allowedIfHasPermissions example


  public function access(Route $route, AccountInterface $account) {
    $permission = $route->getRequirement('_permission');

    if ($permission === NULL) {
      return AccessResult::neutral();
    }

    // Allow to conjunct the permissions with OR ('+') or AND (',').     $split = explode(',', $permission);
    if (count($split) > 1) {
      return AccessResult::allowedIfHasPermissions($account$split, 'AND');
    }
    else {
      $split = explode('+', $permission);
      return AccessResult::allowedIfHasPermissions($account$split, 'OR');
    }
  }

}
default:
        // No opinion.         return AccessResult::neutral()->cachePerPermissions();
    }
  }

  /** * {@inheritdoc} */
  protected function checkCreateAccess(AccountInterface $account, array $context$entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermissions($account["create terms in $entity_bundle", 'administer taxonomy'], 'OR');
  }

}

  protected function checkAccess(EntityInterface $entity$operation, AccountInterface $account) {
    assert($entity instanceof BlockContentInterface);
    $bundle = $entity->bundle();
    $forbidIfNotDefaultAndLatest = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isDefaultRevision() && $entity->isLatestRevision());
    $forbidIfNotReusable = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isReusable() === FALSE, sprintf('Block content must be reusable to use `%s` operation', $operation));
    $access = match ($operation) {
      // Allow view and update access to user with the 'edit any (type) block       // content' permission or the 'administer blocks' permission.       'view' => AccessResult::allowedIf($entity->isPublished())
        ->orIf(AccessResult::allowedIfHasPermissions($account[
          'access block library',
        ]))->orIf(AccessResult::allowedIfHasPermissions($account[
          'administer block content',
        ])),
      'update' => AccessResult::allowedIfHasPermissions($account[
        'access block library',
        'edit any ' . $bundle . ' block content',
      ])->orIf(AccessResult::allowedIfHasPermissions($account[
        'administer block content',
      ])),
      'delete' => AccessResult::allowedIfHasPermissions($account[
        
default:
        // No opinion.         return AccessResult::neutral();
    }
  }

  /** * {@inheritdoc} */
  protected function checkCreateAccess(AccountInterface $account, array $context$entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermission($account, 'administer shortcuts')->orIf(AccessResult::allowedIfHasPermissions($account['access shortcuts', 'customize shortcut links'], 'AND'));
  }

}
      return AccessResult::allowedIf(!$entity->isLatestRevision() && in_array('delete revision', $labels, TRUE));
    }

    // No opinion.     return AccessResult::neutral();
  }

  /** * {@inheritdoc} */
  protected function checkCreateAccess(AccountInterface $account, array $context$entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermissions($account[
      'administer entity_test content',
      'administer entity_test_with_bundle content',
      'create ' . $entity_bundle . ' entity_test_with_bundle entities',
    ], 'OR');
  }

}

function hook_jsonapi_ENTITY_TYPE_filter_access(\Drupal\Core\Entity\EntityTypeInterface $entity_type, \Drupal\Core\Session\AccountInterface $account) {
  return ([
    JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'administer llamas'),
    JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowedIfHasPermission($account, 'view all published llamas'),
    JSONAPI_FILTER_AMONG_OWN => AccessResult::allowedIfHasPermissions($account['view own published llamas', 'view own unpublished llamas'], 'AND'),
  ]);
}

/** * Restricts filtering access to the given field. * * Some fields may contain sensitive information. In these cases, modules are * supposed to implement hook_entity_field_access(). However, this hook receives * an optional `$items` argument and often must return AccessResult::neutral() * when `$items === NULL`. This is because access may or may not be allowed * based on the field items or based on the entity on which the field is * attached (if the user is the entity owner, for example). * * Since JSON:API must check field access prior to having a field item list * instance available (access must be checked before a database query is made), * it is not sufficiently secure to check field 'view' access alone. * * This hook exists so that modules which cannot return * AccessResult::forbidden() from hook_entity_field_access() can still secure * JSON:API requests where necessary. * * If a corresponding implementation of hook_entity_field_access() *can* be * forbidden for one or more values of the `$items` argument, this hook *MUST* * return AccessResult::forbidden(). * * @param \Drupal\Core\Field\FieldDefinitionInterface $field_definition * The field definition of the field to be filtered upon. * @param \Drupal\Core\Session\AccountInterface $account * The account for which to check access. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */
$this->list[0] = $this->createItem(0, $value);
  }

  /** * {@inheritdoc} */
  public function defaultAccess($operation = 'view', AccountInterface $account = NULL) {
    if ($operation == 'view') {
      return AccessResult::allowed();
    }
    return AccessResult::allowedIfHasPermissions($account['create url aliases', 'administer url aliases'], 'OR')->cachePerPermissions();
  }

  /** * {@inheritdoc} */
  public function delete() {
    // Delete all aliases associated with this entity in the current language.     $entity = $this->getEntity();
    $path_alias_storage = \Drupal::entityTypeManager()->getStorage('path_alias');
    $entities = $path_alias_storage->loadByProperties([
      'path' => '/' . $entity->toUrl()->getInternalPath(),
      

class VocabularyAccessControlHandler extends EntityAccessControlHandler {

  /** * {@inheritdoc} */
  protected function checkAccess(EntityInterface $entity$operation, AccountInterface $account) {
    switch ($operation) {
      case 'access taxonomy overview':
      case 'view':
        return AccessResult::allowedIfHasPermissions($account['access taxonomy overview', 'administer taxonomy'], 'OR');

      case 'reset all weights':
        return AccessResult::allowedIfHasPermissions($account[
          'administer taxonomy',
          'edit terms in ' . $entity->id(),
        ], 'OR');

      default:
        return parent::checkAccess($entity$operation$account);
    }
  }

}
->cachePerUser()
        ->addCacheableDependency($entity);
    }

    return $access_result;
  }

  /** * {@inheritdoc} */
  protected function checkCreateAccess(AccountInterface $account, array $context$entity_bundle = NULL) {
    return AccessResult::allowedIfHasPermissions($account['administer workspaces', 'create workspace'], 'OR');
  }

}
$account->expects($this->any())
      ->method('hasPermission')
      ->willReturnMap([
        ['allowed', TRUE],
        ['denied', FALSE],
      ]);

    if ($permissions) {
      $expected_access->cachePerPermissions();
    }

    $access_result = AccessResult::allowedIfHasPermissions($account$permissions$conjunction);
    $this->assertEquals($expected_access$access_result);
  }

  /** * Provides data for the testAllowedIfHasPermissions() method. * * @return array */
  public function providerTestAllowedIfHasPermissions() {
    $access_result = AccessResult::allowedIf(FALSE);
    $data[] = [[], 'AND', $access_result];
    


  /** * {@inheritdoc} */
  protected function checkCreateAccess(AccountInterface $account, array $context$entity_bundle = NULL) {
    $permissions = [
      'administer media',
      'create media',
      'create ' . $entity_bundle . ' media',
    ];
    return AccessResult::allowedIfHasPermissions($account$permissions, 'OR');
  }

}

  public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) {
    // This tab should not show up unless there's a reason to show it.     $entity = $this->loadEntity($route$route_match);
    if ($this->moderationInfo->hasPendingRevision($entity)) {
      // Check the global permissions first.       $access_result = AccessResult::allowedIfHasPermissions($account['view latest version', 'view any unpublished content']);
      if (!$access_result->isAllowed()) {
        // Check entity owner access.         $owner_access = AccessResult::allowedIfHasPermissions($account['view latest version', 'view own unpublished content']);
        $owner_access = $owner_access->andIf((AccessResult::allowedIf($entity instanceof EntityOwnerInterface && ($entity->getOwnerId() == $account->id()))));
        $access_result = $access_result->orIf($owner_access);
      }

      return $access_result->addCacheableDependency($entity);
    }

    return AccessResult::forbidden('No pending revision for moderated entity.')->addCacheableDependency($entity);
  }

class TourAccessControlHandler extends EntityAccessControlHandler {

  /** * {@inheritdoc} */
  protected function checkAccess(EntityInterface $entity$operation, AccountInterface $account) {
    if ($operation === 'view') {
      return AccessResult::allowedIfHasPermissions($account['access tour', 'administer site configuration'], 'OR');
    }

    return parent::checkAccess($entity$operation$account);
  }

}
Home | Imprint | This part of the site doesn't use cookies.