--- /dev/null
+<?php
+
+namespace Drupal\paragraphs;
+
+use Drupal\Core\Entity\EntityAccessControlHandler;
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
+use Drupal\Core\Access\AccessResult;
+
+/**
+ * Access controller for the paragraphs entity.
+ *
+ * @see \Drupal\paragraphs\Entity\Paragraph.
+ */
+class ParagraphAccessControlHandler extends EntityAccessControlHandler {
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function checkAccess(EntityInterface $paragraph, $operation, AccountInterface $account) {
+ // Allowed when the operation is not view or the status is true.
+ /** @var \Drupal\paragraphs\Entity\Paragraph $paragraph */
+ if ($paragraph->getParentEntity() != NULL) {
+ // Delete permission on the paragraph, should just depend on 'update'
+ // access permissions on the parent.
+ $operation = ($operation == 'delete') ? 'update' : $operation;
+ $parent_access = $paragraph->getParentEntity()->access($operation, $account, TRUE);
+ return AccessResult::allowedIf($operation != 'view' || $paragraph->status->value)
+ ->andIf($parent_access);
+ }
+ return AccessResult::allowedIf($operation != 'view' || $paragraph->status->value);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
+ // Allowed when nobody implements.
+ return AccessResult::allowed();
+ }
+
+}