1 entity.module entity_access($op, $entity_type, EntityInterface $entity = NULL, User $account = NULL)

Determines whether the given user has access to an entity.


string $op: The operation to be performed on the entity. Possible values are:

  • create
  • view
  • update
  • delete

string $entity_type: The entity type of the entity to check for.

EntityInterface $entity: Optionally an entity to check access for. If no entity is given, it will be determined whether access is allowed for all entities of the given type.

User $account: The user to check for. Leave it to NULL to check for the global user.

Return value

bool: Whether access is allowed or not. If the entity type does not specify any access information, NULL is returned.

See also



core/modules/entity/entity.module, line 191
Entity API for handling entities like nodes or users.


function entity_access($op, $entity_type, EntityInterface $entity = NULL, User $account = NULL) {
  if (!in_array($op, array('create', 'view', 'update', 'delete'), TRUE)) {
    // If the $op was not one of the supported ones, we return access denied.
    return FALSE;
  if (!empty($entity)) {
    return $entity->access($op, $account);
  elseif ($op == 'create') {
    $entity_info = entity_get_info($entity_type);

    $class = $entity_info['entity class'];
    $bundle = NULL;
    if ($entity !== NULL) {
      $bundle = $entity->bundle();
    return $class::createAccess($bundle, $account);