1	<?php
2
3	declare(strict_types=1);
4
5	namespace Drupal\display_builder;
6
7	use Drupal\Core\Access\AccessResult;
8	use Drupal\Core\Access\AccessResultInterface;
9	use Drupal\Core\Entity\EntityAccessControlHandler;
10	use Drupal\Core\Entity\EntityInterface;
11	use Drupal\Core\Entity\EntityTypeInterface;
12	use Drupal\Core\Session\AccountInterface;
13
14	/**
15	* Defines the access control handler for the instance entity type.
16	*/
17	final class InstanceAccessControlHandler extends EntityAccessControlHandler {
18
19	/**
20	* The display buildable manager.
21	*/
22	protected DisplayBuildablePluginManager $displayBuildableManager;
23
24	/**
25	* {@inheritdoc}
26	*/
27	public function __construct(EntityTypeInterface $entity_type) {
28	parent::__construct($entity_type);
29	$this->displayBuildableManager = \Drupal::service('plugin.manager.display_buildable');
30	}
31
32	/**
33	* {@inheritdoc}
34	*/
35	protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account): AccessResultInterface {
36	/** @var \Drupal\display_builder\InstanceInterface $entity */
37	// 1. Profile-related access.
38	$profile_result = $this->checkProfileAccess($entity, $account);
39
40	if ($profile_result->isForbidden()) {
41	return $profile_result;
42	}
43	// 2. Access to DisplayBuildableInterface implementation.
44	$buildable_result = $this->checkBuildableAccess($entity, $account);
45
46	return $profile_result->andIf($buildable_result);
47	}
48
49	/**
50	* Checks permission to use the profile.
51	*
52	* @param \Drupal\display_builder\InstanceInterface $instance
53	*   The entity for which to check access.
54	* @param \Drupal\Core\Session\AccountInterface $account
55	*   The user session for which to check access.
56	*
57	* @return \Drupal\Core\Access\AccessResultInterface
58	*   The access result.
59	*/
60	private function checkProfileAccess(InstanceInterface $instance, AccountInterface $account): AccessResultInterface {
61	if ($profile = $instance->getProfile()) {
62	return $profile->access('view', $account, TRUE);
63	}
64
65	// If the profile does not exist, forbid access to this instance.
66	return AccessResult::forbidden('Invalid profileId on display_builder_instance.');
67	}
68
69	/**
70	* Checks access based on instance prefix/type.
71	*
72	* @param \Drupal\display_builder\InstanceInterface $instance
73	*   The entity for which to check access.
74	* @param \Drupal\Core\Session\AccountInterface $account
75	*   The user session for which to check access.
76	*
77	* @return \Drupal\Core\Access\AccessResultInterface
78	*   The access result.
79	*/
80	private function checkBuildableAccess(InstanceInterface $instance, AccountInterface $account): AccessResultInterface {
81	$instance_id = (string) $instance->id();
82	$providers = $this->displayBuildableManager->getDefinitions();
83
84	foreach ($providers as $provider) {
85	if (\str_starts_with($instance_id, $provider['instance_prefix'])) {
86	return $provider['class']::checkAccess($instance_id, $account);
87	}
88	}
89
90	// If an instance is not managed by a provider (for example: a demo or a
91	// test), we allow.
92	return AccessResult::allowed();
93	}
94
95	}

---

Branches

Below are the source code lines that represent each code branch as identified by Xdebug. Please note a branch is not necessarily coterminous with a line, a line may contain multiple branches and therefore show up more than once. Please also be aware that some branches may be implicit rather than explicit, e.g. an if statement always has an else as part of its logical flow even if you didn't write one.

InstanceAccessControlHandler->__construct

27	public function __construct(EntityTypeInterface $entity_type) {
28	parent::__construct($entity_type);
29	$this->displayBuildableManager = \Drupal::service('plugin.manager.display_buildable');
30	}

InstanceAccessControlHandler->checkAccess

35	protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account): AccessResultInterface {
36	/** @var \Drupal\display_builder\InstanceInterface $entity */
37	// 1. Profile-related access.
38	$profile_result = $this->checkProfileAccess($entity, $account);
39
40	if ($profile_result->isForbidden()) {

41	return $profile_result;

44	$buildable_result = $this->checkBuildableAccess($entity, $account);
45
46	return $profile_result->andIf($buildable_result);
47	}

InstanceAccessControlHandler->checkBuildableAccess

80	private function checkBuildableAccess(InstanceInterface $instance, AccountInterface $account): AccessResultInterface {
81	$instance_id = (string) $instance->id();
82	$providers = $this->displayBuildableManager->getDefinitions();
83
84	foreach ($providers as $provider) {

84	foreach ($providers as $provider) {

85	if (\str_starts_with($instance_id, $provider['instance_prefix'])) {

86	return $provider['class']::checkAccess($instance_id, $account);

84	foreach ($providers as $provider) {

84	foreach ($providers as $provider) {
85	if (\str_starts_with($instance_id, $provider['instance_prefix'])) {
86	return $provider['class']::checkAccess($instance_id, $account);
87	}
88	}
89
90	// If an instance is not managed by a provider (for example: a demo or a
91	// test), we allow.
92	return AccessResult::allowed();
93	}

InstanceAccessControlHandler->checkProfileAccess

60	private function checkProfileAccess(InstanceInterface $instance, AccountInterface $account): AccessResultInterface {
61	if ($profile = $instance->getProfile()) {

62	return $profile->access('view', $account, TRUE);

66	return AccessResult::forbidden('Invalid profileId on display_builder_instance.');
67	}