// Checking access on links is not about access to the link itself;
// it is about whether the current user has access to the route that is
// *targeted* by the link. This is done on a "best effort" basis. That
// is, some links target routes that depend on a request to determine if
// they're accessible or not. Some other links might target routes to
// which the current user will clearly not have access, in that case
// this code proactively removes those links from the response.
$access =
$link->
getUri()->
access($this->currentUser, TRUE
);
$cacheability = CacheableMetadata::
createFromObject($link)->
addCacheableDependency($access);
$normalized[$link_key] =
$access->
isAllowed() ?
new CacheableNormalization($cacheability,
$normalization) :
new CacheableOmission($cacheability);
} } return CacheableNormalization::
aggregate($normalized);
} /**
* Hashes a link using its href and its target attributes, if any.
*
* This method generates an unpredictable, but deterministic, 7 character
* alphanumeric hash for a given link.
*
* The hash is unpredictable because a random hash salt will be used for every
* request. The hash is deterministic because, within a single request, links
* with the same href and target attributes (i.o.w. duplicates) will generate
* equivalent hash values.
*
* @param \Drupal\jsonapi\JsonApiResource\Link $link
* A link to be hashed.
*
* @return string
* A 7 character alphanumeric hash.
*/