Description
What we currently have:
comment/comment.module:1479:function comment_access($op, Comment $comment = NULL) {
file/file.module:2797:function file_access($op, $file = NULL, $account = NULL) {
node/node.module:2667:function node_access($op, $node, $account = NULL) {
taxonomy/taxonomy.module:560:function taxonomy_term_access($op, $term) {
(Function user_access does something different and rightly has different params.)
Not two of those specific entity access functions use the same parameter handling. I'm aware that all this code has grown over time, but wasn't there a base concept initially? If so - what did it look like? And most of all - would it be possible to standardize?
Here some more specific questions re parameters:
- How many params should they have?
- Which ones should be optional - if any?
- How to deal with the optional params (which checks to run - only admin access or all that might apply)?
This inconsistency has caused some trouble when trying to consolidate file access functions, but also causes other problems.
A small collection:
- [DX] Make File::access consistent with other entity classes. #5480
- Implement createAccess for File entities #5479
- Provide way for
entity_access()to check for operations view, update and delete if no entity is provided #5474 - Notice: Trying to get property 'type' of non-object in node_node_access() #5473
I'm aware that standardizing might be a 2.x task, but at least we could establish a policy regarding entity access functions. Without more consistency function entity_access won't ever be able to do something useful without a lot of exemptions and workarounds.