/**
* Checks access to the route based on the _access parameter.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route)
{
if ($route->getRequirement('_access') === 'TRUE') {
return AccessResult::allowed();
} elseif ($route->getRequirement('_access') === 'FALSE') {
return AccessResult::forbidden();
} else {
return AccessResult::neutral();
}
}
/**
* Checks access to the route based on the _access parameter.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
*
* @return string
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(Route $route)
{
if ($route->getRequirement('_access') === 'TRUE') {
return static::ALLOW;
} elseif ($route->getRequirement('_access') === 'FALSE') {
return static::KILL;
} else {
return static::DENY;
}
}
public function testRequirements()
{
$route = new Route('/:foo');
$route->setRequirements(array('foo' => '\\d+'));
$this->assertEquals(array('foo' => '\\d+'), $route->getRequirements(), '->setRequirements() sets the requirements');
$this->assertEquals('\\d+', $route->getRequirement('foo'), '->getRequirement() returns a requirement');
$this->assertNull($route->getRequirement('bar'), '->getRequirement() returns null if a requirement is not defined');
$route->setRequirements(array('foo' => '^\\d+$'));
$this->assertEquals('\\d+', $route->getRequirement('foo'), '->getRequirement() removes ^ and $ from the pattern');
$this->assertEquals($route, $route->setRequirements(array()), '->setRequirements() implements a fluent interface');
}
public function testRequirements()
{
$route = new Route('/{foo}');
$route->setRequirements(array('foo' => '\\d+'));
$this->assertEquals(array('foo' => '\\d+'), $route->getRequirements(), '->setRequirements() sets the requirements');
$this->assertEquals('\\d+', $route->getRequirement('foo'), '->getRequirement() returns a requirement');
$this->assertNull($route->getRequirement('bar'), '->getRequirement() returns null if a requirement is not defined');
$route->setRequirements(array('foo' => '^\\d+$'));
$this->assertEquals('\\d+', $route->getRequirement('foo'), '->getRequirement() removes ^ and $ from the pattern');
$this->assertEquals($route, $route->setRequirements(array()), '->setRequirements() implements a fluent interface');
// test that an array requirement throws an exception
$this->setExpectedException('InvalidArgumentException');
$route->setRequirements(array('foo' => array('bar', 'baz')));
}
/**
* {@inheritdoc}
*/
public function access(Route $route, AccountInterface $account, Request $request)
{
$_entity_revision = $request->attributes->get('_entity_revision');
$operation = $route->getRequirement('_entity_access_revision');
list(, $operation) = explode('.', $operation, 2);
return AccessResult::allowedIf($_entity_revision && $this->checkAccess($_entity_revision, $account, $operation))->cachePerPermissions();
}
/**
* Checks if the user has access to underlying storage for a Panels display.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The parametrized route.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account)
{
$panels_storage_type = $route_match->getParameter('panels_storage_type');
$panels_storage_id = $route_match->getParameter('panels_storage_id');
$op = $route->getRequirement('_panels_storage_access');
return $this->panelsStorage->access($panels_storage_type, $panels_storage_id, $op, $account);
}
/**
* Checks access for the account and route using the custom access checker.
*
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The route match object to be checked.
* @param \Drupal\Core\Session\AccountInterface $account
* The account being checked.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account)
{
$callable = $this->controllerResolver->getControllerFromDefinition($route->getRequirement('_custom_access'));
$arguments_resolver = $this->argumentsResolverFactory->getArgumentsResolver($route_match, $account);
$arguments = $arguments_resolver->getArguments($callable);
return call_user_func_array($callable, $arguments);
}
/**
* Checks translation access for the entity and operation on the given route.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The parametrized route.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param string $source
* (optional) For a create operation, the language code of the source.
* @param string $target
* (optional) For a create operation, the language code of the translation.
* @param string $language
* (optional) For an update or delete operation, the language code of the
* translation being updated or deleted.
* @param string $entity_type_id
* (optional) The entity type ID.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account, $source = NULL, $target = NULL, $language = NULL, $entity_type_id = NULL)
{
/* @var \Drupal\Core\Entity\ContentEntityInterface $entity */
if ($entity = $route_match->getParameter($entity_type_id)) {
if ($account->hasPermission('translate any entity')) {
return AccessResult::allowed()->cachePerRole();
}
$operation = $route->getRequirement('_access_content_translation_manage');
/* @var \Drupal\content_translation\ContentTranslationHandlerInterface $handler */
$handler = $this->entityManager->getHandler($entity->getEntityTypeId(), 'translation');
// Load translation.
$translations = $entity->getTranslationLanguages();
$languages = $this->languageManager->getLanguages();
switch ($operation) {
case 'create':
$source_language = $this->languageManager->getLanguage($source) ?: $entity->language();
$target_language = $this->languageManager->getLanguage($target) ?: $this->languageManager->getCurrentLanguage(LanguageInterface::TYPE_CONTENT);
$is_new_translation = $source_language->getId() != $target_language->getId() && isset($languages[$source_language->getId()]) && isset($languages[$target_language->getId()]) && !isset($translations[$target_language->getId()]);
return AccessResult::allowedIf($is_new_translation)->cachePerRole()->cacheUntilEntityChanges($entity)->andIf($handler->getTranslationAccess($entity, $operation));
case 'update':
case 'delete':
$language = $this->languageManager->getLanguage($language) ?: $this->languageManager->getCurrentLanguage(LanguageInterface::TYPE_CONTENT);
$has_translation = isset($languages[$language->getId()]) && $language->getId() != $entity->getUntranslated()->language()->getId() && isset($translations[$language->getId()]);
return AccessResult::allowedIf($has_translation)->cachePerRole()->cacheUntilEntityChanges($entity)->andIf($handler->getTranslationAccess($entity, $operation));
}
}
// No opinion.
return AccessResult::neutral();
}
/**
* Checks access to create an entity of any bundle for the given route.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The parameterized route.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account)
{
$entity_type_id = $route->getRequirement($this->requirementsKey);
$entity_type = $this->entityTypeManager->getDefinition($entity_type_id);
$access_control_handler = $this->entityTypeManager->getAccessControlHandler($entity_type_id);
// In case there is no "bundle" entity key, check create access with no
// bundle specified.
if (!$entity_type->hasKey('bundle')) {
return $access_control_handler->createAccess(NULL, $account, [], TRUE);
}
$access = AccessResult::neutral();
$bundles = array_keys($this->entityTypeBundleInfo->getBundleInfo($entity_type_id));
// Include list cache tag as access might change if more bundles are added.
if ($entity_type->getBundleEntityType()) {
$access->addCacheTags($this->entityTypeManager->getDefinition($entity_type->getBundleEntityType())->getListCacheTags());
// Check if the user is allowed to create new bundles. If so, allow
// access, so the add page can show a link to create one.
// @see \Drupal\Core\Entity\Controller\EntityController::addPage()
$bundle_access_control_handler = $this->entityTypeManager->getAccessControlHandler($entity_type->getBundleEntityType());
$access = $access->orIf($bundle_access_control_handler->createAccess(NULL, $account, [], TRUE));
if ($access->isAllowed()) {
return $access;
}
}
// Check whether an entity of any bundle may be created.
foreach ($bundles as $bundle) {
$access = $access->orIf($access_control_handler->createAccess($bundle, $account, [], TRUE));
// In case there is a least one bundle user can create entities for,
// access is allowed.
if ($access->isAllowed()) {
break;
}
}
return $access;
}
/**
* Checks routing access for the node revision.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param int $node_revision
* (optional) The node revision ID. If not specified, but $node is, access
* is checked for that object's revision.
* @param \Drupal\node\NodeInterface $node
* (optional) A node object. Used for checking access to a node's default
* revision when $node_revision is unspecified. Ignored when $node_revision
* is specified. If neither $node_revision nor $node are specified, then
* access is denied.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL)
{
if ($node_revision) {
$node = $this->nodeStorage->loadRevision($node_revision);
}
$operation = $route->getRequirement('_access_node_revision');
return AccessResult::allowedIf($node && $this->checkAccess($node, $account, $operation))->cachePerPermissions();
}
/**
* Checks routing access for the support_ticket revision.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param int $support_ticket_revision
* (optional) The support_ticket revision ID. If not specified, but
* $support_ticket is, access is checked for that object's revision.
* @param \Drupal\support_ticket\SupportTicketInterface $support_ticket
* (optional) A support_ticket object. Used for checking access to a
* support_ticket's default revision when $support_ticket_revision is
* unspecified. Ignored when $support_ticket_revision is specified. If neither
* $support_ticket_revision nor $support_ticket are specified, then access is
* denied.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, AccountInterface $account, $support_ticket_revision = NULL, SupportTicketInterface $support_ticket = NULL)
{
if ($support_ticket_revision) {
$support_ticket = $this->supportTicketStorage->loadRevision($support_ticket_revision);
}
$operation = $route->getRequirement('_access_support_ticket_revision');
return AccessResult::allowedIf($support_ticket && $this->checkAccess($support_ticket, $account, $operation))->cachePerPermissions();
}
/**
* Checks routing access for the node revision.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param int $node_revision
* (optional) The node revision ID. If not specified, but $node is, access
* is checked for that object's revision.
* @param \Drupal\node\NodeInterface $node
* (optional) A node object. Used for checking access to a node's default
* revision when $node_revision is unspecified. Ignored when $node_revision
* is specified. If neither $node_revision nor $node are specified, then
* access is denied.
*
* @return string
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL)
{
if ($node_revision) {
$node = $this->nodeStorage->loadRevision($node_revision);
}
$operation = $route->getRequirement('_access_node_revision');
return $node && $this->checkAccess($node, $account, $operation) ? static::ALLOW : static::DENY;
}
/**
* {@inheritDoc}
*/
protected function handleRouteRequirements($pathinfo, $name, Route $route)
{
// check HTTP scheme requirement
$scheme = $route->getRequirement('_scheme');
if ($scheme && $this->context->getScheme() !== $scheme) {
return array(self::ROUTE_MATCH, $this->redirect($pathinfo, $name, $scheme));
}
return array(self::REQUIREMENT_MATCH, null);
}
/**
* {@inheritdoc}
*/
public function access(Route $route, AccountInterface $account, RouteMatchInterface $route_match, $entity_revision = NULL, $_entity_revision = NULL)
{
$entity = $_entity_revision ?: $this->extractEntityFromRouteMatch($route_match);
if ($entity_revision) {
$entity = $this->entityManager->getStorage($entity->getEntityTypeId())->loadRevision($entity_revision);
}
$operation = $route->getRequirement('_entity_access_revision');
list(, $operation) = explode('.', $operation, 2);
return AccessResult::allowedIf($entity && $this->checkAccess($entity, $account, $operation))->cachePerPermissions();
}
/**
* {@inheritdoc}
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account)
{
// Backup the original requirements.
$original_requirements = $route->getRequirements();
// Replace it with our entity access value and run the parent access check.
$route->setRequirement('_entity_access', $route->getRequirement('_page_access'));
$access = parent::access($route, $route_match, $account);
// Restore the original requirements.
$route->setRequirements($original_requirements);
return $access;
}
public function access(Route $route, RouteMatch $match, AccountInterface $account)
{
$tempstore_id = $route->getDefault('tempstore_id');
$id = $match->getParameter($route->getRequirement('_ctools_access'));
if ($tempstore_id && $id) {
$cached_values = $this->getTempstore()->get($tempstore_id)->get($id);
if (!empty($cached_values['access']) && $cached_values['access'] instanceof CToolsAccessInterface) {
return $cached_values['access']->access($account);
}
}
return AccessResult::forbidden();
}
/**
* Checks access.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, AccountInterface $account)
{
$permission = $route->getRequirement('_permission');
// Allow to conjunct the permissions with OR ('+') or AND (',').
$split = explode(',', $permission);
if (count($split) > 1) {
return AccessResult::allowedIfHasPermissions($account, $split, 'AND');
} else {
$split = explode('+', $permission);
return AccessResult::allowedIfHasPermissions($account, $split, 'OR');
}
}
/**
* get collection and id from route
*
* @param Route $route route to look at
* @param string $value value of reference as URI
*
* @return array
*/
private function getDataFromRoute(Route $route, $value)
{
if ($route->getRequirement('id') !== null && $route->getMethods() === ['GET'] && preg_match($route->compile()->getRegex(), $value, $matches)) {
$id = $matches['id'];
list($routeService) = explode(':', $route->getDefault('_controller'));
list($core, $bundle, , $name) = explode('.', $routeService);
$serviceName = implode('.', [$core, $bundle, 'rest', $name]);
$collection = array_search($serviceName, $this->mapping);
return [$collection, $id];
}
return [null, null];
}
/**
* {@inheritdoc}
*/
protected function handleRouteRequirements($pathinfo, $name, Route $route)
{
// expression condition
if ($route->getCondition() && !$this->getExpressionLanguage()->evaluate($route->getCondition(), array('context' => $this->context, 'request' => $this->request))) {
return array(self::REQUIREMENT_MISMATCH, null);
}
// check HTTP scheme requirement
$scheme = $route->getRequirement('_scheme');
if ($scheme && $this->context->getScheme() !== $scheme) {
return array(self::ROUTE_MATCH, $this->redirect($pathinfo, $name, $scheme));
}
return array(self::REQUIREMENT_MATCH, null);
}
/**
* Loads the default revision of the entity this route is for.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The parametrized route
*
* @return ContentEntityInterface|null
* returns the Entity in question, or NULL if for some reason no entity
* is available.
*/
protected function loadEntity(Route $route, RouteMatchInterface $route_match)
{
// Split the entity type and the operation.
$requirement = $route->getRequirement('_entity_access');
list($entity_type, $operation) = explode('.', $requirement);
// If there is valid entity of the given entity type, check its access.
$parameters = $route_match->getParameters();
if ($parameters->has($entity_type)) {
$entity = $parameters->get($entity_type);
if ($entity instanceof EntityInterface) {
return $entity;
}
}
return NULL;
}
/**
* {@inheritdoc}
*/
public function access(Route $route, AccountInterface $account, Request $request = NULL)
{
if (empty($request)) {
$request = $this->requestStack->getCurrentRequest();
}
$operation = $route->getRequirement('_entity_access_revision');
list(, $operation) = explode('.', $operation, 2);
if ($operation === 'list') {
$_entity = $request->attributes->get('_entity', $request->attributes->get($route->getOption('entity_type_id')));
return AccessResult::allowedIf($this->checkAccess($_entity, $account, $operation))->cachePerPermissions();
} else {
$_entity_revision = $request->attributes->get('_entity_revision');
return AccessResult::allowedIf($_entity_revision && $this->checkAccess($_entity_revision, $account, $operation))->cachePerPermissions();
}
}
/**
* Checks access to the entity operation on the given route.
*
* The value of the '_entity_access' key must be in the pattern
* 'entity_type.operation.' The entity type must match the {entity_type}
* parameter in the route pattern. This will check a node for 'update' access:
* @code
* pattern: '/foo/{node}/bar'
* requirements:
* _entity_access: 'node.update'
* @endcode
* Available operations are 'view', 'update', 'create', and 'delete'.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Symfony\Component\HttpFoundation\Request $request
* The request object.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return string
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(Route $route, Request $request, AccountInterface $account)
{
// Split the entity type and the operation.
$requirement = $route->getRequirement('_entity_access');
list($entity_type, $operation) = explode('.', $requirement);
// If there is valid entity of the given entity type, check its access.
if ($request->attributes->has($entity_type)) {
$entity = $request->attributes->get($entity_type);
if ($entity instanceof EntityInterface) {
return $entity->access($operation, $account) ? static::ALLOW : static::DENY;
}
}
// No opinion, so other access checks should decide if access should be
// allowed or not.
return static::DENY;
}
/**
* Checks operation access on the field collection item's host's revisions.
*
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* TODO: Document params
*
* @return string
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(Route $route, AccountInterface $account, $field_collection_item_revision = NULL, FieldCollectionItem $field_collection_item = NULL)
{
if ($field_collection_item_revision) {
$field_collection_item = \Drupal::entityTypeManager()->getStorage('field_collection_item')->loadRevision($field_collection_item_revision);
}
$operation = $route->getRequirement('_access_field_collection_item_host_revisions');
$host = $field_collection_item->getHost();
if ($host->getEntityType()->id() == 'node') {
return AccessResult::allowedIf($account->hasPermission($operation . ' ' . $host->getType() . ' revisions'));
} else {
if ($host->getEntityType()->id() == 'field_collection_item') {
return $this->access($route, $account, $host->revision_id, $host);
} else {
return AccessResult::allowedIf($field_collection_item && $field_collection_item->getHost()->access($operation, $account))->cachePerPermissions();
}
}
}
/**
* Checks access to the entity operation on the given route.
*
* The value of the '_entity_access' key must be in the pattern
* 'entity_type.operation.' The entity type must match the {entity_type}
* parameter in the route pattern. This will check a node for 'update' access:
* @code
* pattern: '/foo/{node}/bar'
* requirements:
* _entity_access: 'node.update'
* @endcode
* Available operations are 'view', 'update', 'create', and 'delete'.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The parametrized route
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account)
{
// Split the entity type and the operation.
$requirement = $route->getRequirement('_entity_access');
list($entity_type, $operation) = explode('.', $requirement);
// If there is valid entity of the given entity type, check its access.
$parameters = $route_match->getParameters();
if ($parameters->has($entity_type)) {
$entity = $parameters->get($entity_type);
if ($entity instanceof EntityInterface) {
return $entity->access($operation, $account, TRUE);
}
}
// No opinion, so other access checks should decide if access should be
// allowed or not.
return AccessResult::neutral();
}
/**
* Checks access to create the entity type and bundle for the given route.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The parametrized route.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account)
{
list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':');
// The bundle argument can contain request argument placeholders like
// {name}, loop over the raw variables and attempt to replace them in the
// bundle name. If a placeholder does not exist, it won't get replaced.
if ($bundle && strpos($bundle, '{') !== FALSE) {
foreach ($route_match->getRawParameters()->all() as $name => $value) {
$bundle = str_replace('{' . $name . '}', $value, $bundle);
}
// If we were unable to replace all placeholders, deny access.
if (strpos($bundle, '{') !== FALSE) {
return AccessResult::neutral();
}
}
return $this->entityManager->getAccessControlHandler($entity_type)->createAccess($bundle, $account, [], TRUE);
}
/**
* Tries to match a URL with an individual route.
*
* @param $pathinfo
* @param $name
* @param BaseRoute $route
* @return array|null
*/
protected function matchRoute($pathinfo, $name, BaseRoute $route)
{
$compiledRoute = $route->compile();
// check the static prefix of the URL first. Only use the more expensive preg_match when it matches
if ('' !== $compiledRoute->getStaticPrefix() && 0 !== strpos($pathinfo, $compiledRoute->getStaticPrefix())) {
return null;
}
if (!preg_match($compiledRoute->getRegex(), $pathinfo, $matches)) {
return null;
}
$hostMatches = array();
if ($compiledRoute->getHostRegex() && !preg_match($compiledRoute->getHostRegex(), $this->context->getHost(), $hostMatches)) {
return null;
}
// check HTTP method requirement
if ($req = $route->getRequirement('_method')) {
// HEAD and GET are equivalent as per RFC
if ('HEAD' === ($method = $this->context->getMethod())) {
$method = 'GET';
}
if (!in_array($method, $req = explode('|', strtoupper($req)))) {
$this->allow = array_merge($this->allow, $req);
return null;
}
}
$status = $this->handleRouteRequirements($pathinfo, $name, $route);
if (self::ROUTE_MATCH === $status[0]) {
return $status[1];
}
if (self::REQUIREMENT_MISMATCH === $status[0]) {
return null;
}
$attrs = $this->getAttributes($route, $name, array_replace($matches, $hostMatches));
if ($route instanceof Route) {
foreach ($route->getMatchCallbacks() as $callback) {
$ret = call_user_func($callback, $attrs);
if ($ret === false) {
return null;
}
if (is_array($ret)) {
$attrs = $ret;
}
}
}
return $attrs;
}
/**
* Checks translation access for the entity and operation on the given route.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The parametrized route.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param string $source
* (optional) For a create operation, the language code of the source.
* @param string $target
* (optional) For a create operation, the language code of the translation.
* @param string $language
* (optional) For an update or delete operation, the language code of the
* translation being updated or deleted.
* @param string $entity_type_id
* (optional) The entity type ID.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account, $source = NULL, $target = NULL, $language = NULL, $entity_type_id = NULL)
{
/* @var \Drupal\Core\Entity\ContentEntityInterface $entity */
if ($entity = $route_match->getParameter($entity_type_id)) {
$operation = $route->getRequirement('_access_content_translation_manage');
$language = $this->languageManager->getLanguage($language) ?: $this->languageManager->getCurrentLanguage(LanguageInterface::TYPE_CONTENT);
$entity_type = $this->entityManager->getDefinition($entity_type_id);
if (in_array($operation, ['update', 'delete'])) {
// Translation operations cannot be performed on the default
// translation.
if ($language->getId() == $entity->getUntranslated()->language()->getId()) {
return AccessResult::forbidden()->addCacheableDependency($entity);
}
// Editors have no access to the translation operations, as entity
// access already grants them an equal or greater access level.
$templates = ['update' => 'edit-form', 'delete' => 'delete-form'];
if ($entity->access($operation) && $entity_type->hasLinkTemplate($templates[$operation])) {
return AccessResult::forbidden()->cachePerPermissions();
}
}
if ($account->hasPermission('translate any entity')) {
return AccessResult::allowed()->cachePerPermissions();
}
/* @var \Drupal\content_translation\ContentTranslationHandlerInterface $handler */
$handler = $this->entityManager->getHandler($entity->getEntityTypeId(), 'translation');
// Load translation.
$translations = $entity->getTranslationLanguages();
$languages = $this->languageManager->getLanguages();
switch ($operation) {
case 'create':
$source_language = $this->languageManager->getLanguage($source) ?: $entity->language();
$target_language = $this->languageManager->getLanguage($target) ?: $this->languageManager->getCurrentLanguage(LanguageInterface::TYPE_CONTENT);
$is_new_translation = $source_language->getId() != $target_language->getId() && isset($languages[$source_language->getId()]) && isset($languages[$target_language->getId()]) && !isset($translations[$target_language->getId()]);
return AccessResult::allowedIf($is_new_translation)->cachePerPermissions()->addCacheableDependency($entity)->andIf($handler->getTranslationAccess($entity, $operation));
case 'delete':
case 'update':
$has_translation = isset($languages[$language->getId()]) && $language->getId() != $entity->getUntranslated()->language()->getId() && isset($translations[$language->getId()]);
return AccessResult::allowedIf($has_translation)->cachePerPermissions()->addCacheableDependency($entity)->andIf($handler->getTranslationAccess($entity, $operation));
}
}
// No opinion.
return AccessResult::neutral();
}
public function access(Route $route, RouteMatch $match, AccountInterface $account)
{
$tempstore_id = $match->getParameter('tempstore_id') ? $match->getParameter('tempstore_id') : $route->getDefault('tempstore_id');
$id = $match->getParameter($route->getRequirement('_ctools_access'));
if ($tempstore_id && $id) {
$cached_values = $this->getTempstore()->get($tempstore_id)->get($id);
if (!empty($cached_values['access']) && $cached_values['access'] instanceof CToolsAccessInterface) {
$access = $cached_values['access']->access($account);
} else {
$access = AccessResult::allowed();
}
} else {
$access = AccessResult::forbidden();
}
// The different wizards will have different tempstore ids and adding this
// cache context allows us to nuance the access per wizard.
$access->addCacheContexts(['url.query_args:tempstore_id']);
return $access;
}
/**
* Checks access.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, AccountInterface $account)
{
// Requirements just allow strings, so this might be a comma separated list.
$rid_string = $route->getRequirement('_role');
$explode_and = array_filter(array_map('trim', explode(',', $rid_string)));
if (count($explode_and) > 1) {
$diff = array_diff($explode_and, $account->getRoles());
if (empty($diff)) {
return AccessResult::allowed()->cachePerRole();
}
} else {
$explode_or = array_filter(array_map('trim', explode('+', $rid_string)));
$intersection = array_intersect($explode_or, $account->getRoles());
if (!empty($intersection)) {
return AccessResult::allowed()->cachePerRole();
}
}
// If there is no allowed role, give other access checks a chance.
return AccessResult::neutral()->cachePerRole();
}
/**
* Checks access to the form mode.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Symfony\Component\HttpFoundation\Request $request
* The request object.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
* @param string $form_mode_name
* (optional) The form mode. Defaults to 'default'.
* @param string $bundle
* (optional) The bundle. Different entity types can have different names
* for their bundle key, so if not specified on the route via a {bundle}
* parameter, the access checker determines the appropriate key name, and
* gets the value from the corresponding request attribute. For example,
* for nodes, the bundle key is "node_type", so the value would be
* available via the {node_type} parameter rather than a {bundle}
* parameter.
*
* @return string
* A \Drupal\Core\Access\AccessInterface constant value.
*/
public function access(Route $route, Request $request, AccountInterface $account, $form_mode_name = 'default', $bundle = NULL)
{
if ($entity_type_id = $route->getDefault('entity_type_id')) {
if (!isset($bundle)) {
$entity_type = $this->entityManager->getDefinition($entity_type_id);
$bundle = $request->attributes->get('_raw_variables')->get($entity_type->getBundleEntityType());
}
$visibility = FALSE;
if ($form_mode_name == 'default') {
$visibility = TRUE;
} elseif ($entity_display = $this->entityManager->getStorage('entity_form_display')->load($entity_type_id . '.' . $bundle . '.' . $form_mode_name)) {
$visibility = $entity_display->status();
}
if ($visibility) {
$permission = $route->getRequirement('_field_ui_form_mode_access');
return $account->hasPermission($permission) ? static::ALLOW : static::DENY;
}
}
return static::DENY;
}
