For every entity in entity listings we display several links that represent operations users can perform on those entities. At the time of writing these operation links are displayed in list controllers, and Field UI. Operations links are defined by those controllers and Field UI, and alter hooks are not called consistently, and there is no way to dynamically define operations for other modules' entities without abusing the alter hook.
Because there is no single place operations can be retrieved from, field operations are repeated all over core, for instance. List controllers can be used to retrieve operations, but that's not what they were designed to do.
Introduce entity operation providers whose sole purpose is to retrieve entity operations from within the class itself and using hooks. Automatically run operations through entities' access controllers for increased and centralized security. We can then also make routes use
_entity_access for arbitrary operations.
API additions & changes
- The addition of a new type of entity controller, which will not break anything.
hook_entity_operations(), which will not break anything.
hook_entity_operations_alter()to match the newly introduced hook.
- Operation access will be run through entities' access controllers in order to centralize and increase security. Operations that are exposed in operations providers can have their access checked in access controllers. Operations that are exposed through the hook can have their access checked through
hook_entity_access(), which is invoked by access controllers.