/** * Checks access to the route based on the _access parameter. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route) { if ($route->getRequirement('_access') === 'TRUE') { return AccessResult::allowed(); } elseif ($route->getRequirement('_access') === 'FALSE') { return AccessResult::forbidden(); } else { return AccessResult::neutral(); } }
/** * Checks access to the route based on the _access parameter. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(Route $route) { if ($route->getRequirement('_access') === 'TRUE') { return static::ALLOW; } elseif ($route->getRequirement('_access') === 'FALSE') { return static::KILL; } else { return static::DENY; } }
public function testRequirements() { $route = new Route('/:foo'); $route->setRequirements(array('foo' => '\\d+')); $this->assertEquals(array('foo' => '\\d+'), $route->getRequirements(), '->setRequirements() sets the requirements'); $this->assertEquals('\\d+', $route->getRequirement('foo'), '->getRequirement() returns a requirement'); $this->assertNull($route->getRequirement('bar'), '->getRequirement() returns null if a requirement is not defined'); $route->setRequirements(array('foo' => '^\\d+$')); $this->assertEquals('\\d+', $route->getRequirement('foo'), '->getRequirement() removes ^ and $ from the pattern'); $this->assertEquals($route, $route->setRequirements(array()), '->setRequirements() implements a fluent interface'); }
public function testRequirements() { $route = new Route('/{foo}'); $route->setRequirements(array('foo' => '\\d+')); $this->assertEquals(array('foo' => '\\d+'), $route->getRequirements(), '->setRequirements() sets the requirements'); $this->assertEquals('\\d+', $route->getRequirement('foo'), '->getRequirement() returns a requirement'); $this->assertNull($route->getRequirement('bar'), '->getRequirement() returns null if a requirement is not defined'); $route->setRequirements(array('foo' => '^\\d+$')); $this->assertEquals('\\d+', $route->getRequirement('foo'), '->getRequirement() removes ^ and $ from the pattern'); $this->assertEquals($route, $route->setRequirements(array()), '->setRequirements() implements a fluent interface'); // test that an array requirement throws an exception $this->setExpectedException('InvalidArgumentException'); $route->setRequirements(array('foo' => array('bar', 'baz'))); }
/** * {@inheritdoc} */ public function access(Route $route, AccountInterface $account, Request $request) { $_entity_revision = $request->attributes->get('_entity_revision'); $operation = $route->getRequirement('_entity_access_revision'); list(, $operation) = explode('.', $operation, 2); return AccessResult::allowedIf($_entity_revision && $this->checkAccess($_entity_revision, $account, $operation))->cachePerPermissions(); }
/** * Checks if the user has access to underlying storage for a Panels display. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parametrized route. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) { $panels_storage_type = $route_match->getParameter('panels_storage_type'); $panels_storage_id = $route_match->getParameter('panels_storage_id'); $op = $route->getRequirement('_panels_storage_access'); return $this->panelsStorage->access($panels_storage_type, $panels_storage_id, $op, $account); }
/** * Checks access for the account and route using the custom access checker. * * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The route match object to be checked. * @param \Drupal\Core\Session\AccountInterface $account * The account being checked. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) { $callable = $this->controllerResolver->getControllerFromDefinition($route->getRequirement('_custom_access')); $arguments_resolver = $this->argumentsResolverFactory->getArgumentsResolver($route_match, $account); $arguments = $arguments_resolver->getArguments($callable); return call_user_func_array($callable, $arguments); }
/** * Checks translation access for the entity and operation on the given route. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parametrized route. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param string $source * (optional) For a create operation, the language code of the source. * @param string $target * (optional) For a create operation, the language code of the translation. * @param string $language * (optional) For an update or delete operation, the language code of the * translation being updated or deleted. * @param string $entity_type_id * (optional) The entity type ID. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account, $source = NULL, $target = NULL, $language = NULL, $entity_type_id = NULL) { /* @var \Drupal\Core\Entity\ContentEntityInterface $entity */ if ($entity = $route_match->getParameter($entity_type_id)) { if ($account->hasPermission('translate any entity')) { return AccessResult::allowed()->cachePerRole(); } $operation = $route->getRequirement('_access_content_translation_manage'); /* @var \Drupal\content_translation\ContentTranslationHandlerInterface $handler */ $handler = $this->entityManager->getHandler($entity->getEntityTypeId(), 'translation'); // Load translation. $translations = $entity->getTranslationLanguages(); $languages = $this->languageManager->getLanguages(); switch ($operation) { case 'create': $source_language = $this->languageManager->getLanguage($source) ?: $entity->language(); $target_language = $this->languageManager->getLanguage($target) ?: $this->languageManager->getCurrentLanguage(LanguageInterface::TYPE_CONTENT); $is_new_translation = $source_language->getId() != $target_language->getId() && isset($languages[$source_language->getId()]) && isset($languages[$target_language->getId()]) && !isset($translations[$target_language->getId()]); return AccessResult::allowedIf($is_new_translation)->cachePerRole()->cacheUntilEntityChanges($entity)->andIf($handler->getTranslationAccess($entity, $operation)); case 'update': case 'delete': $language = $this->languageManager->getLanguage($language) ?: $this->languageManager->getCurrentLanguage(LanguageInterface::TYPE_CONTENT); $has_translation = isset($languages[$language->getId()]) && $language->getId() != $entity->getUntranslated()->language()->getId() && isset($translations[$language->getId()]); return AccessResult::allowedIf($has_translation)->cachePerRole()->cacheUntilEntityChanges($entity)->andIf($handler->getTranslationAccess($entity, $operation)); } } // No opinion. return AccessResult::neutral(); }
/** * Checks access to create an entity of any bundle for the given route. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parameterized route. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) { $entity_type_id = $route->getRequirement($this->requirementsKey); $entity_type = $this->entityTypeManager->getDefinition($entity_type_id); $access_control_handler = $this->entityTypeManager->getAccessControlHandler($entity_type_id); // In case there is no "bundle" entity key, check create access with no // bundle specified. if (!$entity_type->hasKey('bundle')) { return $access_control_handler->createAccess(NULL, $account, [], TRUE); } $access = AccessResult::neutral(); $bundles = array_keys($this->entityTypeBundleInfo->getBundleInfo($entity_type_id)); // Include list cache tag as access might change if more bundles are added. if ($entity_type->getBundleEntityType()) { $access->addCacheTags($this->entityTypeManager->getDefinition($entity_type->getBundleEntityType())->getListCacheTags()); // Check if the user is allowed to create new bundles. If so, allow // access, so the add page can show a link to create one. // @see \Drupal\Core\Entity\Controller\EntityController::addPage() $bundle_access_control_handler = $this->entityTypeManager->getAccessControlHandler($entity_type->getBundleEntityType()); $access = $access->orIf($bundle_access_control_handler->createAccess(NULL, $account, [], TRUE)); if ($access->isAllowed()) { return $access; } } // Check whether an entity of any bundle may be created. foreach ($bundles as $bundle) { $access = $access->orIf($access_control_handler->createAccess($bundle, $account, [], TRUE)); // In case there is a least one bundle user can create entities for, // access is allowed. if ($access->isAllowed()) { break; } } return $access; }
/** * Checks routing access for the node revision. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param int $node_revision * (optional) The node revision ID. If not specified, but $node is, access * is checked for that object's revision. * @param \Drupal\node\NodeInterface $node * (optional) A node object. Used for checking access to a node's default * revision when $node_revision is unspecified. Ignored when $node_revision * is specified. If neither $node_revision nor $node are specified, then * access is denied. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL) { if ($node_revision) { $node = $this->nodeStorage->loadRevision($node_revision); } $operation = $route->getRequirement('_access_node_revision'); return AccessResult::allowedIf($node && $this->checkAccess($node, $account, $operation))->cachePerPermissions(); }
/** * Checks routing access for the support_ticket revision. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param int $support_ticket_revision * (optional) The support_ticket revision ID. If not specified, but * $support_ticket is, access is checked for that object's revision. * @param \Drupal\support_ticket\SupportTicketInterface $support_ticket * (optional) A support_ticket object. Used for checking access to a * support_ticket's default revision when $support_ticket_revision is * unspecified. Ignored when $support_ticket_revision is specified. If neither * $support_ticket_revision nor $support_ticket are specified, then access is * denied. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, AccountInterface $account, $support_ticket_revision = NULL, SupportTicketInterface $support_ticket = NULL) { if ($support_ticket_revision) { $support_ticket = $this->supportTicketStorage->loadRevision($support_ticket_revision); } $operation = $route->getRequirement('_access_support_ticket_revision'); return AccessResult::allowedIf($support_ticket && $this->checkAccess($support_ticket, $account, $operation))->cachePerPermissions(); }
/** * Checks routing access for the node revision. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param int $node_revision * (optional) The node revision ID. If not specified, but $node is, access * is checked for that object's revision. * @param \Drupal\node\NodeInterface $node * (optional) A node object. Used for checking access to a node's default * revision when $node_revision is unspecified. Ignored when $node_revision * is specified. If neither $node_revision nor $node are specified, then * access is denied. * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(Route $route, AccountInterface $account, $node_revision = NULL, NodeInterface $node = NULL) { if ($node_revision) { $node = $this->nodeStorage->loadRevision($node_revision); } $operation = $route->getRequirement('_access_node_revision'); return $node && $this->checkAccess($node, $account, $operation) ? static::ALLOW : static::DENY; }
/** * {@inheritDoc} */ protected function handleRouteRequirements($pathinfo, $name, Route $route) { // check HTTP scheme requirement $scheme = $route->getRequirement('_scheme'); if ($scheme && $this->context->getScheme() !== $scheme) { return array(self::ROUTE_MATCH, $this->redirect($pathinfo, $name, $scheme)); } return array(self::REQUIREMENT_MATCH, null); }
/** * {@inheritdoc} */ public function access(Route $route, AccountInterface $account, RouteMatchInterface $route_match, $entity_revision = NULL, $_entity_revision = NULL) { $entity = $_entity_revision ?: $this->extractEntityFromRouteMatch($route_match); if ($entity_revision) { $entity = $this->entityManager->getStorage($entity->getEntityTypeId())->loadRevision($entity_revision); } $operation = $route->getRequirement('_entity_access_revision'); list(, $operation) = explode('.', $operation, 2); return AccessResult::allowedIf($entity && $this->checkAccess($entity, $account, $operation))->cachePerPermissions(); }
/** * {@inheritdoc} */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) { // Backup the original requirements. $original_requirements = $route->getRequirements(); // Replace it with our entity access value and run the parent access check. $route->setRequirement('_entity_access', $route->getRequirement('_page_access')); $access = parent::access($route, $route_match, $account); // Restore the original requirements. $route->setRequirements($original_requirements); return $access; }
public function access(Route $route, RouteMatch $match, AccountInterface $account) { $tempstore_id = $route->getDefault('tempstore_id'); $id = $match->getParameter($route->getRequirement('_ctools_access')); if ($tempstore_id && $id) { $cached_values = $this->getTempstore()->get($tempstore_id)->get($id); if (!empty($cached_values['access']) && $cached_values['access'] instanceof CToolsAccessInterface) { return $cached_values['access']->access($account); } } return AccessResult::forbidden(); }
/** * Checks access. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, AccountInterface $account) { $permission = $route->getRequirement('_permission'); // Allow to conjunct the permissions with OR ('+') or AND (','). $split = explode(',', $permission); if (count($split) > 1) { return AccessResult::allowedIfHasPermissions($account, $split, 'AND'); } else { $split = explode('+', $permission); return AccessResult::allowedIfHasPermissions($account, $split, 'OR'); } }
/** * get collection and id from route * * @param Route $route route to look at * @param string $value value of reference as URI * * @return array */ private function getDataFromRoute(Route $route, $value) { if ($route->getRequirement('id') !== null && $route->getMethods() === ['GET'] && preg_match($route->compile()->getRegex(), $value, $matches)) { $id = $matches['id']; list($routeService) = explode(':', $route->getDefault('_controller')); list($core, $bundle, , $name) = explode('.', $routeService); $serviceName = implode('.', [$core, $bundle, 'rest', $name]); $collection = array_search($serviceName, $this->mapping); return [$collection, $id]; } return [null, null]; }
/** * {@inheritdoc} */ protected function handleRouteRequirements($pathinfo, $name, Route $route) { // expression condition if ($route->getCondition() && !$this->getExpressionLanguage()->evaluate($route->getCondition(), array('context' => $this->context, 'request' => $this->request))) { return array(self::REQUIREMENT_MISMATCH, null); } // check HTTP scheme requirement $scheme = $route->getRequirement('_scheme'); if ($scheme && $this->context->getScheme() !== $scheme) { return array(self::ROUTE_MATCH, $this->redirect($pathinfo, $name, $scheme)); } return array(self::REQUIREMENT_MATCH, null); }
/** * Loads the default revision of the entity this route is for. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parametrized route * * @return ContentEntityInterface|null * returns the Entity in question, or NULL if for some reason no entity * is available. */ protected function loadEntity(Route $route, RouteMatchInterface $route_match) { // Split the entity type and the operation. $requirement = $route->getRequirement('_entity_access'); list($entity_type, $operation) = explode('.', $requirement); // If there is valid entity of the given entity type, check its access. $parameters = $route_match->getParameters(); if ($parameters->has($entity_type)) { $entity = $parameters->get($entity_type); if ($entity instanceof EntityInterface) { return $entity; } } return NULL; }
/** * {@inheritdoc} */ public function access(Route $route, AccountInterface $account, Request $request = NULL) { if (empty($request)) { $request = $this->requestStack->getCurrentRequest(); } $operation = $route->getRequirement('_entity_access_revision'); list(, $operation) = explode('.', $operation, 2); if ($operation === 'list') { $_entity = $request->attributes->get('_entity', $request->attributes->get($route->getOption('entity_type_id'))); return AccessResult::allowedIf($this->checkAccess($_entity, $account, $operation))->cachePerPermissions(); } else { $_entity_revision = $request->attributes->get('_entity_revision'); return AccessResult::allowedIf($_entity_revision && $this->checkAccess($_entity_revision, $account, $operation))->cachePerPermissions(); } }
/** * Checks access to the entity operation on the given route. * * The value of the '_entity_access' key must be in the pattern * 'entity_type.operation.' The entity type must match the {entity_type} * parameter in the route pattern. This will check a node for 'update' access: * @code * pattern: '/foo/{node}/bar' * requirements: * _entity_access: 'node.update' * @endcode * Available operations are 'view', 'update', 'create', and 'delete'. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Symfony\Component\HttpFoundation\Request $request * The request object. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(Route $route, Request $request, AccountInterface $account) { // Split the entity type and the operation. $requirement = $route->getRequirement('_entity_access'); list($entity_type, $operation) = explode('.', $requirement); // If there is valid entity of the given entity type, check its access. if ($request->attributes->has($entity_type)) { $entity = $request->attributes->get($entity_type); if ($entity instanceof EntityInterface) { return $entity->access($operation, $account) ? static::ALLOW : static::DENY; } } // No opinion, so other access checks should decide if access should be // allowed or not. return static::DENY; }
/** * Checks operation access on the field collection item's host's revisions. * * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * TODO: Document params * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(Route $route, AccountInterface $account, $field_collection_item_revision = NULL, FieldCollectionItem $field_collection_item = NULL) { if ($field_collection_item_revision) { $field_collection_item = \Drupal::entityTypeManager()->getStorage('field_collection_item')->loadRevision($field_collection_item_revision); } $operation = $route->getRequirement('_access_field_collection_item_host_revisions'); $host = $field_collection_item->getHost(); if ($host->getEntityType()->id() == 'node') { return AccessResult::allowedIf($account->hasPermission($operation . ' ' . $host->getType() . ' revisions')); } else { if ($host->getEntityType()->id() == 'field_collection_item') { return $this->access($route, $account, $host->revision_id, $host); } else { return AccessResult::allowedIf($field_collection_item && $field_collection_item->getHost()->access($operation, $account))->cachePerPermissions(); } } }
/** * Checks access to the entity operation on the given route. * * The value of the '_entity_access' key must be in the pattern * 'entity_type.operation.' The entity type must match the {entity_type} * parameter in the route pattern. This will check a node for 'update' access: * @code * pattern: '/foo/{node}/bar' * requirements: * _entity_access: 'node.update' * @endcode * Available operations are 'view', 'update', 'create', and 'delete'. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parametrized route * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) { // Split the entity type and the operation. $requirement = $route->getRequirement('_entity_access'); list($entity_type, $operation) = explode('.', $requirement); // If there is valid entity of the given entity type, check its access. $parameters = $route_match->getParameters(); if ($parameters->has($entity_type)) { $entity = $parameters->get($entity_type); if ($entity instanceof EntityInterface) { return $entity->access($operation, $account, TRUE); } } // No opinion, so other access checks should decide if access should be // allowed or not. return AccessResult::neutral(); }
/** * Checks access to create the entity type and bundle for the given route. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parametrized route. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) { list($entity_type, $bundle) = explode(':', $route->getRequirement($this->requirementsKey) . ':'); // The bundle argument can contain request argument placeholders like // {name}, loop over the raw variables and attempt to replace them in the // bundle name. If a placeholder does not exist, it won't get replaced. if ($bundle && strpos($bundle, '{') !== FALSE) { foreach ($route_match->getRawParameters()->all() as $name => $value) { $bundle = str_replace('{' . $name . '}', $value, $bundle); } // If we were unable to replace all placeholders, deny access. if (strpos($bundle, '{') !== FALSE) { return AccessResult::neutral(); } } return $this->entityManager->getAccessControlHandler($entity_type)->createAccess($bundle, $account, [], TRUE); }
/** * Tries to match a URL with an individual route. * * @param $pathinfo * @param $name * @param BaseRoute $route * @return array|null */ protected function matchRoute($pathinfo, $name, BaseRoute $route) { $compiledRoute = $route->compile(); // check the static prefix of the URL first. Only use the more expensive preg_match when it matches if ('' !== $compiledRoute->getStaticPrefix() && 0 !== strpos($pathinfo, $compiledRoute->getStaticPrefix())) { return null; } if (!preg_match($compiledRoute->getRegex(), $pathinfo, $matches)) { return null; } $hostMatches = array(); if ($compiledRoute->getHostRegex() && !preg_match($compiledRoute->getHostRegex(), $this->context->getHost(), $hostMatches)) { return null; } // check HTTP method requirement if ($req = $route->getRequirement('_method')) { // HEAD and GET are equivalent as per RFC if ('HEAD' === ($method = $this->context->getMethod())) { $method = 'GET'; } if (!in_array($method, $req = explode('|', strtoupper($req)))) { $this->allow = array_merge($this->allow, $req); return null; } } $status = $this->handleRouteRequirements($pathinfo, $name, $route); if (self::ROUTE_MATCH === $status[0]) { return $status[1]; } if (self::REQUIREMENT_MISMATCH === $status[0]) { return null; } $attrs = $this->getAttributes($route, $name, array_replace($matches, $hostMatches)); if ($route instanceof Route) { foreach ($route->getMatchCallbacks() as $callback) { $ret = call_user_func($callback, $attrs); if ($ret === false) { return null; } if (is_array($ret)) { $attrs = $ret; } } } return $attrs; }
/** * Checks translation access for the entity and operation on the given route. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The parametrized route. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param string $source * (optional) For a create operation, the language code of the source. * @param string $target * (optional) For a create operation, the language code of the translation. * @param string $language * (optional) For an update or delete operation, the language code of the * translation being updated or deleted. * @param string $entity_type_id * (optional) The entity type ID. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account, $source = NULL, $target = NULL, $language = NULL, $entity_type_id = NULL) { /* @var \Drupal\Core\Entity\ContentEntityInterface $entity */ if ($entity = $route_match->getParameter($entity_type_id)) { $operation = $route->getRequirement('_access_content_translation_manage'); $language = $this->languageManager->getLanguage($language) ?: $this->languageManager->getCurrentLanguage(LanguageInterface::TYPE_CONTENT); $entity_type = $this->entityManager->getDefinition($entity_type_id); if (in_array($operation, ['update', 'delete'])) { // Translation operations cannot be performed on the default // translation. if ($language->getId() == $entity->getUntranslated()->language()->getId()) { return AccessResult::forbidden()->addCacheableDependency($entity); } // Editors have no access to the translation operations, as entity // access already grants them an equal or greater access level. $templates = ['update' => 'edit-form', 'delete' => 'delete-form']; if ($entity->access($operation) && $entity_type->hasLinkTemplate($templates[$operation])) { return AccessResult::forbidden()->cachePerPermissions(); } } if ($account->hasPermission('translate any entity')) { return AccessResult::allowed()->cachePerPermissions(); } /* @var \Drupal\content_translation\ContentTranslationHandlerInterface $handler */ $handler = $this->entityManager->getHandler($entity->getEntityTypeId(), 'translation'); // Load translation. $translations = $entity->getTranslationLanguages(); $languages = $this->languageManager->getLanguages(); switch ($operation) { case 'create': $source_language = $this->languageManager->getLanguage($source) ?: $entity->language(); $target_language = $this->languageManager->getLanguage($target) ?: $this->languageManager->getCurrentLanguage(LanguageInterface::TYPE_CONTENT); $is_new_translation = $source_language->getId() != $target_language->getId() && isset($languages[$source_language->getId()]) && isset($languages[$target_language->getId()]) && !isset($translations[$target_language->getId()]); return AccessResult::allowedIf($is_new_translation)->cachePerPermissions()->addCacheableDependency($entity)->andIf($handler->getTranslationAccess($entity, $operation)); case 'delete': case 'update': $has_translation = isset($languages[$language->getId()]) && $language->getId() != $entity->getUntranslated()->language()->getId() && isset($translations[$language->getId()]); return AccessResult::allowedIf($has_translation)->cachePerPermissions()->addCacheableDependency($entity)->andIf($handler->getTranslationAccess($entity, $operation)); } } // No opinion. return AccessResult::neutral(); }
public function access(Route $route, RouteMatch $match, AccountInterface $account) { $tempstore_id = $match->getParameter('tempstore_id') ? $match->getParameter('tempstore_id') : $route->getDefault('tempstore_id'); $id = $match->getParameter($route->getRequirement('_ctools_access')); if ($tempstore_id && $id) { $cached_values = $this->getTempstore()->get($tempstore_id)->get($id); if (!empty($cached_values['access']) && $cached_values['access'] instanceof CToolsAccessInterface) { $access = $cached_values['access']->access($account); } else { $access = AccessResult::allowed(); } } else { $access = AccessResult::forbidden(); } // The different wizards will have different tempstore ids and adding this // cache context allows us to nuance the access per wizard. $access->addCacheContexts(['url.query_args:tempstore_id']); return $access; }
/** * Checks access. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(Route $route, AccountInterface $account) { // Requirements just allow strings, so this might be a comma separated list. $rid_string = $route->getRequirement('_role'); $explode_and = array_filter(array_map('trim', explode(',', $rid_string))); if (count($explode_and) > 1) { $diff = array_diff($explode_and, $account->getRoles()); if (empty($diff)) { return AccessResult::allowed()->cachePerRole(); } } else { $explode_or = array_filter(array_map('trim', explode('+', $rid_string))); $intersection = array_intersect($explode_or, $account->getRoles()); if (!empty($intersection)) { return AccessResult::allowed()->cachePerRole(); } } // If there is no allowed role, give other access checks a chance. return AccessResult::neutral()->cachePerRole(); }
/** * Checks access to the form mode. * * @param \Symfony\Component\Routing\Route $route * The route to check against. * @param \Symfony\Component\HttpFoundation\Request $request * The request object. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * @param string $form_mode_name * (optional) The form mode. Defaults to 'default'. * @param string $bundle * (optional) The bundle. Different entity types can have different names * for their bundle key, so if not specified on the route via a {bundle} * parameter, the access checker determines the appropriate key name, and * gets the value from the corresponding request attribute. For example, * for nodes, the bundle key is "node_type", so the value would be * available via the {node_type} parameter rather than a {bundle} * parameter. * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(Route $route, Request $request, AccountInterface $account, $form_mode_name = 'default', $bundle = NULL) { if ($entity_type_id = $route->getDefault('entity_type_id')) { if (!isset($bundle)) { $entity_type = $this->entityManager->getDefinition($entity_type_id); $bundle = $request->attributes->get('_raw_variables')->get($entity_type->getBundleEntityType()); } $visibility = FALSE; if ($form_mode_name == 'default') { $visibility = TRUE; } elseif ($entity_display = $this->entityManager->getStorage('entity_form_display')->load($entity_type_id . '.' . $bundle . '.' . $form_mode_name)) { $visibility = $entity_display->status(); } if ($visibility) { $permission = $route->getRequirement('_field_ui_form_mode_access'); return $account->hasPermission($permission) ? static::ALLOW : static::DENY; } } return static::DENY; }