Implementing access control for an entity
All entity types have an access
handler used to control whether a user has access to create, read, update, or delete an entity. Both configuration and content entity types default to the \Drupal\Core\Entity\EntityAccessControlHandler
class as their access handler. This handler, however, only supports checking the admin_permission
of the entity type.
The Entity API module is a contributed project used to build enhancements on the Entity system in Drupal core and improve the developer experience with creating and maintaining custom entity types. It provides a permission provider to generate create, read, update, and delete permissions for an entity type. To complement the permission provider, it also has an access handler that supports the generated permissions.
In this recipe, we will use the permission provider and access handlers from the Entity API
module for the Message
entity type created previously in this chapter.