namespace Drupal\permissions_by_entity\EventSubscriber;
-use Drupal\Core\Entity\ContentEntityInterface;
+use Drupal\Core\Entity\FieldableEntityInterface;
use Drupal\Core\StringTranslation\TranslationInterface;
use Drupal\permissions_by_entity\Service\AccessCheckerInterface;
use Drupal\permissions_by_entity\Service\CheckedEntityCache;
/**
* {@inheritdoc}
+ *
+ * @see DynamicPageCacheSubscriber
+ *
+ * This is required to run before the DynamicPageCacheSubscriber as otherwise
+ * the response would be cached which can lead to false access.
*/
public static function getSubscribedEvents() {
return [
- KernelEvents::REQUEST => ['onKernelRequest', 5],
+ KernelEvents::REQUEST => ['onKernelRequest', 28],
];
}
$request = $event->getRequest();
// Get the entity.
- /** @var \Drupal\Core\Entity\ContentEntityInterface $entity */
+ /** @var \Drupal\Core\Entity\FieldableEntityInterface $entity */
$entity = NULL;
if ($request->attributes->has('node')) {
$entity = $request->attributes->get('node');
}
// If there is no entity abort here.
- if (!$entity) {
+ if (!$entity instanceof FieldableEntityInterface) {
return;
}
if ($this->checkedEntityCache->isChecked($entity)) {
return;
}
- else {
- // Add this entity to the cache.
- $this->checkedEntityCache->add($entity);
- }
+
+ // Add this entity to the cache.
+ $this->checkedEntityCache->add($entity);
// Check if the current user is allowed to access this entity.
if (
- $entity && $entity instanceof ContentEntityInterface &&
+ $entity && $entity instanceof FieldableEntityInterface &&
!$this->accessChecker->isAccessAllowed($entity)
) {