target_id; // '0' or NULL are considered valid empty references. if (empty($id)) { return; } /* @var \Drupal\Core\Entity\FieldableEntityInterface $referenced_entity */ $referenced_entity = $value->entity; if ($referenced_entity) { $entity = $value->getEntity(); $check_permission = TRUE; if (!$entity->isNew()) { $existing_entity = \Drupal::entityTypeManager()->getStorage($entity->getEntityTypeId())->loadUnchanged($entity->id()); $referenced_entities = $existing_entity->{$value->getFieldDefinition()->getName()}->referencedEntities(); // Check permission if we are not already referencing the entity. foreach ($referenced_entities as $ref) { if (isset($referenced_entities[$ref->id()])) { $check_permission = FALSE; break; } } } // We check that the current user had access to view any newly added // referenced entity. if ($check_permission && !$referenced_entity->access('view')) { $type = $value->getFieldDefinition()->getSetting('target_type'); $this->context->addViolation($constraint->message, ['%type' => $type, '%id' => $id]); } } } }