function EntityResourceAccessTrait::checkEditFieldAccess

Performs edit access checks for fields.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity whose fields edit access should be checked for.

Throws

\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException Throws access denied when the user does not have permissions to edit a field.

2 calls to EntityResourceAccessTrait::checkEditFieldAccess()

EntityResource::post in core/modules/rest/src/Plugin/rest/resource/EntityResource.php

Responds to entity POST requests and saves the new entity.

UserRegistrationResource::post in core/modules/user/src/Plugin/rest/resource/UserRegistrationResource.php

Responds to user registration POST request.

File

core/modules/rest/src/Plugin/rest/resource/EntityResourceAccessTrait.php, line 24

Class

EntityResourceAccessTrait

@internal @todo Consider making public in https://www.drupal.org/node/2300677

Namespace

Drupal\rest\Plugin\rest\resource

Code

protected function checkEditFieldAccess(EntityInterface $entity) {
    // Only check 'edit' permissions for fields that were actually submitted by
    // the user. Field access makes no difference between 'create' and 'update',
    // so the 'edit' operation is used here.
    foreach ($entity->_restSubmittedFields as $field_name) {
        if (!$entity->get($field_name)
            ->access('edit')) {
            throw new AccessDeniedHttpException("Access denied on creating field '{$field_name}'.");
        }
    }
}