fortunately there is a good practical example in the commerce_cart submodule of Drupal Commerce:
1) there is a service in commerce_cart.services.yml:
2) the subscriber in the class noted above a) checks if user already has permission from the Permissions provider and returns if they do and b) assembles the carts related to the user and grants access to those for the user in the query:
Subqueries are not supported
It should be noted that subqueries are currently not supported by the Query Access API. Also see #3259313: Let Query Access API support subqueries
Blog article on this topic
Looks like this is a helpful blog article on this topic:
https://gorannikolovski.com/blog/query-level-filtering-custom-entities-d...
http://www.DROWL.de || Professionelle Drupal Lösungen aus Ostwestfalen-Lippe (OWL)
http://www.webks.de || webks: websolutions kept simple - Webbasierte Lösungen die einfach überzeugen!
http://www.drupal-theming.com || Individuelle Responsive Themes