class EntityAccessDeniedHttpException

Enhances the access denied exception with information about the entity.

@internal JSON:API maintains no PHP API. The API is the HTTP API. This class may change at any time and could break any dependencies on it.

Hierarchy

Expanded class hierarchy of EntityAccessDeniedHttpException

See also

https://www.drupal.org/project/drupal/issues/3032787

jsonapi.api.php

8 files declare their use of EntityAccessDeniedHttpException
Data.php in core/modules/jsonapi/src/JsonApiResource/Data.php
EntityAccessChecker.php in core/modules/jsonapi/src/Access/EntityAccessChecker.php
EntityAccessDeniedHttpExceptionNormalizer.php in core/modules/jsonapi/src/Normalizer/EntityAccessDeniedHttpExceptionNormalizer.php
EntityResource.php in core/modules/jsonapi/src/Controller/EntityResource.php
IncludedData.php in core/modules/jsonapi/src/JsonApiResource/IncludedData.php

... See full list

File

core/modules/jsonapi/src/Exception/EntityAccessDeniedHttpException.php, line 24

Namespace

Drupal\jsonapi\Exception
View source 
class EntityAccessDeniedHttpException extends CacheableAccessDeniedHttpException implements ResourceIdentifierInterface {
    use DependencySerializationTrait;
    use ResourceIdentifierTrait;
    
    /**
     * The error which caused the 403.
     *
     * The error contains:
     *   - entity: The entity which the current user does not have access to.
     *   - pointer: A path in the JSON:API response structure pointing to the
     *     entity.
     *   - reason: (Optional) An optional reason for this failure.
     *
     * @var array
     */
    protected $error = [];
    
    /**
     * EntityAccessDeniedHttpException constructor.
     *
     * @param \Drupal\Core\Entity\EntityInterface|null $entity
     *   The entity, or NULL when an entity is being created.
     * @param \Drupal\Core\Access\AccessResultInterface $entity_access
     *   The access result.
     * @param string $pointer
     *   (optional) The pointer.
     * @param string $message
     *   (Optional) The display to display.
     * @param string $relationship_field
     *   (Optional) A relationship field name if access was denied because the
     *   user does not have permission to view an entity's relationship field.
     * @param \Exception|null $previous
     *   The previous exception.
     * @param int $code
     *   The code.
     */
    public function __construct($entity, AccessResultInterface $entity_access, $pointer, $message = 'The current user is not allowed to GET the selected resource.', $relationship_field = NULL, ?\Exception $previous = NULL, $code = 0) {
        assert(is_null($entity) || $entity instanceof EntityInterface);
        parent::__construct(CacheableMetadata::createFromObject($entity_access), $message, $previous, $code);
        $error = [
            'entity' => $entity,
            'pointer' => $pointer,
            'reason' => NULL,
            'relationship_field' => $relationship_field,
        ];
        if ($entity_access instanceof AccessResultReasonInterface) {
            $error['reason'] = $entity_access->getReason();
        }
        $this->error = $error;
        // @todo remove this ternary operation in https://www.drupal.org/project/drupal/issues/2997594.
        $this->resourceIdentifier = $entity ? ResourceIdentifier::fromEntity($entity) : NULL;
    }
    
    /**
     * Returns the error.
     *
     * @return array
     *   The error.
     */
    public function getError() {
        return $this->error;
    }

}

Members

Title Modifiers Object type Summary Overriden Title Overrides
CacheableDependencyTrait::$cacheContexts protected property Cache contexts.
CacheableDependencyTrait::$cacheMaxAge protected property Cache max-age.
CacheableDependencyTrait::$cacheTags protected property Cache tags.
CacheableDependencyTrait::getCacheContexts public function 4
CacheableDependencyTrait::getCacheMaxAge public function 4
CacheableDependencyTrait::getCacheTags public function 4
CacheableDependencyTrait::setCacheability protected function Sets cacheability; useful for value object constructors.
DependencySerializationTrait::$_entityStorages protected property
DependencySerializationTrait::$_serviceIds protected property
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
EntityAccessDeniedHttpException::$error protected property The error which caused the 403.
EntityAccessDeniedHttpException::getError public function Returns the error.
EntityAccessDeniedHttpException::__construct public function EntityAccessDeniedHttpException constructor. Overrides CacheableAccessDeniedHttpException::__construct
HttpException::fromStatusCode public static function
HttpException::getHeaders public function Returns response headers. Overrides HttpExceptionInterface::getHeaders
HttpException::getStatusCode public function Returns the status code. Overrides HttpExceptionInterface::getStatusCode
HttpException::setHeaders public function
ResourceIdentifierTrait::$resourceIdentifier protected property A ResourceIdentifier object.
ResourceIdentifierTrait::$resourceType protected property The JSON:API resource type of the identified resource object.
ResourceIdentifierTrait::getId public function
ResourceIdentifierTrait::getResourceType public function
ResourceIdentifierTrait::getTypeName public function