CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
allowedIfHasPermissions example
public function access(Route $route, AccountInterface $account) {
$permission = $route->getRequirement('_permission');
if ($permission === NULL) {
return AccessResult::neutral();
}
// Allow to conjunct the permissions with OR ('+') or AND (','). $split = explode(',', $permission);
if (count($split) > 1) {
return AccessResult::allowedIfHasPermissions($account, $split, 'AND');
}
else {
$split = explode('+', $permission);
return AccessResult::allowedIfHasPermissions($account, $split, 'OR');
}
}
}
default:
// No opinion. return AccessResult::neutral()->cachePerPermissions();
}
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermissions($account, ["create terms in $entity_bundle", 'administer taxonomy'], 'OR');
}
}
// No opinion. return AccessResult::neutral()->cachePerPermissions();
}
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermissions($account, ["create terms in $entity_bundle", 'administer taxonomy'], 'OR');
}
}
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
assert($entity instanceof BlockContentInterface);
$bundle = $entity->bundle();
$forbidIfNotDefaultAndLatest = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isDefaultRevision() && $entity->isLatestRevision());
$forbidIfNotReusable = fn (): AccessResultInterface => AccessResult::forbiddenIf($entity->isReusable() === FALSE, sprintf('Block content must be reusable to use `%s` operation', $operation));
$access = match ($operation) {
// Allow view and update access to user with the 'edit any (type) block // content' permission or the 'administer blocks' permission. 'view' => AccessResult::allowedIf($entity->isPublished())
->orIf(AccessResult::allowedIfHasPermissions($account, [
'access block library',
]))->orIf(AccessResult::allowedIfHasPermissions($account, [
'administer block content',
])),
'update' => AccessResult::allowedIfHasPermissions($account, [
'access block library',
'edit any ' . $bundle . ' block content',
])->orIf(AccessResult::allowedIfHasPermissions($account, [
'administer block content',
])),
'delete' => AccessResult::allowedIfHasPermissions($account, [
default:
// No opinion. return AccessResult::neutral();
}
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermission($account, 'administer shortcuts')->orIf(AccessResult::allowedIfHasPermissions($account, ['access shortcuts', 'customize shortcut links'], 'AND'));
}
}
// No opinion. return AccessResult::neutral();
}
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermission($account, 'administer shortcuts')->orIf(AccessResult::allowedIfHasPermissions($account, ['access shortcuts', 'customize shortcut links'], 'AND'));
}
}
return AccessResult::allowedIf(!$entity->isLatestRevision() && in_array('delete revision', $labels, TRUE));
}
// No opinion. return AccessResult::neutral();
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermissions($account, [
'administer entity_test content',
'administer entity_test_with_bundle content',
'create ' . $entity_bundle . ' entity_test_with_bundle entities',
], 'OR');
}
}
}
// No opinion. return AccessResult::neutral();
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermissions($account, [
'administer entity_test content',
'administer entity_test_with_bundle content',
'create ' . $entity_bundle . ' entity_test_with_bundle entities',
], 'OR');
}
}
function hook_jsonapi_ENTITY_TYPE_filter_access(\Drupal\Core\Entity\EntityTypeInterface $entity_type, \Drupal\Core\Session\AccountInterface $account) {
return ([
JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'administer llamas'),
JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowedIfHasPermission($account, 'view all published llamas'),
JSONAPI_FILTER_AMONG_OWN => AccessResult::allowedIfHasPermissions($account, ['view own published llamas', 'view own unpublished llamas'], 'AND'),
]);
}
/** * Restricts filtering access to the given field. * * Some fields may contain sensitive information. In these cases, modules are * supposed to implement hook_entity_field_access(). However, this hook receives * an optional `$items` argument and often must return AccessResult::neutral() * when `$items === NULL`. This is because access may or may not be allowed * based on the field items or based on the entity on which the field is * attached (if the user is the entity owner, for example). * * Since JSON:API must check field access prior to having a field item list * instance available (access must be checked before a database query is made), * it is not sufficiently secure to check field 'view' access alone. * * This hook exists so that modules which cannot return * AccessResult::forbidden() from hook_entity_field_access() can still secure * JSON:API requests where necessary. * * If a corresponding implementation of hook_entity_field_access() *can* be * forbidden for one or more values of the `$items` argument, this hook *MUST* * return AccessResult::forbidden(). * * @param \Drupal\Core\Field\FieldDefinitionInterface $field_definition * The field definition of the field to be filtered upon. * @param \Drupal\Core\Session\AccountInterface $account * The account for which to check access. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */
$this->list[0] = $this->createItem(0, $value);
}
/** * {@inheritdoc} */
public function defaultAccess($operation = 'view', AccountInterface $account = NULL) {
if ($operation == 'view') {
return AccessResult::allowed();
}
return AccessResult::allowedIfHasPermissions($account, ['create url aliases', 'administer url aliases'], 'OR')->cachePerPermissions();
}
/** * {@inheritdoc} */
public function delete() {
// Delete all aliases associated with this entity in the current language. $entity = $this->getEntity();
$path_alias_storage = \Drupal::entityTypeManager()->getStorage('path_alias');
$entities = $path_alias_storage->loadByProperties([
'path' => '/' . $entity->toUrl()->getInternalPath(),
}
/** * {@inheritdoc} */
public function defaultAccess($operation = 'view', AccountInterface $account = NULL) {
if ($operation == 'view') {
return AccessResult::allowed();
}
return AccessResult::allowedIfHasPermissions($account, ['create url aliases', 'administer url aliases'], 'OR')->cachePerPermissions();
}
/** * {@inheritdoc} */
public function delete() {
// Delete all aliases associated with this entity in the current language. $entity = $this->getEntity();
$path_alias_storage = \Drupal::entityTypeManager()->getStorage('path_alias');
$entities = $path_alias_storage->loadByProperties([
'path' => '/' . $entity->toUrl()->getInternalPath(),
class VocabularyAccessControlHandler extends EntityAccessControlHandler {
/** * {@inheritdoc} */
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
switch ($operation) {
case 'access taxonomy overview':
case 'view':
return AccessResult::allowedIfHasPermissions($account, ['access taxonomy overview', 'administer taxonomy'], 'OR');
case 'reset all weights':
return AccessResult::allowedIfHasPermissions($account, [
'administer taxonomy',
'edit terms in ' . $entity->id(),
], 'OR');
default:
return parent::checkAccess($entity, $operation, $account);
}
}
}
->cachePerUser()
->addCacheableDependency($entity);
}
return $access_result;
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermissions($account, ['administer workspaces', 'create workspace'], 'OR');
}
}
->addCacheableDependency($entity);
}
return $access_result;
}
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
return AccessResult::allowedIfHasPermissions($account, ['administer workspaces', 'create workspace'], 'OR');
}
}
$account->expects($this->any())
->method('hasPermission')
->willReturnMap([
['allowed', TRUE],
['denied', FALSE],
]);
if ($permissions) {
$expected_access->cachePerPermissions();
}
$access_result = AccessResult::allowedIfHasPermissions($account, $permissions, $conjunction);
$this->assertEquals($expected_access, $access_result);
}
/** * Provides data for the testAllowedIfHasPermissions() method. * * @return array */
public function providerTestAllowedIfHasPermissions() {
$access_result = AccessResult::allowedIf(FALSE);
$data[] = [[], 'AND', $access_result];
->method('hasPermission')
->willReturnMap([
['allowed', TRUE],
['denied', FALSE],
]);
if ($permissions) {
$expected_access->cachePerPermissions();
}
$access_result = AccessResult::allowedIfHasPermissions($account, $permissions, $conjunction);
$this->assertEquals($expected_access, $access_result);
}
/** * Provides data for the testAllowedIfHasPermissions() method. * * @return array */
public function providerTestAllowedIfHasPermissions() {
$access_result = AccessResult::allowedIf(FALSE);
$data[] = [[], 'AND', $access_result];
/** * {@inheritdoc} */
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
$permissions = [
'administer media',
'create media',
'create ' . $entity_bundle . ' media',
];
return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
}
}
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) {
// This tab should not show up unless there's a reason to show it. $entity = $this->loadEntity($route, $route_match);
if ($this->moderationInfo->hasPendingRevision($entity)) {
// Check the global permissions first. $access_result = AccessResult::allowedIfHasPermissions($account, ['view latest version', 'view any unpublished content']);
if (!$access_result->isAllowed()) {
// Check entity owner access. $owner_access = AccessResult::allowedIfHasPermissions($account, ['view latest version', 'view own unpublished content']);
$owner_access = $owner_access->andIf((AccessResult::allowedIf($entity instanceof EntityOwnerInterface && ($entity->getOwnerId() == $account->id()))));
$access_result = $access_result->orIf($owner_access);
}
return $access_result->addCacheableDependency($entity);
}
return AccessResult::forbidden('No pending revision for moderated entity.')->addCacheableDependency($entity);
}
class TourAccessControlHandler extends EntityAccessControlHandler {
/** * {@inheritdoc} */
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
if ($operation === 'view') {
return AccessResult::allowedIfHasPermissions($account, ['access tour', 'administer site configuration'], 'OR');
}
return parent::checkAccess($entity, $operation, $account);
}
}