--- /dev/null
+{% extends "base/class.php.twig" %}
+
+{% block file_path %}
+\Drupal\{{module}}\{{ entity_class }}AccessControlHandler.
+{% endblock %}
+
+{% block namespace_class %}
+namespace Drupal\{{module}};
+{% endblock %}
+
+{% block use_class %}
+use Drupal\Core\Entity\EntityAccessControlHandler;
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
+use Drupal\Core\Access\AccessResult;
+{% endblock %}
+
+{% block class_declaration %}
+/**
+ * Access controller for the {{ label }} entity.
+ *
+ * @see \Drupal\{{module}}\Entity\{{ entity_class }}.
+ */
+class {{ entity_class }}AccessControlHandler extends EntityAccessControlHandler {% endblock %}
+{% block class_methods %}
+ /**
+ * {@inheritdoc}
+ */
+ protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
+ /** @var \Drupal\{{ module }}\Entity\{{ entity_class }}Interface $entity */
+ switch ($operation) {
+ case 'view':
+ if (!$entity->isPublished()) {
+ return AccessResult::allowedIfHasPermission($account, 'view unpublished {{ label|lower }} entities');
+ }
+ return AccessResult::allowedIfHasPermission($account, 'view published {{ label|lower }} entities');
+
+ case 'update':
+ return AccessResult::allowedIfHasPermission($account, 'edit {{ label|lower }} entities');
+
+ case 'delete':
+ return AccessResult::allowedIfHasPermission($account, 'delete {{ label|lower }} entities');
+ }
+
+ // Unknown operation, no opinion.
+ return AccessResult::neutral();
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
+ return AccessResult::allowedIfHasPermission($account, 'add {{ label|lower }} entities');
+ }
+{% endblock %}