/** * {@inheritdoc} */ protected function checkAccess(EntityInterface $payment, $operation, AccountInterface $account) { /** @var \Drupal\payment\Entity\PaymentInterface $payment */ if ($operation == 'update_status') { $payment_method = $payment->getPaymentMethod(); if ($payment_method instanceof PaymentMethodUpdatePaymentStatusInterface && !$payment_method->updatePaymentStatusAccess($account)) { return AccessResult::forbidden(); } } elseif ($operation == 'capture') { $payment_method = $payment->getPaymentMethod(); if ($payment_method instanceof PaymentMethodCapturePaymentInterface) { return AccessResult::allowedIf($payment_method instanceof PaymentMethodCapturePaymentInterface)->andIf(AccessResult::allowedIf($payment_method->capturePaymentAccess($account)))->andIf($this->checkAccessPermission($payment, $operation, $account)); } return AccessResult::forbidden(); } elseif ($operation == 'refund') { $payment_method = $payment->getPaymentMethod(); if ($payment_method instanceof PaymentMethodRefundPaymentInterface) { return AccessResult::allowedIf($payment_method->refundPaymentAccess($account))->andIf($this->checkAccessPermission($payment, $operation, $account)); } return AccessResult::forbidden(); } elseif ($operation == 'complete') { if ($payment->getPaymentMethod()) { return AccessResult::allowedIf($payment->getOwnerId() == $account->id())->orIf(AccessResult::forbiddenIf($payment->getPaymentMethod()->getPaymentExecutionResult()->isCompleted())); } else { return AccessResult::forbidden(); } } return $this->checkAccessPermission($payment, $operation, $account); }
/** * Control access to a block instance. * * Modules may implement this hook if they want to have a say in whether or not * a given user has access to perform a given operation on a block instance. * * @param \Drupal\block\Entity\Block $block * The block instance. * @param string $operation * The operation to be performed; for instance, 'view', 'create', 'delete', or * 'update'. * @param \Drupal\Core\Session\AccountInterface $account * The user object to perform the access check operation on. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. If all implementations of this hook return * AccessResultInterface objects whose value is !isAllowed() and * !isForbidden(), then default access rules from * \Drupal\block\BlockAccessControlHandler::checkAccess() are used. * * @see \Drupal\Core\Entity\EntityAccessControlHandler::access() * @see \Drupal\block\BlockAccessControlHandler::checkAccess() * @ingroup block_api */ function hook_block_access(\Drupal\block\Entity\Block $block, $operation, \Drupal\Core\Session\AccountInterface $account) { // Example code that would prevent displaying the 'Powered by Drupal' block in // a region different than the footer. if ($operation == 'view' && $block->getPluginId() == 'system_powered_by_block') { return AccessResult::forbiddenIf($block->getRegion() != 'footer')->cacheUntilEntityChanges($block); } // No opinion. return AccessResult::neutral(); }
/** * {@inheritdoc} */ public function access($object, AccountInterface $account = NULL, $return_as_object = FALSE) { $result = parent::access($object, $account, TRUE)->andif(AccessResult::forbiddenIf($this->moderationInfo->isModeratedEntity($object))->addCacheableDependency($object)); return $return_as_object ? $result : $result->isAllowed(); }
/** * @covers ::forbiddenIf * @covers ::isAllowed * @covers ::isForbidden * @covers ::isNeutral */ public function testAccessConditionallyForbidden() { $verify = function (AccessResult $access, $forbidden) { $this->assertFalse($access->isAllowed()); $this->assertSame($forbidden, $access->isForbidden()); $this->assertSame(!$forbidden, $access->isNeutral()); $this->assertDefaultCacheability($access); }; $b1 = AccessResult::forbiddenIf(TRUE); $verify($b1, TRUE); $b2 = AccessResult::forbiddenIf(FALSE); $verify($b2, FALSE); }
/** * Control access to a block instance. * * Modules may implement this hook if they want to have a say in whether or not * a given user has access to perform a given operation on a block instance. * * @param \Drupal\block\Entity\Block $block * The block instance. * @param string $operation * The operation to be performed, e.g., 'view', 'create', 'delete', 'update'. * @param \Drupal\user\Entity\User $account * The user object to perform the access check operation on. * @param string $langcode * The language code to perform the access check operation on. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. If all implementations of this hook return * AccessResultInterface objects whose value is !isAllowed() and * !isForbidden(), then default access rules from * \Drupal\block\BlockAccessControlHandler::checkAccess() are used. * * @see \Drupal\Core\Entity\EntityAccessControlHandler::access() * @see \Drupal\block\BlockAccessControlHandler::checkAccess() * @ingroup block_api */ function hook_block_access(\Drupal\block\Entity\Block $block, $operation, \Drupal\user\Entity\User $account, $langcode) { // Example code that would prevent displaying the 'Powered by Drupal' block in // a region different than the footer. if ($operation == 'view' && $block->get('plugin') == 'system_powered_by_block') { return AccessResult::forbiddenIf($block->get('region') != 'footer')->cacheUntilEntityChanges($block); } // No opinion. return AccessResult::neutral(); }