Entity access
To demonstrate the entity access system, we will work with the Product entity type we created in Chapter 7, Your Own Custom Entity and Plugin Types.
When we created the Product entity type, the annotation we wrote had an admin_permission
property where we referenced the general permission to be used for any interaction with entities of this type. Since we didn’t reference and implement an access control handler, this is the only access checking done on products. In many cases, this is enough. After all, entity types can be created for the sole purpose of structuring some data that nobody even needs to interact within the UI. However, many other cases require more granular access control on operating with the entities, especially the content-oriented ones, such as Node.
There are four operations for which we can control access when it comes to entities: view
, create
, update
, and delete
. The first one is clearly the most common one, but we always need to account...