I would like grant access to create a new entity in an IEF field widget based on some business logic, for example, to allow a particular user to create a new content type only when editing a node form with this IEF field, which they would otherwise not have access to create.

This can be made possible by passing some contextual information to InlineEntityFormBase::canAddNew() and InlineEntityFormBase::getCreateBundles(), which then gets passed to EntityAccessControlHandler::createAccess().

Then I could use hook_entity_create_access() and hook_ENTITY_TYPE_create_access() to evaluate this context and optionally grant access.

CommentFileSizeAuthor
#15 ief_parent_context_v3.patch5.19 KBholo96
#2 inline_entity_form-create-access-context-3043511-2.patch3.63 KBjoelstein

Issue fork inline_entity_form-3043511

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

  • 3043511-context-3.x Comparechanges, plain diff MR !154
  • 3.x Comparecompare
    • 1 hidden branch
  • 2.0.x Comparechanges, plain diff MR !75
About issue forks

Comments

joelstein created an issue. See original summary.

joelstein’s picture

joelstein commented
Status: Active » Needs review
StatusFileSize
new inline_entity_form-create-access-context-3043511-2.patch3.63 KB

Here's a patch which does the trick and allows me to do something like this:

use \Drupal\Core\Access\AccessResult;
use \Drupal\Core\Session\AccountInterface\AccountInterface;

/**
 * Implements hook_ENTITY_TYPE_create_access() for "node".
 */
function MYMODULE_node_create_access(AccountInterface $account, array $context, $entity_bundle) {
  // Grant workshop 'create' access to user 123 when editing 'Course Workshops' field.
  if (
    $entity_bundle === 'workshop'
     && $context['field_name'] === 'field_course_workshops'
    && $account->id() == 123
  ) {
    return AccessResult::allowed()->cachePerUser();
  }

  // No opinion.
  return AccessResult::neutral();
}
geek-merlin’s picture

geek-merlin
Primary language German
Location Freiburg, Germany
commented

Thanks for proposing that API addition! I really like the way you think and approach this.

As of the direction, i'm split: This looks elegant, but the bigger part in me deems this an abuse of the access API (Note to me: Resesrch how that paramete is used in the wild, e.g. by group module, and make up my mind what i think about it). I'm also not sure about the implications for caching (but guess $context goes into the $cid, which is good sec-wise, but floods the cache).
But if not that API, we can do the same with some alter hook. Thinking... What do you think about that?

podarok’s picture

podarok
🇺🇦 he/him/his
Primary language Ukrainian
Location Ukraine
commented
Version: 8.x-1.x-dev » 2.0.x-dev
Status: Needs review » Needs work 
it apply inline_entity_form-create-access-context-3043511-2.patch 
error: patch failed: src/Plugin/Field/FieldWidget/InlineEntityFormBase.php:557
error: src/Plugin/Field/FieldWidget/InlineEntityFormBase.php: patch does not apply
error: patch failed: src/Plugin/Field/FieldWidget/InlineEntityFormComplex.php:419
error: src/Plugin/Field/FieldWidget/InlineEntityFormComplex.php: patch does not apply

needs reroll

shivam_tiwari’s picture

shivam_tiwari commented
Assigned: Unassigned » shivam_tiwari

shivam_tiwari opened merge request !75

shivam_tiwari’s picture

shivam_tiwari commented
Assigned: shivam_tiwari » Unassigned
Status: Needs work » Needs review
podarok’s picture

podarok
🇺🇦 he/him/his
Primary language Ukrainian
Location Ukraine
commented
Status: Needs review » Fixed

MR!75 is in
tnx

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

geek-merlin’s picture

geek-merlin
Primary language German
Location Freiburg, Germany
commented
Version: 2.0.x-dev » 3.x-dev
Status: Closed (fixed) » Needs review
Related issues: +#3401656: Clean up problematic 2.x branch

Bulk reopen.

holo96’s picture

holo96 commented
Status: Needs review » Needs work

As mentioned by my issue when this was merged to 2.x...

Merge request is outdated and is not adding parent to context cosistently, for example
src/Plugin/Field/FieldWidget/InlineEntityFormComplex.php:385 is missing context at all.

DavorHorvacki changed the visibility of the branch 2.0.x to hidden.

DavorHorvacki changed the visibility of the branch 2.0.x to hidden.

DavorHorvacki changed the visibility of the branch 2.0.x to active.

holo96’s picture

holo96 commented
StatusFileSize
new ief_parent_context_v3.patch5.19 KB

This patch should workout.

About cache, I think access is only statically cached based off bundle. So it shouldn't flood cache. But, maybe I am wrong?

holo96’s picture

holo96 commented
Status: Needs work » Needs review
jonathanshaw’s picture

jonathanshaw
Primary language English
Location Stroud, UK
commented

I've needed this too, for canAddNew().

claudiu.cristea’s picture

claudiu.cristea
Primary language Romanian
Location Arad 🇷🇴
commented
Status: Needs review » Needs work

I would review this but we need a MR.

claudiu.cristea changed the visibility of the branch 2.0.x to hidden.

claudiu.cristea opened merge request !154