Permissions by Term/Entity currently controls view access only. There is scope to control edit access as well.
It will be more complicated in practice but in theory the logic is to listen for "edit" events wherever we listen to "view" events in code like:
function permissions_by_entity_entity_access(EntityInterface $entity, $operation, AccountInterface $account) {
/** @var \Drupal\permissions_by_entity\Service\AccessChecker $accessChecker */
if ($operation === 'view' && $entity instanceof FieldableEntityInterface) {
$accessChecker = \Drupal::service('permissions_by_entity.access_checker');
// Do not just return a neutral result if access allowed by the module.
return $accessChecker->isAccessAllowed($entity, $account->id()) ? AccessResult::allowed() : AccessResult::forbidden('Access revoked by permissions_by_entity module.');
}
return AccessResult::neutral();
}
A different taxonomy would keep track of "edit access". When creating this taxonomy you'd specify if it was for view or edit access control.
Form submits that contain entities within entities (node form with paragraphs) may result in missing data if an entity isn't loaded? This more complex case could be avoided for now (only control access for a "top level" entity).
Needs work
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
No activities found.