3 namespace Drupal\entity\Access;
5 use Drupal\Core\Access\AccessResult;
6 use Drupal\Core\Entity\EntityTypeManagerInterface;
7 use Drupal\Core\Routing\Access\AccessInterface;
8 use Drupal\Core\Session\AccountInterface;
9 use Drupal\Core\TempStore\PrivateTempStoreFactory;
10 use Symfony\Component\HttpFoundation\RequestStack;
13 * Checks if the current user has delete access to the items of the tempstore.
15 class EntityDeleteMultipleAccessCheck implements AccessInterface {
18 * The entity type manager.
20 * @var \Drupal\Core\Entity\EntityManagerInterface
22 protected $entityTypeManager;
25 * The tempstore service.
27 * @var \Drupal\Core\TempStore\PrivateTempStoreFactory
32 * Request stack service.
34 * @var \Symfony\Component\HttpFoundation\RequestStack
36 protected $requestStack;
39 * Constructs a new EntityDeleteMultipleAccessCheck.
41 * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
42 * The entity type manager.
43 * @param \Drupal\Core\TempStore\PrivateTempStoreFactory $temp_store_factory
44 * The tempstore service.
45 * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
46 * The request stack service.
48 public function __construct(EntityTypeManagerInterface $entity_type_manager, PrivateTempStoreFactory $temp_store_factory, RequestStack $request_stack) {
49 $this->entityTypeManager = $entity_type_manager;
50 $this->tempStore = $temp_store_factory->get('entity_delete_multiple_confirm');
51 $this->requestStack = $request_stack;
55 * Checks if the user has delete access for at least one item of the store.
57 * @param \Drupal\Core\Session\AccountInterface $account
58 * Run access checks for this account.
59 * @param string $entity_type_id
62 * @return \Drupal\Core\Access\AccessResult
63 * Allowed or forbidden, neutral if tempstore is empty.
65 public function access(AccountInterface $account, $entity_type_id) {
66 if (!$this->requestStack->getCurrentRequest()->getSession()) {
67 return AccessResult::neutral();
69 $selection = $this->tempStore->get($account->id() . ':' . $entity_type_id);
70 if (empty($selection) || !is_array($selection)) {
71 return AccessResult::neutral();
74 $entities = $this->entityTypeManager->getStorage($entity_type_id)->loadMultiple(array_keys($selection));
75 foreach ($entities as $entity) {
76 // As long as the user has access to delete one entity allow access to the
77 // delete form. Access will be checked again in
78 // Drupal\Core\Entity\Form\DeleteMultipleForm::submit() in case it has
79 // changed in the meantime.
80 if ($entity->access('delete', $account)) {
81 return AccessResult::allowed();
84 return AccessResult::forbidden();