hasPermission('administer media')) { return AccessResult::allowed()->cachePerPermissions(); } $is_owner = ($account->id() && $account->id() === $entity->getOwnerId()); switch ($operation) { case 'view': return AccessResult::allowedIf($account->hasPermission('view media') && $entity->isPublished()) ->cachePerPermissions() ->addCacheableDependency($entity); case 'update': if ($account->hasPermission('update any media')) { return AccessResult::allowed()->cachePerPermissions(); } return AccessResult::allowedIf($account->hasPermission('update media') && $is_owner) ->cachePerPermissions() ->cachePerUser() ->addCacheableDependency($entity); case 'delete': if ($account->hasPermission('delete any media')) { return AccessResult::allowed()->cachePerPermissions(); } return AccessResult::allowedIf($account->hasPermission('delete media') && $is_owner) ->cachePerPermissions() ->cachePerUser() ->addCacheableDependency($entity); default: return AccessResult::neutral()->cachePerPermissions(); } } /** * {@inheritdoc} */ protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { return AccessResult::allowedIfHasPermissions($account, ['administer media', 'create media'], 'OR'); } }