--- /dev/null
+<?php
+
+namespace Drupal\entity_module_test\EventSubscriber;
+
+use Drupal\entity\QueryAccess\ConditionGroup;
+use Drupal\entity\QueryAccess\QueryAccessEvent;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+
+class QueryAccessSubscriber implements EventSubscriberInterface {
+
+ /**
+ * {@inheritdoc}
+ */
+ public static function getSubscribedEvents() {
+ return [
+ 'entity.query_access.entity_test_enhanced' => 'onQueryAccess',
+ ];
+ }
+
+ /**
+ * Modifies the access conditions based on the current user.
+ *
+ * This is just a convenient example for testing. A real subscriber would
+ * ignore the account and extend the conditions to cover additional factors,
+ * such as a custom entity field.
+ *
+ * @param \Drupal\entity\QueryAccess\QueryAccessEvent $event
+ * The event.
+ */
+ public function onQueryAccess(QueryAccessEvent $event) {
+ $conditions = $event->getConditions();
+ $email = $event->getAccount()->getEmail();
+
+ if ($email == 'user1@example.com') {
+ // This user should not have access to any entities.
+ $conditions->alwaysFalse();
+ }
+ elseif ($email == 'user2@example.com') {
+ // This user should have access to entities with the IDs 1, 2, and 3.
+ // The query access handler might have already set ->alwaysFalse()
+ // due to the user not having any other access, so we make sure
+ // to undo it with $conditions->alwaysFalse(TRUE).
+ $conditions->alwaysFalse(FALSE);
+ $conditions->addCondition('id', ['1', '2', '3']);
+ }
+ elseif ($email == 'user3@example.com') {
+ // This user should only have access to entities assigned to "marketing",
+ // or unassigned entities.
+ $conditions->alwaysFalse(FALSE);
+ $conditions->addCondition((new ConditionGroup('OR'))
+ ->addCondition('assigned', NULL, 'IS NULL')
+ // Confirm that explicitly specifying the property name works.
+ ->addCondition('assigned.value', 'marketing')
+ );
+ }
+ }
+
+}